It seems you have tried to access a website and ended up encountering an error message that says something is “Forbidden” or simply you are not allowed to access the website. If this is the case, you likely came across a 403 forbidden error.
Seeing such types of errors is very irritating and frustrating, this is why we bring you a comprehensive guide on how to fix the 403 error code. So without any further delay let’s get started.
Note: Before directly trying these troubleshooting methods, we highly recommend you back up your files and database.
For WordPress websites it can be easily done by accessing the WordPress Dashboard you can take the help of a backup plugin. We recommend using a backup plugin that creates automatic backups at regular intervals.
1. Check Missing Core Files and Theme Files
First, you should check all your WordPress Core Files and ensure they are in place.
Also check if all these files are properly uploaded, especially for the index.php files at root, inside wp-admin, theme folder, and every plugin folder. (You can easily upload the core files manually using any File Transfer Tool)
WPOven
2. Check .htaccess File Configuration
If your web server is Apache, you need to check if the .htaccess file causing the issue. This particular file is generally hidden in the public_html directory of your Apache-based web server.
The main purpose of the .htaccess file is to define the web responses to various queries, such as redirects, restrict access to various bots, etc.
In some cases, there are differences in .htaccess files for the root directory and subdirectories in WordPress like wp-admin and wp-includes.
To access this hidden file you can go to File Manager, and select the hidden checkbox in the options provided in the pop-up as shown in the image below:
Check the .htaccess file configuration
If a pop-up doesn’t appear you can go to Settings under File Manager at Top Right as shown below:
Check the .htaccess file configuration
Once you have selected to show the hidden files you will be able to see the .htaccess file
Check .htaccess file configuration
You can download it to your local machine or computer and edit using an editor i.e. Notepad, Dreamweaver, or any other similar editing tool.
You can also right-click on it and Edit it as shown below:
Check the .htaccess file configuration
This will open up an editable file like this:
Check .htaccess file configuration
However, if a .htaccess file is not available on your system, you can create a new one too. All you have to do is go into your public_html folder, or the website-specific default folder ( if you have hosted multiple websites on your cPanel) and click on Add New file:
Check .htaccess file configuration
.htaccess 403 forbidden
If the .htaccess file is already available and you are facing a 403 forbidden error, delete it and try to access the website or the specific page with the issue.
If the website works fine, it means your .htaccess file was triggering the issue and it needs to be configured correctly.
Alternatively, if you do not wish to delete the .htaccess file, you can just remove all the content from it and save the empty file instead.
For WordPress users, you can even regenerate new .htaccess files directly from the WordPress Dashboard. Go to Settings > Permalinks > Click on the Save Changes button as shown below:
Permalinks under Settings Error 403
Please note, that you don’t have to change the settings here unless you want to change the permalink settings or URL structure.
3. Directory Browsing and 403 Error
Directory Browsing is something that you won’t find these days, it is generally used to display the directory content to the visitor in the absence of a default home page file (index.php or index.html)
The server will display all the files and subfolders of the main folder to the visitors which is certainly not a good idea for security reasons.
This is exactly how it appears:
Directory Browsing
Fortunately, most of the servers by default disallow directory browsing to hide the folder contents. In such cases, if the default root file (index.html or index.php) is missing, the server will return a 403 Forbidden error.
How to Disable Directory Browsing using the .htaccess file?
Open the editable .htaccess file, as described in the previous section. (Note: remember to back up the existing .htaccess file)
By default, the WordPress .htaccess file looks like this:
#BEGIN WordPress RewriteEngine On RewriteBase / RewriteRule ^index\.php$ - [L] RewriteCond %{REQUEST_FILENAME} ! - f RewriteCond %{REQUEST_FILENAME} ! - d RewriteRule . /index.php [L] #END WordPress
Just add this line of the code after the last line:
Options -Indexes
Update or Upload the edited .htaccess file, and refresh the page to see if the problem is resolved.
