Wondering how to fix the 403 forbidden error in WordPress?
First things first; 403 is a common error that you typically encounter on a WordPress website when trying to access a restricted page or post.
The problem is that, sometimes, WordPress shows you the 403 error on a page or post that should have been accessible. This usually happens due to a corrupt .htaccess file, incorrect file permissions, or a poorly configured security plugin.
In this tutorial, you will learn how to fix misconfigurations, corrupt files, and other possible causes of the 403 forbidden error in WordPress.
Why does the 403 forbidden error in WordPress occur?
To understand the 403 forbidden error you must first understand what is an HTTPS status code.
HTTPS status codes are messages sent from a website’s server to a visitor’s browser to indicate the success or failure of a requested action.
For instance, let’s say a visitor requests to open a page that only administrators of your site can access. In response to this request, the web server sends the “403 forbidden error” status code to the visitor’s browser.
On such occasions, the error is harmless because it’s meant to protect your website. But when the server restricts access to pages that should be accessible, that’s when you need to remove the error from your site.
So why does the server restrict access to posts and pages that should be accessible? Typical causes are:
- File permission changed from the backend
- The .htaccess file is corrupted
- Poorly configured security plugin
Now that you know the possible causes behind the error, we will show you how to remove it from your site. But first, let’s take a quick look at the variations of the 403 error.
403 error variations in WordPress
Sometimes the error shows messages indicating the exact reason it appeared on your website. Let’s look at some variations of the 403 forbidden error in WordPress with messages pinpointing the exact cause:
403 Forbidden – nginx
You are not authorized to view this page.
It appears you don’t have permission to access this page.
403 Forbidden – Access to this resource on the server is denied.
Forbidden – You don’t have permission to access [directory name] on this server.
403. That’s an error. Your client does not have permission to get URL [address] from this server.
403 Forbidden – You don’t have permission to access ‘/’ on this server. Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request.
If the error on your website indicates the cause, then we recommend jumping straight to the exact solution in the following section. Or else, you need to try out the solution one by one until the 403 forbidden error is gone from your WordPress site.
How to remove the 403 forbidden error from WordPress
To fix the 403 error, you can take the following steps:
- Change file permissions
- Deactivate plugins
- Restore .htaccess file
- Misc solutions
We have covered how to implement these solutions in the sections below. But before you dive into them, create a backup for your website.
The solutions below involve going to the backend of your site and modifying file permissions, deactivating installed plugins, and regenerating the .htaccess file among other things. These are risky measures and carrying them out could break your website. Taking a backup will enable you to restore your website to normal if that happens.
Also, you need to clear your cache to verify that the error still exists on your site. Some WordPress errors appear temporarily. But due to caching, your browser might be showing you an outdated version of your site. Make sure that the error is still appearing on your site before proceeding with the solutions below.
Now, let’s dive in.
1. Change file permissions
WordPress websites are made of files and folders. These files and folders are subjected to file permissions which specify who can read, write, modify, and access them. By changing these file permissions, you can prevent or allow people to access certain areas of your website.
The 403 forbidden error in WordPress appears on your site because someone has modified the file permissions of a specific file or folder on your site. Perhaps it was accidentally one of your users or your hosting company.
We will show you how to set the file permissions right. Here’s what you need to do:
- Change file permissions of the public_html folder
- Change file permissions of the wp-config.php file
- Change file permission for all files inside the public_html folder
Let’s take a look at how to carry out these steps.
Change file permission of public_html folder
You will need to access the backend of your website using an FTP client like FileZilla or your hosting account’s cPanel.
Let’s use cPanel for this example.
Open your hosting account, log in to cPanel, and select File Manager.
Inside the File Manager, right-click on the public_html folder and then select the Change Permissions option. A small new window will pop out on the screen.
In the Permissions option, write 755. Hit the Change Permissions button.
On the next screen, select Recurse into subdirectories and Apply to directories only, and hit the OK button.
Change file permission of wp-config.php file
Inside the public_html folder, find the wp-config.php file, right-click, and select Change Permissions. On the Permissions option, insert 440 and hit the Change Permissions button.
Change file permission for all files inside the public_html folder
You need to change the file permission of all the files and folders inside the public_html folder. Select the files and folders one by one, open the Change Permissions option, and set the permissions value to 644.
Be sure to check the Recurse into subdirectories and Apply to files options on the next screen.
That’s it. If it was a file permission issue, then the 403 forbidden error should be gone from your website. If it’s still there, try the next solution.
2. Deactivate security plugins
Security plugins are known to accidentally mark user IPs as malicious, so it could be blocking you from accessing your site.
If you can access your wp-admin, then deactivate the security plugin from your WordPress dashboard. If you can’t access wp-admin, then open your hosting account and go to cPanel → File Manager → public_html → wp-content → plugins.
Inside the plugins folder, locate the security plugin. Right-click and choose Rename. Rename the security plugin into something else like “old-security-plugin.” This will deactivate the security plugin from your website.
If your security plugin is not the culprit, then it might be some other plugin installed on your site.
Go to the plugins folder and rename it to “plugins_old.” This will deactivate all the plugins on your website.
If doing this removes the 403 error from your site, it confirms that one of your plugins is the real culprit.
To find the exact plugin, first, revert the plugin’s folder to its original name. Then deactivate the plugins inside that folder one by one by renaming them.
Each time you deactivate a plugin, check whether the 403 forbidden error is gone.
When you come across the culprit plugin, remove it by right-clicking on that plugin’s folder and selecting the Delete option.
3. Restore .htaccess file
The .htaccess file contains a bunch of instructions telling the server how to run your website. It is one of the most important files for your WordPress website.
Sometimes the .htaccess file becomes corrupted due to reasons like misconfigured plugins, and network issues among other things.
If it’s a case of a corrupt .htaccess file, then regenerating the file will remove the error from your website.
To regenerate the .htaccess file, go to cPanel → File Manager → public_html → .htaccess. Right-click on the file and hit the Delete button.
Next, open your wp-admin, go to Settings → Permalinks, scroll down to the end of the page, and hit the Save Changes button.
This should generate a new .htaccess file and remove the 403 forbidden error.
4. Miscellaneous solutions
The three solutions that we have shared with you so far are the most effective fixes to the 403 error for WordPress sites. If they don’t work, then there are a few other solutions that might just do the trick. Those are:
- Like a security plugin, a CDN (short for content delivery network) could be blocking your IP from accessing your website. Deactivate your CDN temporarily and check your website.
- You can also try disabling your VPN or switching to a different VPN service.
- Misconfiguration of image hotlinking protection can also cause the 403 error. We recommend configuring your hotlinking protection plugin properly.
- If nothing works, then you need to seek help from your hosting provider. Tell them all the steps you have already taken, and they should be able to help you remove the error from your site in no time.
Conclusion
The 403 forbidden error in WordPress is a common one that you are likely to encounter again unless you take preventive measures like:
- Allow only admins to access your web servers
- Use plugins from only trusted sources
- Use VPNs and CDNs from only trusted brands
- Switch to a better hosting company
If you have queries about the 403 forbidden error on a WordPress website, tell us in the comments section below.