How to Fix Error 403 Forbidden for WordPress

You must have encountered some common errors while trying to access your WordPress site that shows a forbidden message.  It is likely that you came across a 403 forbidden error. In this guide, we will take you through how to fix the 403 error code. We will cover detailed information on how to resolve the issue so without any further delay let’s get started.

What is error 403 forbidden?

403 is one of the HTTP errors that you face while working on WordPress. There are some HTTP status codes defined by Microsoft’s Internet Information Services which is considered standard internet codes. These codes are used by web servers to communicate with your web browsers (like Chrome, Firefox, Opera, etc.). These codes are defined within the Http header. In the normal circumstance when the website is working fine the server sends Status Code as 200.

 

There are certain HTTP status codes defined by Microsoft’s Internet Information Services which is considered standard internet codes. These codes are used by web servers to communicate with your web browsers (like Chrome, Firefox, Opera, etc.). These codes are defined within the Http header. In the normal circumstance when the website is working fine the server sends Status Code as 200.

 

Error 403 Forbidden
Error 403 Forbidden

 

In case there is something wrong with the requested resource, it returns an error code. There are lots of error codes used by HTTP, for example, a 404 error is returned for a resource not found and  500 error code signifies internal server error. Another such HTTP response code is 403 which signifies that the user is prohibited or forbidden to access the requested web resource, which exists on the webserver. We have tried to resolve all the common errors like 404 error, 504 gateway timeout error, 502 bad gateway error etc faced while working on WordPress.

 

These type of errors are classified into two categories, they are either “client-side” errors or they are “server-side” errors.

 

Example of Client-Side Errors:

  • 400 Bad Request
  • 401 Unauthorized
  • 403 Forbidden
  • 404 Not Found, and
  • 408 Request Timeout Error

Example of Server Side Errors:

  • 500 Internal Server Error
  • 502 Bad Gateway
  • 503 Service Unavailable and
  • 504 Gateway Timeout

To make the identification of these HTML errors easier 4xx are client-side errors, while 5xx are server-side errors.

 

Get FREE SSL certificate, FREE SSD Storage, FREE Business Emails, FREE Premium Themes & Plugins, FREE Daily Malware Scanning & Clean up, FREE Off-Site Backups,  FREE WP Dev Support & Server Support. With Plans starting just $16.61 per month. Host Unlimited Sites!

 

wpoven
wpoven

 

In this article, we will learn about the reasons for 403 errors, and possible ways to troubleshoot them for your visitors to easily access your website or web application without any errors.

Different browsers show different messages for the 403 error :

  • Forbidden: You don’t have permission to access / on this server.
  • HTTP Error 403 – Forbidden
  • 403 forbidden request forbidden by administrative rules
  • 403 Forbidden
  • Access Denied You don’t have permission to access
  • 403 – Forbidden: Access is denied
  • Error 403 – Forbidden
  • 403 – Forbidden Error – You are not allowed to access this address 403 Forbidden – Nginx HTTP Error 403 – Forbidden – You do not have permission to access the document or program you    requested
  • 403 Forbidden – Access to this resource on the server is denied
  • 403. That’s an error. Your client does not have permission to get URL / from this server
  • You are not authorized to view this page

Causes of  403 Forbidden Error

  1. Incorrect File Permissions
  2. No Index file or Empty Folder

Incorrect File Permissions:

The most common reason behind this error is files and folder permissions on the webserver. This can be easily fixed by going into your File Manager under cPanel and check the permission settings. We will discuss the issue in detail in the subsequent sections.

 

The ideal folder permissions on a web server should look like this:

  • Permission Status for Folders:  755
  • Static Content: 644
  • Dynamic Content: 700

Understanding File Permissions

  • 7 : Stands for full access (Read, Write, Execute)
  • 6 : for the Only Read and Write Access
  • 5 : Stands for Reading and Execute
  • 4 : Only Read Access
  • 0 : Stands for No Access Rights

The 3 digits in the permission codes specify Owner | Group | Public in that order

 

So, if a folder permission codes look like 7|5|4 it means the owner has full access (7), while Group can Read and Execute (5) while Public/Everyone else can only Read (4) the resource.

 

These codes can be changed under File Manager if you are using a Cpanel. File permissions can also be changed using an FTP tool like Filezilla.

What does the Read/Write/Execute means?