4. Check File and Folder Permission
Whenever you install fresh WordPress or create a new file or folder in your cPanel, a default file permission setting is automatically applied to all the core files and folders.
However, you can still change the permission settings of each folder and a specific file as well if you like. Some hosting providers also provide tools to reset the permission settings.
You can also edit permission settings using any FTP tool (FileZilla for example). It will give you additional options as follows:
Directory Browsing and 403 Error
Permission settings to be only applied to selected directories or files
It is to be applied in all subdirectories and files within the selected directory
Also, it is to be applied only in all subdirectories within the selected directory
Permissions settings are to be applied only in all files within the selected directory
Following are the default permission settings for WordPress Files:
First of all change permission settings to 755 or 750 for all the directories
Change permissions settings to 644 or 640 for all the files (select the “Apply to files only” option)
Note: There is an exception to the above rule for the wp-config.php file. The WP Config file is used to connect WP files to the Database. It includes the necessary database name, DB username, and password. The file permission for wp-config should either be 440 or 400.
Changing the permission settings accordingly should resolve the 403 forbidden error issues.
Caution: Only perform this step when you are sure about what you are doing. It is an expert job. Playing around with file permissions can compromise your website or server’s security. Incorrectly configured file permissions can leave a gate open for hackers or malware.
5. Check Plugin
If the error still doesn’t resolve, you need to check if there is a plugin that is causing the issue.
To check if this is causing the issue, first deactivate and uninstall any of the recently installed plugins. If this helps, it means a faulty plugin was the main culprit and you must remove or replace it immediately.
To figure out the faulty plugin, do the following:
Activate the plugins one by one and check if the 403 error triggers again
When the error is visible after activating a particular plugin, congratulations, you have identified the plugin that is causing the problem.
You may need to delete it entirely and replace it with another plugin with similar functionality.
In case you are unable to access your WordPress dashboard, you can access your website files via the FTP client and deactivate all the plugins by simply changing the name of the plugins folder to something else. (However, we do not recommend you follow this method)
You can also change the name of individual plugin folders one by one If you follow this process of changing folder names, you will see several errors in your WordPress dashboard stating that “Plugin file doesn’t exist”.
At this moment, you should not panic, this error message will vanish once the folder name is changed back to what it was the original name.
You will have to activate them again from the WP Dashboard after changing them back to their original name.
Note: Most of the time the issue is found with either one of the caching plugins or the security plugins. So, keep an eye on these plugins.
“403 forbidden access to this resource on the server is denied!” Error in WordPress Multisite
If you have a WordPress Multisite installation and getting a 403 error the chances are you have created a wildcard subdomain.
Just change it to remove the wildcard setting for a subdomain, and it should resolve the issue.
You also need to check the subdomain redirects.
subdomain redirects
How to Fix 403 Forbidden Error on Google Chrome?
Your Chrome Brower can also sometimes respond weirdly and trigger a 403 Forbidden error. If this is the case, you need to follow the methods you need to follow:
Some Quick and easy Solutions you must try at first:
Refresh or Reload: Sometimes, the 403 forbidden error can trigger due to temporary glitches that can be easily fixed by simply refreshing or reloading the webpage. Just click on the refresh button on the Chrome browser and you are done.
Try accessing the page after some time: Sometimes due to network congestion, glitches, or temporary issues from the server side can take a longer time than usual to resolve. If accessing the website is not very critical, you can wait for a few hours or even a day and try accessing it again. However, if you can’t wait and accessing the website is the utmost priority you can try the below methods.
Incorrect Typed URL: There is a popular saying that, “Hurry-hurry spoils the curry”. Generally, users in a hurry type incorrect or misspelled URLs in the browser address bar, and the outcome results in these types of errors. So, it is highly advised to review your typed URL before pressing the enter key and make sure the URL is 100% correct.
Check on multiple devices or connections: You must also try to access the same website on multiple devices using the same network. If the error persists, move on to another internet connection and check if the error is due to the device or the internet connection.
