The 403 Forbidden error code is shown in a web browser when trying to access a URL, and your web server permissions don't allow access to that specific WordPress page. You do not have permission to view the requested file or resource.
This article will guide you on troubleshooting and fixing the WordPress 403 Forbidden error.
There are different scenarios when you may see this error on the browser:
1. 403 Forbidden – When you install WordPress.
2. 403 Forbidden – Access denied on WordPress login page or wp-admin area.
3. Access denied or 403 Forbidden error – While visiting any page on your WordPress site.
4. It is also possible that you only see Access Denied instead of the 403 Forbidden error.
5. You can also see the message 'Access to yourdomain.com denied. You don't have permission to view this page.
The following are the Common Causes of 403 Forbidden errors:
1. 403 Forbidden error is encountered while using a fraudulent document to handle the web request.
2. You don't have permission to access the file/ folder on the server. Every file and folder in the website requires proper access privilege to read, write and execute for the site to work fine.
Note – By default, the permissions for WordPress folders should be 755, and the files should be 644. If the permissions are wrong, the site will give the 403 error.
3. Access denied on wp-admin or WordPress login page.
4. Corrupt .htaccess (in Linux)/.web config(in Windows) file.
5. Incompatible or faulty WordPress plugins.
6. Empty httpdocs (WWWROOT/public_html) directory.
7. No WordPress index page was found. The home page for your WordPress must be called index.html or index.php file.
It is recommended to take a backup of the entire WordPress website before trying any of the below-mentioned solutions to fix the 403 Forbidden error.
Fix 1: Deactivate Faulty WordPress Plugins
It would help if you deactivate all WordPress plugins to identify the problematic plugin; it helps resolve the error.
1. First, log in to WordPress and go to Plugins.
2. Deactivate all plugins installed on your WordPress. If the site works, you must find the plugin causing the error.
3. Reactivate one of the plugins on your list.
4. Visit the site to see if the 403 Forbidden error is displayed or not.
5. Repeat steps 2 and 3 until the 403 Forbidden error appears in the browser.
It is the problematic plugin that is causing the problem. You may need to change its configuration settings from a file or remove it from WordPress. You can rename that particular plugin folder from the file manager of your hosting Control Panel or FTP connection to your WordPress hosting space.
6. If you deactivate all your plugins and the 403 Forbidden error is still displayed, the problem may not be due to plugins.
You'll need to explore other solutions.
Fix 2: Deactivate Themes
You can deactivate the theme from your cPanel or via FTP.
1. Go to the path wp-content/themes/ and rename all WordPress theme folders in the same fashion described for the plugins above, except for a WordPress default theme.
2. Go to your site to see if the error is gone.
If yes, then one of the themes you installed was the culprit.
3. You can also go to your admin dashboard and activate each theme under Appearance > Themes > All Themes.
By doing this, you can identify the theme causing the error.
Fix 3: Remove Corrupt .htaccess File
A corrupt .htaccess file often causes the 403 Forbidden error in your WordPress site; you can repair this file to fix the issue.
1. First, you must connect to your website using an FTP client or File Manager from your cPanel.
2. Locate the .htaccess file in the root folder of your WordPress site and download it to your local storage so that you have a backup of it on a secure file.
3. Then delete/ rename the file from your hosting space of WordPress.
4. Again, check if the 403 Forbidden error is resolved.
If the error is fixed, then this means that your .htaccess file was corrupt.
5. Alternatively, you can generate a new .htaccess file from your file manager.
Fix 4: File Permissions/ Ownership
What is the File Owner?
Every file and directory on the Linux system is assigned 3 types of owners – User, Group, and Other.
1. User: By default, a user is the file owner who has created it.
2. Group: A user group can contain more than one user. All users belonging to a group will have the same Access permissions to the file.
3. Other: Any other user who has Access to a file. This person neither created that file nor the person belongs to a user group.
What are Permissions?
Every file and directory in the Linux system has three permissions defined for all the 3 owners.
1. Read: This permission allows you to open and read a file.
2. Write: The write permission allows you to modify the contents of a file.
3. Execute: You cannot run a program in a Linux system unless the execute permission is set.
A 403 Forbidden error can also be caused by incorrect ownership or permissions on your WordPress web files and folders.
If the solutions mentioned above do not resolve the error, then incorrect file permissions might be the cause.
1. You need to connect to your WordPress site using an FTP client or the File Manager in cPanel.
2. Then, navigate to the Root Folder containing all your WordPress files.
3. Right-click on the file/ folder to change the permission.
In the File Manager, right-click on the folder/ file name and select Change Permissions.
4. All folders on your WordPress site should have a file permission of 755 or 744.
5. All files on your WordPress site should have a file permission of 644 or 640.
Now go to your website to see if the 403 Forbidden error has been resolved.
If you have difficulties changing the permissions, you can contact your hosting provider and ask them to assist you further.
Fix 5: Firewall or Security Plugins
WordPress 403 Forbidden error also occurs due to a firewall or other security plugins.
1. If the 403 error persists, check to see if the firewall prevents access to any web pages.
2. Check if your IP is blacklisted by your firewall or security plugin.
3. Turn off your server firewall and disable the security plugin, clear your browser cache, and try to access your website.
Fix 6: Hacked WordPress
1. Your website may be compromised/ hacked.
2. In this case, you can fix your hacked WordPress site by restoring it using the latest backup.
3. If the problem is still continuous, you should clean up your WordPress site manually or install a new WordPress. You can get support from your hosting service provider to install the new WordPress.
Fix 7: Log Out of WordPress Site Login Session
Sometimes, a browser may fail to send correct credentials to the site, leading to the 403 Forbidden error. If your website requires user authentication, it's essential to log out after you have cleared the cookies and then log back in.
Fix 8: Downgrade Recent Installed Updates
If the error appears immediately after updating the WordPress to the latest updates, reverting/ downgrading to the older versions may help solve the problem.
Some Other Resolutions
1. The previously mentioned practices are the best solutions you would like to do once you experience the 403 Forbidden error. However, you can contact your web hosting provider if the issue still can't be fixed. Sometimes, this error might be caused due to wrong server configurations and security settings determined by your web host.
2. It is possible that your IP address was blocked in the webserver firewall. You can also check the IP restriction rules on the server firewall.
- Backup your site content
- Check your WordPress plugins
- Check your WordPress .htaccess file
- Check your WordPress file permissions.
Following the methods mentioned above, we hope you can get rid of the 403 Forbidden error and restore your website.