  • Read – view the files and subfolders within the folder.
  • Write – add, edit or delete the files and subfolders inside the folder
  • Execute – process/execute the resources using a script or commands to change its value.

Setting File Permission using FTP Tool like Filezilla

 

Setting File Permission using FTP Tool like Filezilla
Setting File Permission using FTP Tool like Filezilla

 

Setting File Permission using FTP Tool like Filezilla Error 403
Setting File Permission using FTP Tool like Filezilla

Setting File Permission using File Manager in Cpanel

 

Setting File Permission using File Manager in Cpanel
Setting File Permission using File Manager in Cpanel

 

Setting File Permission using File Manager in Cpanel
Setting File Permission using File Manager in Cpanel

 

Folder permissions can also be changed using SSH under chmod commands.

No Index file or Empty Folder:

One of the other reason for this error is empty Http directory, or in other words, no website or web application files are uploaded on the server directory.

 

The default landing page for a website or web application is index.html or index.php. The server will return a 403 error status if none of the 2 exists on the server. Or you have defined some other file in Nginx config or .htaccess as home page, and that file is not uploaded in the directory.

 

These are some of the common reasons behind 403 Forbidden Error.

 

The other specific reasons and level of resource access forbidding can be determined by identifying the sub-status code, which is as follows (though they are are not standard codes):

  • 403.1 – Execute access forbidden.
  • 403.2 – Read access forbidden.
  • 403.3 – Write access forbidden.
  • 403.4 – SSL required
  • 403.5 – SSL 128 required.
  • 403.6 – IP address rejected.
  • 403.7 – Client certificate required.
  • 403.8 – Site access denied.
  • 403.9 – Too many users.
  • 403.10 – Invalid configuration.
  • 403.11 – Password change.
  • 403.12 – Mapper denied access.
  • 403.13 – Client certificate revoked.
  • 403.14 – Directory listing denied.
  • 403.15 – Client Access Licenses exceeded.
  • 403.16 – Client certificate is untrusted or invalid.
  • 403.17 – Client certificate has expired or is not yet valid.
  • 403.18 – Cannot execute request from that application pool.
  • 403.19 – Cannot execute CGIs for the client in this application pool.
  • 403.20 – Passport logon failed.
  • 403.21 – Source access denied.
  • 403.22 – Infinite depth is denied.
  • 403.502 – Too many requests from the same client IP; Dynamic IP Restriction limit reached.
  • 403.503 – Rejected due to IP address restriction

 

Based on one of the identified above sub-status error codes you can easily troubleshoot the error.

 

On WordPress, there can be additional events that can cause a temporary 403 Forbidden error in cases like:

  • Access denied to WordPress Dashboard. In that case, you have to check settings for the wp-admin directory.
  • Access may be denied during WordPress installation
  •  Access may be denied during theme or plugin updates

How to fix 403 Forbidden Error on your WordPress

Irrespective of the platform, most of the troubleshooting methods apply to all the websites. You can use these methods to resolve the 403 Error –

 

  1. Check Missing Core Files and Theme Files
  2. Check .htaccess file configuration
  3. Directory Browsing and 403 Error
  4. Check file and folder permissions
  5. Check Plugins
  6. Clear Browser Cache and Cookies
  7. Deactivate Browser Extensions
  8. Check Firewall Settings

First things first, before making any changes we recommend you to take a backup of your files and database. In case you are using WordPress and are able to access the WordPress Dashboard you can take help of a backup plugin. In fact, we recommend using a backup plugin that creates automatic backups on a regular interval.

Check Missing Core Files and Theme Files:

Please check that all WordPress Core Files are in place, you can upload the core files manually using a File Transfer tool.

 

Also, check that all these files are properly uploaded. Specially check the index.php files at root, inside wp-admin, theme folder and individual plugin folders.

Check .htaccess file configuration:

.htaccess is a hidden file in the public_html directory of your Apache-based web server. The function of the .htaccess file is to define the web response to various queries, especially to set up the redirects, and restrict the access to various bots, etc. In some case, there are different .htaccess files for the root directory and subdirectories in WordPress like wp-admin and wp-includes.

