How to Fix the “429 Too Many Requests” Error
Despite all the upsides WordPress has, every WordPress user is bound to experience some errors while running their website. These errors can confuse and even cause a sense of dread in users. Especially in cases when a new user runs into an error message that doesn’t reveal much about the nature of the error itself. One example of this is the 429 Too Many Redirects error. Therefore, we have decided to create this article, and explain all the common causes behind the error and different ways of solving it. We’ll show you how to tackle this issue by breaking it down into several smaller steps:
Understanding the 429 Too Many Requests Error
This error usually happens when a user sends an overwhelming amount of requests in a short time. The reasons for this vary. They can include repeated login attempts to your site, DDOS (distributed denial of service) attacks from attackers, faulty plugin codes, or other faulty codes. In most cases, the error message could be one of the following: 429 Error, HTTP 429, 429 Too Many Requests, or Error 429 (Too Many Requests). Rarely, the error can be resolved on its own. But, in the cases that it continues, it can make your site inaccessible to users and hamper your ability to log in to your dashboard at the same time, thus making the troubleshooting a bit more difficult.
How to solve the 429 Too Many Requests Error
As this error can sometimes vanish on its own, we suggest first waiting for a bit. If the issue persists, try using the troubleshooting suggestions we outlined below. Each of them has been known to solve the issue, so make sure to try all the methods described until you find the one that is helpful on your website.
Most frequently, attackers will try to brute-force log in to your WordPress website, causing a 429 Too Many Requests errors. Thus, your first line of defense is simply denying them that option by changing your default WordPress login URL. That login URL—your-site-url/wp-admin, as well as its alternatives your-site-url/login and your-site-url/wp-login.php, are well-known, and as such can be quite insecure. You can change the default WordPress login URL using the WPS Hide Login plugin. After installing the plugin, navigate to Settings > WPS Hide Login. Under Login url change the login part to a URL extension you prefer and feel safe with, and then press the Save changes button. We suggest that you implement an extension that is harder to guess and doesn’t include any of the default extensions.
Additionally, after changing the login extension, anyone trying to log in using any of the three before-mentioned default login URLs will be redirected to a 404 page.
Apart from attackers, the reason for the 429 Too Many Redirects error could lie in one of the plugins you are using. Some plugins might send an overwhelming amount of requests to the server and surpass its rate limit, thus causing the 429 error. Therefore, sometimes you can simply solve this error by pinpointing the faulty plugin and deactivating it. This troubleshooting step varies in difficulty based on whether you have access to your WordPress dashboard.
-
Deactivating all plugins from the dashboard
If you are experiencing the 429 error and still have access to your admin dashboard, navigate to Plugins > Installed Plugins, and select all plugins. You can do so by pressing the checkbox near the top of your screen, next to the Plugin label. Then, choose the Deactivate option in the dropdown menu and press the Apply button next to it, so this option is applied to all plugins.
Afterward, review your website to see if the 429 Too Many Redirects error has gone. If the error is no longer present, that means that it was caused by a faulty plugin.
-
Deactivating all plugins via FTP
If your dashboard access has been denied due to the 429 error, you will have to perform a similar process via FTP.
First, connect to your server using your FTP credentials and navigate to your root WordPress directory, often called public_html. Open the wp-content directory and find the plugins folder within. Right-click on the plugins folder and press on the Rename option.
You can rename the plugins folder as you like, but we suggest keeping the original folder name for reference and adding a self-explanatory suffix. For example, you can rename it into plugins.deactivated or plugins.backup.
By renaming the plugins folder you are deactivating all the plugins on your site since this will make them inaccessible. Of course, you should check your website to see whether the 429 error persists afterward. If you have regained control of your dashboard with the 429 error no longer present on your website, it means that the error was due to one of the plugins. The only remaining task is to pinpoint which one. To do so, restore the plugins folder’s original name (i.e. plugins) using the same method as earlier when we renamed it. This will make all your installed plugins accessible, but they will remain deactivated, which is ideal for the second part of this troubleshooting step.
After determining that the error was due to one of the plugins by using either of the two methods to disable them, it is time to locate the faulty plugin. To do so, log in to your dashboard and navigate to Plugins > Installed Plugins. Re-activate all your plugins, one at a time (by pressing the Activate button). After each reactivation, check your website to see if anything changes. Repeat this process until you see the error appear once more. That means the plugin you reactivated last is the culprit.
After pinpointing the plugin responsible for the 429 error, you should contact the plugin authors for help or consider replacing it with an alternative plugin.