Reset to default settings: If none of the above methods work, try to reset everything from the browser to your Wi-Fi router to their default settings.
6. Clear Chrome Browser Cache and Cookies
You can also try deleting the specific cookies of the Chrome browser. Follow these steps:
Open Chrome > Click on More Settings > Advanced
In this menu, find ‘Content settings’ Under “Privacy and Security” > Click on “Cookies”
Under “All cookies and site data,” search for the website’s name.
To the right of the site, click on the Remove button
To clear all the cookies, you can just go to Google Chrome History, and delete the Cache completely. This similar process also works for other popular web browsers such as Mozilla, Edge, etc.
Go to History, and click on Clear Browsing Data as shown below:
Clear Browsing Data
Clear Browsing Data
You can also select the time range to delete the browsing data for a specific period. Check “Cache images and files “followed by clicking on the “clear browsing data” button.
7. Deactivate Chrome Browser Extensions
To increase the browser functionality, many browsers even support extensions that can be easily installed by the users.
However, sometimes these browser extensions can interfere with the network and trigger errors. That’s why it’s recommended to deactivate them during the troubleshooting process.
8. Check Firewall Settings
It is also possible that firewalls on your system are preventing the server from displaying the requested page. You can temporarily disable the firewall while troubleshooting the 403 error.
What does 403 Forbidden Error mean?
403 forbidden error or 403 forbidden access to this resource on the server is denied! is an HTTP status code meaning the server has received the request and understands it very well but could not provide any additional access.
This means, that the webpage you are trying to visit or the resource to access the website is not allowed due to the lack of permissions or the absence of required authentication credentials from the server side.
Different browsers show different messages for the 403 error :
Forbidden: You don’t have permission to access / on this server.
HTTP Error 403: Forbidden
403 forbidden requests forbidden by administrative rules
403 Forbidden
Access Denied You don’t have permission to access
403 – Forbidden: Access is denied
Error 403 – Forbidden
403 forbidden nginx– You are not allowed to access this address 403 Forbidden – Nginx HTTP Error 403 – Forbidden – You do not have permission to access the document or program you requested
403 Forbidden – Access to this resource on the server is denied
403. That’s an error. Your client does not have permission to get URL / from this server
You are not authorized to view this page
What are the Causes of 403 Forbidden Error?
1. Incorrect File Permission
The most common reason behind this error is files and folder permissions on the webserver. This can be easily fixed by checking the permission settings in your File Manager under cPanel. We will discuss this further in detail in the subsequent sections.
The ideal folder permissions on a web server should look like this:
Permission Status for Folders: 755
Static Content: 644
Dynamic Content: 700
Understanding File Permissions
7: Stands for full access (Read, Write, Execute)
6: for the Only Read and Write Access
5: Stands for Reading and Execute
4: Only Read Access
0: Stands for No Access Rights
The 3 digits in the permission codes specify Owner | Group | Public in that order
So, if a folder permission code looks like 7|5|4 it means the owner has full access (7), while Group can Read and Execute (5) while Public/Everyone else can only Read (4) the resource.
These codes can be changed under File Manager if you are using a cPanel. File permissions can also be changed using an FTP tool like FileZilla.
What does the Read/Write/Execute mean?
Read – view the files and subfolders within the folder.
Write – add, edit, or delete the files and subfolders inside the folder
Execute – process/execute the resources using a script or commands to change their value.
Setting File Permission using FTP Tool like FileZilla
Setting File Permission using FTP Tool like FileZilla
Setting File Permission using FTP Tool like FileZilla
Setting File Permission using File Manager in cPanel
Setting File Permission using File Manager in cPanel
Setting File Permission using File Manager in cPanel
Folder permissions can also be changed using SSH under chmod commands.
2. No Index File or Empty Folder
Another possible reason causing this 403 error can be an empty HTTP directory or in other words, no website or web application files are uploaded to the server directory.