 

To access this hidden file you can go to File Manager, and select the hidden checkbox in the options provided in the pop up as shown in the image below:

 

Check .htaccess file configuration: Error 403
Check .htaccess file configuration

 

If a pop up doesn’t appear you can go to Settings under File Manager at Top Right as shown below:

 

Check .htaccess file configuration: Error 403
Check .htaccess file configuration

 

Once you have selected to show the hidden files you will be able to see .htaccess file

Check .htaccess file configuration: Error 403
Check .htaccess file configuration

 

You can download it to your local machine and edit using an editor, a Notepad, or Dreamweaver or any other similar editing tool.

You can also right-click on it and Edit as shown below:

 

Check .htaccess file configuration Error 403
Check .htaccess file configuration

 

This will open up an editable file like this:

 

Check .htaccess file configuration: Error 403
Check .htaccess file configuration

 

If a .htaccess file is not yet created on your system, you can create it as well. To create it go into your public_html folder, or the website specific default folder if you have hosted multiple websites on your Cpanel, and click on Add New File:

 

Check .htaccess file configuration: 403 forbidden
Check .htaccess file configuration

 

 

.htaccess 403 forbidden
.htaccess 403 forbidden

 

So, if your WordPress website is facing 403 error issue, and a .htaccess file exists, delete it and try to access the website or the specific page with the issue. If it works fine it means that your .htaccess file was not configured correctly. If you don’t want to delete the .htaccess file, you can just remove all the code and save the empty file instead.

 

You can regenerate the fresh .htaccess file now from your WordPress Dashboard. You will have to go to Permalinks under Settings, as shown below:

 

Permalinks under Settings Error 403
Permalinks under Settings Error 403

 

And Click on the Save Changes button. Please note, you don’t have to change the settings here unless you want to change the permalink settings or URL structure.

Directory Browsing and 403 Error:

Directory browsing simply means in absence of a default home page file (index.php or index.html) the server will display the directory content to the visitor. A visitor will be able to see files and subfolders of the main folder and certainly, you don’t want to display it, as shown below:

 

Directory Browsing and 403 Error
Directory Browsing

 

Most of the servers by default disallow the directory browsing to hide the content of the folder. In such cases, if the default root file (index.html or index.php) is missing the server will return 403 error.

How to Disable Directory Browsing using .htaccess file

Open the editable .htaccess file, as described in the previous section. (Note: remember to back up the existing .htaccess file)

By default the WordPress .htaccess file looks like this:

Just add this line of the code after the last line:

Update or Upload the edited .htaccess file, and refresh the page to see if the problem is resolved.

Check file and folder permissions:

The default file permission settings are applied to the core file and folders when WordPress is installed or a new file or folder is created in your Cpanel.
You can go to each folder and change the permission settings. You can do it for specific files as well. Some hosting providers also provide tools to reset the permission settings.

You can also edit permission settings using FTP tool (Filezilla for example). It will give you additional options as follows:

 

Directory Browsing and 403 Error
Directory Browsing and 403 Error

 

  • Permission settings to be only applied to selected directories or files
  • It is to be applied on in all subdirectories and files within the selected directory
  • Also, it is to be applied only in all subdirectories within the selected directory
  • Permissions settings to be applied only in all files within the selected directory

 

Following are the default permission settings for WordPress Files:

  1. First of all change permission settings to 755 or 750 for all the directories
  2. Change permissions settings to 644 or 640 for all the files (select “Apply to files only” option)

 

Note: Though there is an exception to the above rule for wp-config.php file. Wp Config file is basically used to connect WP files to the Database. It includes the necessary database name, DB username and password. The file permission for wp-config should either be 440 or 400.

Changing the permission settings accordingly should resolve the 403 issues.

 

Caution: Perform this step when you are absolutely sure about what you are doing. It is an expert job. As playing around with file permissions can lead to compromising your website or server’s security. Incorrectly configured file permissions can leave a gate open for hackers or malware.

Check Plugins:

If the issue is still not resolved you need to check if there is a plugin which is causing the issue.

 

To do this first deactivate and uninstall any of the recently installed plugins. If it resolves the issue you can identify the incompatible plugin.

 

If still, the problem persists, deactivate the other plugins one by one and check the website. You will be able to identify the problematic plugin, and you can replace it with another plugin that provides similar functionality.

 

  1. Deactivate all the plugins from your WordPress Dashboard
  2. Check the website if it works now.
  3. If it works Re-activate the plugins one by one to identify the problematic one.
  4. Repeat steps two and three until the 403 error is shown.
  5. Congratulations, you have identified the plugin that is causing the problem.
  6. You may need to delete it entirely and replace with another plugin with similar functionality.

