HTTP 429 means Too Many Requests: the server (or a security layer) is rate-limiting requests from a client because there are too many requests in a short period of time.
1) Identify where the 429 is coming from
- If you use Cloudflare or another proxy/CDN, the 429 may be generated there (check the error page branding and response headers).
- If you are accessing the site directly, the 429 usually comes from the web server/WAF or your application (for example a WordPress security plugin).
2) Check your access logs in Plesk
- Log in to Plesk.
- Go to Websites & Domains → your domain → Logs.
- Look at requests around the time you see 429 and identify:
- the IP address
- the most frequent URL/path (often
/wp-login.php or /xmlrpc.php)
- user-agent (bot or browser)
3) Common causes (and fixes) for WordPress websites
- Brute-force login attempts (bots): enable a security plugin feature to limit login attempts, add CAPTCHA, and consider blocking aggressive IPs.
- Security plugins rate-limiting legitimate users: review the plugin settings (Wordfence, Limit Login Attempts, etc.). If you recently enabled a stricter rule, relax it.
- Too many admin-ajax/API calls: caching, disabling unnecessary plugins, and optimizing themes often helps.
- High traffic spikes: enable full-page caching (LiteSpeed Cache/LSCache for WordPress on GARMTECH hosting) and use CDN if needed.
4) If 429 happens when your site calls an external API
Sometimes 429 is returned by a third-party API your website uses. In that case:
- Implement retries with backoff (respect
Retry-After if provided).
- Cache API results to reduce repeated calls.
5) If you need server-side review
Open a ticket in My.GARMTECH and include: domain name, exact time (with timezone), your IP address, the URL that shows 429, and a screenshot/response header if possible. (/tickets/create/step1)
