Fix Error 521 with WordPress using Cloudflare

Posted on 1 Star2 Stars3 Stars4 Stars5 Stars ( Help to vote )

As you learned above, the Error 521 message is an error message that’s specific to Cloudflare. Try a free demo. Essentially, it means that your web browser was able to successfully connect to Cloudflare, but Cloudflare was not able to connect to the origin web server – AKA your WordPress site’s server. Specifically, Cloudflare tried to connect to your WordPress site’s server but received a connection refused error in response. Because Cloudflare cannot connect to your site, it’s unable to display your site to visitors and shows the Error 521 message instead:

the Error 521 message
the Error 521 message

What Causes the Error 521 Message?

Typically, the Error 521 message is caused by one of two situations:

First, your WordPress site’s server may be down. Even if everything else is configured properly, if your WordPress site’s server is offline, Cloudflare simply won’t be able to connect.

Second, your web server might be running fine but blocking Cloudflare’s requests for some reason. Because of how Cloudflare works, some server-side security solutions might inadvertently block Cloudflare’s IP addresses.

Because Cloudflare is a reverse proxy, all of the traffic coming to your origin server will appear as if it’s coming from a small range of Cloudflare IPs (rather than each individual visitor’s unique IP address). As such, some security solutions will view high traffic from a limited number of IP addresses as an attack and block them. When that happens, Cloudflare won’t be able to connect and will display the Error 521 message instead.


Step 1: Test if the Origin Server is Online

Before going any further, you’ll want to make sure that your WordPress site’s server is online and functioning normally. If it’s not, there’s no sense digging into further troubleshooting steps.

To test this, you can run a cURL command. If you’re on Mac or Linux, you can run this right from Terminal.

Windows doesn’t have cURL installed by default and, while you can install it, a simpler way is to use KeyCDN’s online HTTP Header Check tool.

All you do is plug in http://1.2.3.4, where 1.2.3.4 is the actual IP address of your server.

The KeyCDN Header Check tool
The KeyCDN Header Check tool

Step 2: Whitelist all Cloudflare IP ranges in your server’s firewall

If your WordPress site’s server is functioning normally but you still see the Error 521 message when you try to access your site, the next step is to whitelist all of Cloudflare’s IP ranges to make sure that your server isn’t blocking them.

Here’s a full list of Cloudflare’s IP ranges.

You’ll want to make sure you aren’t blocking these IP addresses in .htaccess, iptables, or your firewall. And you’ll also want to make sure that your hosting provider isn’t rate limiting or blocking IP requests from Cloudflare’s IP addresses.

If you’re not sure how to do this, reach out to your host’s support. At Kinsta, these IP ranges should already be whitelisted.


Step 3: Consider more specific issues

Finally, here are some more specific technical steps you can take, depending on your server’s configuration.

  1. If you just started using Cloudflare’s HTTPS, your origin server might not be configured to allow Cloudflare’s IP addresses to access port 443. If you can’t configure your firewall to allow this, try using Flexible SSL instead of Full SSL at Cloudflare.
  2. Make sure you’re using the most recent versions of Bad Behavior or mod_security, if applicable.
  3. If you’re using the mod_antiloris or mod_reqtimeout Apache modules, disable and unload those modules.