 

One of the other lesser recommended methods of deactivating plugins is changing the name of the Plugins folder to something else. You can also change the name of individual plugin folder one by one If you follow this process of changing folder names, you will see a number of errors in your WordPress dashboard stating that “Plugin file doesn’t exist”. Don’t panic seeing this error message as it will be fine once folder name is changed back to what it was originally. You will have to activate them again from WP Dashboard after changing it back to its original name.

Note: Most of the times the issue is found with either one of the caching plugins or the security plugins. So keep an eye on these plugins.

403 Forbidden Error in WordPress Multisite

If you have WordPress Multisite installation and getting a 403 error the chances are you have created a wildcard subdomain.

Just change it to remove wildcard setting for a subdomain, and it should resolve the issue.

You also need to check the subdomain redirects.

subdomain redirects
subdomain redirects

Conclusion

Understanding it, in a nutshell, a 403 error means the resource or requested file exists on the server, but it is not accessible to the visitor due to one of the above-specified reasons.

 

Following the above-described method will most probably solve the issue quickly if you are still not able to troubleshoot using any of the above methods we suggest you contact the tech support of your hosting provider immediately and see what the problem is. During maintenance or other phases, the server technical team possibly make configuration changes accidentally. Also, there is a possibility that your IP has been blocked by the server. Ask the technical team to check and unblock your IP Address.

 

Hope you are enjoying our article. We at WPOven the Managed WordPress Hosting try to resolve all your WordPress queries with our Free Dev and Server Support. We are dedicated to providing you with the best value for money with our dedicated servers for each plan . You can check out our Plans Here. Starting at just $16.61 per month you get –

  • FREE SSD storage
  • FREE SSL Certificate
  • FREE Offsite Backups
  • FREE Business Emails
  • FREE Daily Malware Scanning
  • FREE Premium Themes & Plugins
  • FREE WordPress Dev & Server Support
Wpoven
Wpoven

Clear Browser Cache and Cookies:

If you are still seeing 403 error try deleting the specific cookies of your web browser. This is how website specific cookies are deleted in Google Chrome:

 

  1. Open Chrome.
  2. Click on More Settings
  3. Next, click on Advanced.
  4. In this menu, find ‘Content settings’ Under “Privacy and security”
  5. Click on ‘Cookies’.
  6. Under “All cookies and site data,” search for the website’s name.
  7. To the right of the site, click Remove

To clear all the cookies you can just go to Google Chrome History, and delete the Cache completely. A similar process can be followed in other leading web browsers.

Go to History, and click on Clear Browsing Data as shown below:

 

Clear Browsing Data
Clear Browsing Data

 

Error 403
Clear Browsing Data

 

You can select the time range, select the option of Cookies and other site data, select Cached Images and files, and then click on the “Clear data” button.

Deactivate Browser Extensions:

All the browsers have some extensions installed on them by the user. While troubleshooting the 403 error it is recommended to deactivate browser extensions.

Check Firewall Settings:

There is a possibility that due to one of your Firewall settings the server is not displaying the requested page. You can momentarily disable the firewall while troubleshooting the 403 Forbidden error issue.

If your website has started showing a 403 error page which is already ranked, then it is for sure that it will end up losing search engine rankings on prominent websites like Google, Bing, etc. As per the algorithm of search engines, the first downgrade the rankings and then eventually remove the pages from their index which are no more accessible to users or bots.

 

To avoid such a situation it is recommended that you keep a close watch on your website’s analytics, search console and webmasters data, and see there are no such errors.

 

You can simply log in to Google Search Console (previously known as Google Webmasters), Select your website, and click on Coverage under Index, as shown below:

 

Google Search Console coverage Error 403
Google Search Console coverage Error 403

 

It will display the number of errors as well as the type of errors faced by your visitors.

You can just keep an eye on it to keep your website Indexing healthy and avoid getting deranked on search engines.

 

In case if you have recently changed the URL of a page make sure to use a redirection plugin, and redirect the old URL to the new one. Also, update the XML sitemap in the search console.

XML sitemap in the search console
XML sitemap in the search console

We also recommend following the above-described troubleshooting methods under the guidance of a WordPress expert if you are a beginner.

One Reply to “How to Fix Error 403 Forbidden for WordPress”

Leave a Reply

Your email address will not be published. Required fields are marked *