For example, The default landing page for a website or web application is index.html or index.php. If none of the 2 files exist on the server it will return a 403 Forbidden error.
Also, If you have defined some other file in Nginx config or .htaccess as the home page, and that file is not uploaded in the directory the error will trigger.
Generally, these two reasons are found to be common for displaying 403 Errors. But other specific reasons and level of resource access forbidding can be determined by identifying the sub-status code, which is as follows (though they are not standard codes):
403.1 – Execute access forbidden.
403.2 – Read access is forbidden.
403.3 – Write access forbidden.
403.4 – SSL required
403.5 – SSL 128 required.
403.6 – IP address rejected.
403.7 – Client certificate required.
403.8 – Site access denied.
403.9 – Too many users.
403.10 – Invalid configuration.
403.11 – Password change.
403.12 – Mapper denied access.
403.13 – Client certificate revoked.
403.14 – Directory listing denied.
403.15 – Client Access Licenses exceeded.
403.16 – Client certificate is untrusted or invalid.
403.17 – The client certificate has expired or is not yet valid.
403.18 – Cannot execute request from that application pool.
403.19 – Cannot execute CGIs for the client in this application pool.
403.20 – Passport logon failed.
403.21 – Source access denied.
403.22 – Infinite depth is denied.
403.502 – Too many requests from the same client IP; Dynamic IP Restriction limit reached.
403.503 – Rejected due to IP address restriction
Based on sub-status error codes, you can easily identify the exact cause of the issue and effectively troubleshoot it.
If you are a WordPress user, the error 403 can be temporarily triggered due to the following conditions :
Access denied to WordPress Dashboard. In that case, you have to check the settings for the wp-admin directory.
Access may be denied during WordPress installation
Access may be denied during theme or plugin updates
3. Misconfigured Server Settings
If the web server files are misconfigured or have some issues, it can trigger an Error 403.
For example, if your website is on the Nginx Web server and the Nginx configuration files are not properly configured it will trigger a 403 Forbidden Nginx Error.
The issue could arise if the configuration files are missing, incomplete, or incorrect settings. Such as if you have poorly configured your security settings it can prevent your access to certain resources.
This particular scenario often happens when you have recently made some changes to your Nginx configuration file or you have recently migrated to a new server.
4. Incorrect URL or Directory Structure
If you are trying to access a resource whose URL path is incorrect, doesn’t exist, or has been moved to a different location, the 403 error will trigger.
Even if you have misconfigured the server, it can cause it to look resources in the wrong location and hence the error happens.
5. Server and Firewall issues
The last reason that can cause a 403 error, can be an issue with your server or Firewalls. For example, the server could be experiencing a spike in high traffic and aggressive firewall settings that could be blocking access to certain resources. If this is the case, it’s important to check your server logs and find out the root cause of the issue.
How to Fix 403 Forbidden Nginx Error on Your Site?
When the error 403 specifically pertains to the Nginx web server, which is a popular web server software used to serve web pages and applications. You will encounter an error message “403 Forbidden Nginx Error,” on the screen.
Note: The error 403 is a broader term and can happen on any web server but when it particularly occurs in the NGINX web server, the error message would be ” 403 Forbidden Nginx Error”. Both errors indicate a lack of permission to access a resource.
It is also true that you will find it difficult to understand the exact cause of the 403 Forbidden error in nginx. It becomes even more difficult to fix it.
However, If you’re experiencing this particular type of error, there are several steps you can take to troubleshoot the issue. Let us check them out one by one.
As we have already mentioned earlier, one of the most common reasons that cause 403 Forbidden Nginx errors is the Incorrect configuration for the index file.
If you are not familiar with index files, let us make it simple for you. The index file is the file that Nginx serves to the client when the client requests the root URL of the website or directory.
