Encountering the 429 Too Many Requests error on your WordPress website can be frustrating. This error message appears when your website exceeds the limits of allowed web requests to your server. This can be caused by user abuse, poorly configured plug-ins, or even an attack on your site. In this article, we discuss in detail how to solve 429 Too Many Requests.
Identify the cause
Check plug-ins and themes
- Deactivate all plug-ins: Go to the WordPress dashboard, navigate to ‘Plug-ins’ and temporarily deactivate all plug-ins. If the error disappears, it’s probably due to a plugin.
- Enable plug-ins one by one: Re-enable plug-ins one by one to identify the culprit. Test your website after each activation.
- Check your theme: If the problem is not with the plugins, try switching to a default theme such as Twenty Twenty-One to see if the problem is with your theme.
Check server logs
- Access logs: Check which requests were made just before the error message. This may indicate specific actions or patterns that exceed limits.
- Error Logs: Look for specific error messages that may be related to the 429 Too Many Requests error.
Configure rate limiting
Install a firewall plugin: Plugins such as Wordfence can help set security rules and rate limiting. Set restrictions on how often an IP address may perform a particular action within a specified time interval.
Adjust server settings: If you have access to server configurations such as .htaccess (for Apache) or nginx.conf (for Nginx), you can set rules to limit the speed of requests.
Use caching
Install a caching plug-in: Plug-ins such as W3 Total Cache or WP Super Cache can reduce the load on your server by making pages static, which reduces the number of requests each user makes.
Configure browser caching: Set HTTP headers such as Cache-Control to determine how and when content should be stored in the visitor’s browser.
Optimize WordPress
Optimize your database: Use tools such as WP-Optimize to clean your WordPress database and remove unnecessary data.
Limit bot traffic: Use robot.txt or plug-ins to limit unnecessary scrapping and crawling from bots that may make many requests.
You can explicitly block certain bots known to cause problems through your .htaccess file. This is a powerful configuration that works at the server level:
Access .htaccess: You will find this file in the root folder of your WordPress installation. You can edit it through an FTP client or through your hosting account’s cPanel.
Block bots: Add the following lines to your .htaccess file to block specific bots. Replace BadBot with the name of the bot you want to block:
RewriteEngine On
RewriteCond %{HTTP_USER_AGENT} BadBot [NC,OR]
RewriteRule .* – -. [F,L]
Test the changes: After making changes to your .htaccess file, test your website to make sure everything is still working properly.
Limiting the crawl speed of Googlebot
Google allows you to limit the speed at which their bots crawl your site through the Google Search Console:
- Access Search Console: Log in to your Google Search Console account and select your site.
- Adjust crawl speed: Go to “Settings” and search for “Crawl speed. Here you can adjust the speed at which Google visits your site.
Implement CAPTCHAs
CAPTCHAs can help reduce automated form submission by bots. This is especially useful on login pages, comment sections and contact forms:
- Install a CAPTCHA plug-in: Plug-ins such as Google reCAPTCHA integrate with your forms to confirm that the user is not a bot.
- Configure CAPTCHA settings: Be sure to set the sensitivity and type of CAPTCHA (such as image selection or checkbox only) at a level that remains user-friendly.
With these steps the error should be fixed, are you not succeeding or can’t figure it out? If so, please contact us.
Receive more tips? Then subscribe to our newsletter.