What are the reasons for Error 521 with WordPress and Cloudflare?
A 521 error appears when trying to visit the WordPress website, this refers to the browser being connected to Cloudflare successfully, but Cloudflare is not connected to the server that hosts your website.
Often this happens as your server is offline.
Another reason might be that the WordPress hosting server may be online, but it’s blocking Cloudflare. This kind of WordPress error occurs when a server mistakes Cloudflare for a security threat. This is due to the problem with how the server or Cloudflare is set up.
Step 1) Contact Your Hosting Provider
When a 521 error occurs, there are steps that can fix this problem. However, some of them can be time-consuming and technical.
The easiest way to fix a 521 error is by contacting the WordPress hosting provider. A good web host must be able to tell you the reason why you’re getting this error. They might be able to fix the problem for you.
If you are not confident about how to contact support, then head over to your hosting provider’s website. You can search for any Contact Us or Support pages.
To fix this problem as quickly as possible, it is recommended to choose live support options where available. For example, live chat or business phone support is almost always faster than ticketing portals or email.
If your problem is not solved then you can try the below steps.
Step 2) Check Whether Your Server Is Offline
When a 521 error is displayed, it is worth checking whether your server is online.
In case it is still online, then move on to try other troubleshooting steps.
To do this, you’ll require the server’s IP address.
Then, use this IP address to ‘ping’ the physical server that hosts your WordPress website. If the server responds, you’ll know that it’s online.
If there is no response, then the server is offline and this is what’s causing your 521 error.
To retrieve your IP address, log into your website’s control panel. This is usually provided by your hosting provider and is either cPanel or a custom panel.
Once logged in, you can search for any settings labeled ‘IP address.’
If you are a Bluehost customer, then log into your cPanel dashboard. You can then click on Advanced in the left sidebar.
On this screen, search the General Information section.
Bluehost will display your server’s IP address under ‘Shared IP address.’
If you’re unable to find this IP address, it’s always important to check your hosting provider’s website or online documentation. Many web hosts consist of detailed tutorials you how to search your IP address.
Once you have collected information, move over to the HTTP Header Checker tool. Use this tool to ‘ping’ your website’s server and see whether there is any response or not.
To perform this test, copy and paste your IP address into the ‘URL’ field.
Then, you can add the HTTP://’ in front of your IP address. This changes this string of numbers into a web address. For example:
56.18.270.000
Becomes:
Next, click on the Check button. HTTP Header Checker will try to connect to your server.
In case your server is offline, then a message is displayed like ‘Failed to connect’ or ‘Host Not Found.’
This explains why you’re getting the 521 error. In such a case, you’d need to contact your hosting provider to fix it.
If your server is online, HTTP Header Checker will display a ‘2XX’ status code. A ‘3XX’ status code is seen, if your server is online but is temporarily redirecting to a new location.
Step 3) Whitelist All of Cloudflare’s IP Addresses
Your server may be online, but blocking Cloudflare’s IP addresses. This can result in 521 errors while trying to visit the WordPress website.
The solution is to this problem is whitelist all the IP addresses that Cloudflare uses. By whitelisting an IP address, you’re allowing your server to accept all requests coming from that address.
All whitelisted IPs can be added to your website’s .htaccess file. This is an important configuration file that indicate the server how it must act.
To edit your .htaccess file, you’ll need an FTP client such as FileZilla.
Once you’re connected to your server, open your website’s root folder. To reach it, open the folder that displays your website’s address.
Next, open the ‘public_html’ folder.
You’ll see your website’s .htaccess file.
By default, some FTP clients hide sensitive files. If a .htaccess file is not seen, then you’ll need to allow the ‘show hidden files option in your FTP client.
If you’re using FileZilla, just choose the server from the toolbar. Then, click on ‘Force showing hidden files.’
Open the .htaccess in your computer’s default text editing program.
Within this file, search the ‘# BEGIN’ line. Add all the Cloudflare IP addresses above this line.
To start, type the following on a new line:
order deny, allow
In a new tab, open the list of Cloudflare IP ranges.
To whitelist an IP address, type ‘allow from’ and then either copy/paste or type the IP address. This refers to :
103.21.244.0/22
Becomes:
allow from 103.21.244.0/22
Now, add each IP address on a new line.
Add all the Cloudflare IP addresses, save your changes. Now, close the .htaccess file.
Step 4) Ask Your Hosting Provider to Enable Port 443
Cloudflare comes with different encryption modes.
Switching to Full or Full (Strict) mode, right before getting the 521 error? This might have caused the problem.
When Cloudflare is in Full or Full (Strict) mode, it is a requirement to access the port 443. However, some servers avoid the Cloudflare from accessing this port, that will trigger the ‘Error 521′ error.
The solution is to allow the port 443 on your server.
This process varies, depending on your hosting provider and your server’s settings. It is recommended to contact your hosting provider and asking them to allow port 443 for you.
Step 5) Creating and Uploading a Cloudflare OriginCertificate
Even if port 443 is enabled, you might still get the 521 error when using Cloudflare’s Full or Full (Strict) mode.
This is due to some servers allowing only connections on port 443, if you have a valid Cloudflare Origin Certificate. This certificate encrypts the traffic between Cloudflare and your web server.
In case, if you haven’t provided an Origin Certificate, you may get an ‘Error 521.’
Log into your Cloudflare account. Then, go to SSL/TLS » Origin Server.
Next step, click on the Create Certificate button.
Cloudflare now asks for a private key and a Certificate Signing Request (CSR).
Type your CSR into the ‘Certificate Signing Request (CSR)’ box.
If you do not have CSR and key, then use Cloudflare can create these two things for you.
Select ‘Generate private key and CSR with Cloudflare.’
Choose whether to create an RSA key or an ECC key.
ECC has a shorter key length. This means that ECC keys are faster.
For this reason, it is recommended to create an ECC key.
Now, open the ‘Private key type’ dropdown. Select either RSA or ECC.
Next, scroll to the Hostnames field. Add all the hostnames that you want to protect.
Observe that Cloudflare has already added your root domain name.
Cloudflare automatically adds a wildcard, that is your website’s domain plus a * symbol. This is a ‘catch-all’ that makes sure your subdomains are properly protected.
These default values must be enough to protect most websites. However, to add more hostnames then just type them into the ‘Hostnames’ field.
Scroll to the ‘Certificate validity’ section.
By default, the certificate will be valid for 15 years by default.
Open the ‘Certificate validity’ dropdown and choose a new value.
Now, click on the Create button.
Cloudflare will now create your certificate.
Cloudflare will display an Origin Certificate and Private Key. Copy this information into separate files.
In your Cloudflare dashboard, go to SSL/TLS.
Now, search the ‘SSL/TLS encryption mode’ section.
Select ‘Full (strict).’
Cloudflare is now using your Origin Certificate.
Now, check your site to see whether this has fixed the ‘Error 521’