This particular file has specified rules that control which index file to load and in what order. By default, Nginx looks for files named
“index.html”, “index.htm”, “index.php”, or “index.cgi” to serve as the index file.
location / { index index.html index.htm index.html inde.php; }
If none of the mentioned files are found in the directory, the Nginx will return a 403 forbidden error.
2. Check File Permissions
For Nginx users, make sure, it has all the important files present.
You need to change the directory permissions to 755 and the file permissions to 644. Plus, make sure that if you are running Nginx, it must have its files.
The Nginx configuration file can contain errors that cause the 403 Forbidden Nginx error. To check the configuration file, run the command:
sudo nginx -t
This command tests the configuration file and reports any errors. If there are errors, fix them before restarting Nginx.
4. Restart Nginx
If you have made any changes to the Nginx configuration file, you need to restart Nginx to make the changes effective. For this use the following command to restart Nginx.
sudo systemctl restart nginx
5. Check for IP-based restrictions
Nginx can block requests from certain IP addresses. To check if your IP address is being blocked, use the command
sudo tail -f /var/log/nginx/error.log
This command shows the Nginx error log in real time. If your IP address is being blocked, you can add it to the “allow” list in the Nginx configuration file. For example,
If none of the above solutions work, the last hope is website admin. Write an email and ask the website administrator to see if any server-side issues are causing the error. The website administrator may be able to provide more information about the cause of the error and how to fix it.
How to prevent 403 Forbidden Error in Nginx?
The best way to deal with 403 Forbidden Nginx errors is to prevent them from occurring in the first place. Some of the best ways to do this include,
Using access controls and authentication
Setting appropriate file and directory permissions
Implementing SSL/TLS certificates
Monitoring Server health and performance
Staying up to date with Nginx Updates and patches.
Effects of 403 Forbidden Error on Search Engine Rankings
If your website has recently started showing up with a 403 error message, which has a good rank in SERP. There are higher chances that it will end up losing the position and prominent search engines like Google and Bing.
As per the algorithm of search engines, they first downgrade the rankings and then eventually remove the pages from their index which are no more accessible to users or bots.
To avoid such situations, it is highly recommended that you keep a close watch on your website analytics report, search console, and webmaster data to see if there are any such errors.
For this, all you need to do is simply log in to Google Search Console and Select your website > Click on Coverage under index as shown in the picture below:
Google Search Console coverage Error 403
It will display the number of errors if present as well as the type of errors the visitors might have faced.
You can just keep an eye on it to keep your website Indexing healthy and avoid getting lower ranks on search engines.
In case you have recently changed the URL of a page make sure to use a redirection plugin, and redirect the old URL to the new one. Also, update the XML sitemap in the search console.
XML sitemap in the search console
We also recommend following the above-described troubleshooting methods under the guidance of a WordPress expert if you are a beginner.
Conclusion
In a nutshell, a 403 forbidden error generally indicates that the requested resources or file is available on the server but it is not accessible, due to the reasons we have already specified in the post.
Since the 403 error can be triggered due to multiple reasons, we have tried to compile all of them in a single post so that you know all the possibilities and their solutions in one place.
The solutions that we have mentioned will most probably solve the issue quickly. But in the worst case, if you are still not able to fix it, we suggest you contact the tech support of your hosting provider immediately.
However, you need to have a little patience because, during maintenance tasks or other phases, the server technical team may accidentally make configuration changes or your IP may have been blocked by the server.
Contact the technical team to check and resolve the issue as soon as possible.
We hope this comprehensive guide will help you fix the 403 error easily. However, if you find anything we have missed or want to add your valuable points, please do let us know in the comment section below.
Rahul Kumar is a web enthusiast, and content strategist specializing in WordPress & web hosting. With years of experience and a commitment to staying up-to-date with industry trends, he creates effective online strategies that drive traffic, boosts engagement, and increase conversions. Rahul’s attention to detail and ability to craft compelling content makes him a valuable asset to any brand looking to improve its online presence.