In rare cases, the Really Simple SSL plugin could be the culprit behind your 429 error. The reason for it lies in the fact that your website could contain a large amount of insecure internal links that are forced to load over HTTPS using the plugin.
Simply deactivating the Really Simple SSL plugin (using the steps described in the previous section) could resolve the 429 Too Many Redirects error. However, to properly address the issue, you will need to change your internal links from HTTP to HTTPS. You can do so either by executing queries directly inside your database or by using database-altering plugins. We will explain the latter, more user-friendly, option.
To change URLs in your database, we suggest you use the Better Search Replace plugin. After installing the plugin, navigate to Tools > Better Search Replace.
Within the Search/Replace tab insert the labels that you are searching for and what you want to replace them with. Of course, these should be in the form of http://your-site-url.com and https://your-site-url.com, respectively. Needless to say, insert your actual website URL instead of the your-site-url part of the labels. Then, select the wp_postmeta table and press the Run Search/Replace button.
The option Run as dry run? will automatically be checked and we don’t suggest unchecking it for your first run. After pressing the button, you will see how many entries will be affected by this change without those changes being implemented. Afterward, if you are sure you want to proceed, repeat the same steps but don’t forget to uncheck the Run as dry run? option to apply URL changes.
When you’ve changed your internal links to HTTPS, the only thing that remains is to implement redirect rules inside your .htaccess file. This will ensure your users are always accessing the secure versions of your website pages, as well as prevent any future SSL-related 429 errors.
To do so, connect to your server using your FTP credentials and navigate to your root WordPress directory, where you can find the file named .htaccess. In case you aren’t able to find it, make sure to enable the options for showing hidden files within your chosen FTP client. After locating the .htaccess file, right-click on it, and choose the View/Edit option.
Open the file using any text editor and add the code given below.
<IfModule mod_rewrite.c> RewriteEngine On RewriteCond !{HTTPS} off RewriteRule ^(.*)$ https://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301] RewriteCond %{HTTP_HOST} !^www\. RewriteRule ^(.*)$ https://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301] </IfModule>
Save the changes you made and upload the file back to your server, thus overriding the current .htaccess file.
If you weren’t able to solve the error by deactivating your plugins, you should consider testing your theme as well. Use the same rigorous method of testing, as it could be possible that your theme is the culprit.
To test if your theme is responsible, you simply need to switch to one of the WordPress default themes, such as Twenty Twenty. If you haven’t done so already, we suggest installing one of the default themes, as it is a prerequisite for this step. After you install the theme, you can proceed to the testing. Much like the plugins section, the following steps differ based on whether you have access to your admin dashboard or not.
-
Changing your theme from the dashboard
If you still have access to the dashboard despite the 429 error, then simply navigate to Appearance > Themes to conduct the test. Find your default theme and press the Activate button next to it.
-
Changing your theme via FTP
If you are unable to login to your dashboard due to error, you will have to change your theme via FTP, the same way as you did for the plugins.
To do so, connect to your server using your FTP credentials and navigate to your root WordPress directory, often called public_html. Navigate to /wp-content/themes and find the folder of the theme you are currently using. Right-click on it and press on the Rename option.
Rename it following the same principles we used for the plugins
folder—using themename.deactivated or themename.backup, for example. This way you will deactivate the theme you were previously using and force WordPress to activate the default theme you previously installed.
After changing your theme to a default one using either of the methods, you only need to check your site, to conclude whether your theme is the culprit. If the 429 Too Many Redirects error has vanished after switching themes, then you can safely conclude that the theme you were using is to blame for the error. Having determined that, we suggest consulting the theme’s authors for help in solving this error.
If you have tried all the previous suggestions we made but were unable to solve the error, the reason for that could lie in your server and not your website. It is most likely that your hosting is blocking requests from certain third-party platforms or services (e.g. crawlers and search engines). In that case, we suggest contacting your hosting provider to remove the block, as it will solve the issue. Even if this is not the case, asking help from your hosting provider can be beneficial as they will be able to shine some light on the error you are having.
Final Thoughts
Getting any kind of WordPress error can be frustrating, and it’s the same with the 429 Too Many Redirects error. However, now you understand the reasons why this error appears and how to troubleshoot it. As you can see, the methods for fixing this error are quite straight-forward. And we are confident that you were able to solve the issue using one of the suggestions in this guide. Make sure to bookmark this article, to keep it on hand should this error reappear in the future.