Have you encountered the frustrating ‘Error 521’ message while trying to access your website? This issue is quite common for WordPress users utilizing Cloudflare and can impact thousands of sites daily.
The downside? If you’re experiencing this error, your visitors are too. This is not the impression you want to leave. We understand that such errors can significantly disrupt user experience, decrease conversion rates, and even harm your Google rankings.
But don’t fret! In this comprehensive guide, we will leverage our extensive experience to help you resolve the 521 error affecting your WordPress and Cloudflare setup. We’ll provide you with step-by-step instructions to restore your website’s functionality and keep your visitors satisfied.
What Causes Error 521 with WordPress and Cloudflare?
When you encounter a 521 error while trying to access your WordPress site, it indicates that your browser is successfully connecting to Cloudflare, but Cloudflare is unable to reach the server hosting your website.
This is often due to your server being offline.
Your WordPress hosting server might be online but blocking Cloudflare. This error typically occurs when the server mistakenly identifies Cloudflare as a security threat, often due to misconfigurations in either your server or Cloudflare settings.
Don’t worry! We have five effective troubleshooting steps to help you resolve this error quickly.
If you’re unsure about the cause of your 521 error, we suggest starting with step 1 and progressing through each step. Alternatively, you can jump directly to a specific step using the links below:
- Contact Your Hosting Provider
- Check if Your Server Is Offline
- Whitelist All of Cloudflare’s IP Addresses
- Request Your Hosting Provider to Enable Port 443
- Create and Upload a Cloudflare Origin Certificate
1. Contact Your Hosting Provider
When encountering a 521 error, there are steps you can take to troubleshoot the issue yourself, although some may be time-consuming and technical.
With that in mind, the simplest solution to a 521 error is to reach out to your WordPress hosting provider. A reliable web host should be able to explain the reason for this error and may even resolve the issue for you.
If you’re unsure how to reach support, visit your hosting provider’s website and look for their Contact Us or Support sections.
For a quicker resolution to your issue, we recommend opting for live support options when available. Live chat or phone support is generally faster than using ticketing systems or email.
If you can’t get immediate support from your hosting provider, try the following troubleshooting steps.
2. Verify If Your Server Is Offline
When encountering a 521 error, it’s essential to first check if your server is online.
If your server is online, you can proceed with additional troubleshooting steps.
To do this, you’ll need your server’s IP address, which is a unique string of numbers that identifies a specific device on the network.
You can use this IP address to ‘ping’ the physical server that hosts your WordPress site. If the server replies, it confirms that it’s online.
If there is no response, your server is offline, which is likely the cause of the 521 error.
To find your IP address, log in to your website’s control panel, typically provided by your hosting provider, which is usually cPanel or a custom interface.
After logging in, look for any settings labeled ‘IP address.’
If you are using Bluehost, scroll down to the Server Information section under the Hosting tab.
In this section, you will find a link to view your IP address.
Clicking the link will display your IP address. You can easily copy it to your clipboard by clicking the ‘Copy’ link.
If you’re having trouble locating your IP address, it’s a good idea to check your hosting provider’s website or online documentation. Many web hosts offer detailed guides on how to find your IP address.
Once you have this information, go to the HTTP Header Checker tool. This tool allows you to ‘ping’ your website’s server to see if it responds.
To perform this test, simply paste your IP address into the ‘URL’ field.
Then, prepend ‘http://’ to your IP address to convert it into a web address. For example:
56.18.270.000
Becomes:
http://56.18.270.000
Next, click the ‘Check’ button. The HTTP Header Checker will attempt to communicate with your server.
If your server is offline, you will see a message like ‘Failed to connect’ or ‘Host Not Found.’
This section explains the cause of the 521 error. In this situation, you will need to reach out to your hosting provider for assistance.
If your server is operational, the HTTP Header Checker will display a ‘2XX’ status code. You might also encounter a ‘3XX’ status code if your server is functioning but temporarily redirecting to a different location.
If your server is up and running, then an outage or server downtime is not the reason for your 521 error. You can proceed with this guide to resolve the issue.
3. Allow All of Cloudflare’s IP Addresses
Your server might be online but could be blocking Cloudflare’s IP addresses. This blockage can lead to the 521 error when attempting to access your WordPress site.
The solution is to allow all the IP addresses used by Cloudflare. By whitelisting an IP address, you instruct your server to accept all requests originating from that address.
You can add the whitelisted IPs to your website’s .htaccess file. This crucial configuration file informs the server about its operational behavior.
To modify your .htaccess file, you will need an FTP client like FileZilla.
If you are unfamiliar with using an FTP client, you may want to check out our guide on how to use FTP. This article provides instructions on connecting to your server using an FTP client.
After connecting to your server, navigate to your website’s root directory by opening the folder that corresponds to your website’s address.
Next, access the ‘public_html’ directory.
You should now locate the .htaccess file for your website.
Some FTP clients may hide sensitive files by default. If the .htaccess file is not visible, you will need to enable the ‘show hidden files’ option in your FTP client.
