diff --git a/tests/base.py b/tests/base.py
index be5cd56..3027fce 100644
--- a/tests/base.py
+++ b/tests/base.py
@@ -48,7 +48,7 @@ class AxesTestCase(TestCase):
 
     STATUS_SUCCESS = 200
     ALLOWED = 302
-    BLOCKED = 403
+    BLOCKED = 429
 
     def setUp(self):
         """
diff --git a/tests/test_decorators.py b/tests/test_decorators.py
index 7de9c26..f57bcbc 100644
--- a/tests/test_decorators.py
+++ b/tests/test_decorators.py
@@ -8,7 +8,7 @@ from tests.base import AxesTestCase
 
 class DecoratorTestCase(AxesTestCase):
     SUCCESS_RESPONSE = HttpResponse(status=200, content="Dispatched")
-    LOCKOUT_RESPONSE = HttpResponse(status=403, content="Locked out")
+    LOCKOUT_RESPONSE = HttpResponse(status=429, content="Locked out")
 
     def setUp(self):
         self.request = MagicMock()
diff --git a/tests/test_helpers.py b/tests/test_helpers.py
index 0222d53..15e0746 100644
--- a/tests/test_helpers.py
+++ b/tests/test_helpers.py
@@ -791,12 +791,12 @@ class AxesLockoutTestCase(AxesTestCase):
 
     def test_get_lockout_response(self):
         response = get_lockout_response(self.request, self.credentials)
-        self.assertEqual(403, response.status_code)
+        self.assertEqual(429, response.status_code)
 
-    @override_settings(AXES_HTTP_RESPONSE_CODE=429)
+    @override_settings(AXES_HTTP_RESPONSE_CODE=403)
     def test_get_lockout_response_with_custom_http_response_code(self):
         response = get_lockout_response(self.request, self.credentials)
-        self.assertEqual(429, response.status_code)
+        self.assertEqual(403, response.status_code)
 
     @override_settings(AXES_LOCKOUT_CALLABLE=mock_get_lockout_response)
     def test_get_lockout_response_override_callable(self):
diff --git a/tests/test_login.py b/tests/test_login.py
index 29211e2..94d870f 100644
--- a/tests/test_login.py
+++ b/tests/test_login.py
@@ -84,7 +84,7 @@ class DatabaseLoginTestCase(AxesTestCase):
     LOGIN_FORM_KEY = '<input type="submit" value="Log in" />'
     ATTEMPT_NOT_BLOCKED = 200
     ALLOWED = 302
-    BLOCKED = 403
+    BLOCKED = 429
 
     def _login(self, username, password, ip_addr="127.0.0.1", user_agent="test-browser", **kwargs):
         """
@@ -197,7 +197,7 @@ class DatabaseLoginTestCase(AxesTestCase):
         # So, we shouldn't have gotten a lock-out yet.
         # But we should get one now
         response = self.login(is_valid_username=True, is_valid_password=False)
-        self.assertContains(response, self.LOCKED_MESSAGE, status_code=403)
+        self.assertContains(response, self.LOCKED_MESSAGE, status_code=429)
 
     @override_settings(AXES_ONLY_USER_FAILURES=True)
     def test_lockout_by_only_user_failures(self):
diff --git a/tests/test_middleware.py b/tests/test_middleware.py
index 8b098d1..cf88927 100644
--- a/tests/test_middleware.py
+++ b/tests/test_middleware.py
@@ -12,7 +12,7 @@ def get_username(request, credentials: dict) -> str:
 
 class MiddlewareTestCase(AxesTestCase):
     STATUS_SUCCESS = 200
-    STATUS_LOCKOUT = 403
+    STATUS_LOCKOUT = 429
 
     def setUp(self):
         self.request = HttpRequest()