Hi @simon-thrive, thanks for reaching out to us.
The “429 Too Many Requests” you’re seeing is actually a HTTP response rather than a Wordfence error page – which would come back with HTML containing our branding. However, it seems unusual this started happening in line with the latest Wordfence update. It could be related to checks made by the WAF when a request comes in causing the server to hit some sort of limit that has either been set by your host or in the configuration files.
Most commonly, we’ve seen this with Cloudflare rate limiting, or the max_questions value set on your server, but some hosts will restrict your ability to alter this.
I think the full response headers from the 429 response will likely indicate which component returned the error, which should help identify the rate limiting in this case.
You can see how to return the full response here. If you’re not using Chrome, most in-browser developer tools operate similarly in terms of their layouts now.
Thanks,
Peter.
Thanks very much for your response, Peter.
The full reposnse returns show all 200 status Codes ? I don’t understand what the issue can be then?
Hi @simon-thrive,
Are you getting the “200 OK” status on actual 429 error pages or have you been unable to reproduce this yourself and are seeing other visitors to your site experience these? I would expect the 200 status headers on your site when it is loading as normal.
I would certainly reach out to your hosts’ support channels to see if they know a (non-Wordfence) firewall rate limiting or PHP setting that might be causing these as they will also have access to your error logs.
It may also be of assistance to send us a diagnostic report to wftest @ wordfence . com. You can find the link to do so at the top of the Wordfence > Tools > Diagnostics page. Then click on “Send Report by Email”. Please add your forum username where indicated and respond here after you have sent it.
NOTE: It should look as follows – Screenshot of Tools > Diagnostic > Send by Email
Thanks again,
Peter.
@wfpeter
Diagnostic sent, thank you…
@wfpeter
Can you glean anything from the diagnostic ?
Hi @simon-thrive,
I am getting an issue reported in the diagnostic when attempting to connect back to your site:
wp_remote_post() test back to this server failed! Response was: cURL error 60: SSL certificate problem: certificate has expired
However on your public-facing site I can see that your certificate expires in January 2022 but I was getting one of your hosts’ server IPs reporting an expired certificate. I won’t post the IP publicly but it’s the one ending with .159 in Wordfence > Tools > Diagnostics > IP(s) Used By This Server. It looks like cURL, which is a PHP module rather than a Wordfence-specific function, is seeing this expired certificate as a blocker to connecting.
As for your original “429 Too Many Requests” issue, if this is not the result of limits set by your host or server-side firewalls/rate limiters, it is possible that the WP_MEMORY_LIMIT set to 40M currently should be increased to 128M in wp-config.php. WooCommerce (for example) recommend 64M, so if you have many hits on the site at once, this current limit of 40M could be reached fairly easily. Your PHP memory_limit value is already set high enough to make this change.
Thanks,
Peter.