For FileZilla users, go to the Server menu in the toolbar and select ‘Force showing hidden files.’
If you are still having difficulty locating the .htaccess file, please refer to our guide on how to find the .htaccess file in WordPress.
When you’re ready to edit the file, right-click (or Control-click) on the .htaccess file.
Then, choose ‘View/Edit.’
This action will open the .htaccess file in your computer’s default text editor.
Within this file, locate the ‘# BEGIN’ line. You will need to add all Cloudflare IP addresses above this line.
To begin, enter the following on a new line:
order deny,allow
Open a new tab to access the list of Cloudflare IP ranges.
To whitelist an IP address, type ‘allow from’ followed by either copying/pasting or manually entering the IP address. This indicates that:
103.21.244.0/22
Change to:
allow from 103.21.244.0/22
Make sure to add each IP address on a separate line.
After adding all the Cloudflare IP addresses, remember to save your changes. You can then close the .htaccess file.
Now, visit your website to check if this resolves the ‘Error 521.’
4. Request Your Hosting Provider to Enable Port 443
Cloudflare offers several encryption modes.
Did you switch to Full or Full (Strict) mode just before encountering the 521 error? This could be the cause of the issue.
When Cloudflare operates in Full or Full (Strict) mode, it requires access to port 443. However, some servers block Cloudflare from accessing this port, resulting in the ‘Error 521’ message.
The solution is to enable port 443 on your server.
This process may differ based on your hosting provider and server configuration. Therefore, we suggest reaching out to your hosting provider and requesting them to enable port 443 for you.
5. Generate and Upload a Cloudflare Origin Certificate
Even with port 443 enabled, you might still encounter the 521 error when using Cloudflare’s Full or Full (Strict) mode.
Some servers require a valid Cloudflare Origin Certificate to allow connections on port 443. This certificate secures the connection between Cloudflare and your web server.
Failing to provide an Origin Certificate may result in an ‘Error 521.’
Fortunately, Cloudflare offers a step-by-step guide to help you create this certificate.
To begin, log in to your Cloudflare account and navigate toSSL/TLS » Origin Server.
Next, click the ‘Create Certificate’ button.
Cloudflare will prompt you for a private key and a Certificate Signing Request (CSR).
If you already have a private key and CSR, check the ‘Use my private key and CSR’ option.
You can then enter your CSR in the ‘Certificate Signing Request (CSR)’ field.
If you don’t have a CSR and key, don’t worry! Cloudflare can generate these for you.
To proceed, select ‘Generate private key and CSR with Cloudflare.’
You can choose to create either an RSA key or an ECC key.
Most security professionals agree that ECC and RSA offer similar security levels, but ECC keys are faster due to their shorter key length.
We recommend generating an ECC key for enhanced security.
After making your choice, select the ‘Private key type’ dropdown to choose between RSA or ECC.
Next, navigate to the Hostnames field where you can enter all the hostnames you wish to secure. It may seem complex, but Cloudflare simplifies the process significantly.
You’ll notice that Cloudflare has automatically included your root domain name.
Cloudflare also adds a wildcard, which consists of your website’s domain followed by a * symbol. This acts as a ‘catch-all’ to ensure that your subdomains are adequately secured.
For instance, if your root domain is ‘www.example.com’, the wildcard will ensure that your subdomain ‘store.yourwebsite.com’ is also protected. For further information, refer to our comprehensive guide on subdomains.
The default settings should suffice for most websites. However, if you need to add additional hostnames, simply type them into the ‘Hostnames’ field.
Next, proceed to the ‘Certificate validity’ section.
By default, your certificate will remain valid for 15 years.
Need a longer duration? Open the ‘Certificate validity’ dropdown and select a different option.
Once you are satisfied with the information provided, click the ‘Create’ button.
Cloudflare is now generating your SSL certificate.
Cloudflare will display an Origin Certificate along with a Private Key. Make sure to copy this information into separate files.
Important:You will not be able to access the Private Key again after leaving this screen, so ensure you save it securely.
You can now upload your Origin Certificate to your web server. The process may differ based on your hosting provider and server type.
To assist you, Cloudflare has provided instructions for various types of web servers.
After installing the Origin Certificate on your server, the final step is to update your SSL/TLS encryption mode.
In your Cloudflare dashboard, navigate to the SSL/TLS settings.
Locate the section labeled ‘SSL/TLS encryption mode.’
In this section, choose ‘Full (strict).’
Cloudflare is now utilizing your Origin Certificate. You can check your website to see if this resolves the ‘Error 521’ issue.
We hope this guide has helped you resolve the ‘Error 521’ issue with WordPress and Cloudflare. You may also want to explore our guide on common WordPress errors or our expert recommendations for resolving frequent issues with the WordPress block editor.
If you found this article helpful, consider subscribing to our YouTube Channel for WordPress video tutorials. You can also connect with us on Twitter and Facebook.
