What’s the 403 Forbidden Error in WordPress and How Do You Fix It?
A well-known WordPress horror scenario: You’re comfortably seated in front of your laptop, and you try to access your WordPress website only to be welcomed by the dreaded 403 Forbidden Error (or some of its equally gruesome variants).
And you probably wonder – now what? Fret not, as all is not lost.
If you’re dealing with the 403 Forbidden Error on your WordPress website, the first thing you ought to know is that you’re dealing with an improperly configured server. This sounds way more intimidating that it actually is which is why the 403 Forbidden Error is very often the error all webmasters fear. Fortunately, it’s easily solvable once you identify the issue causing it as well as taking the necessary steps to fix it.
We absolutely understand this doesn’t make it any less frustrating, though. However, such errors are more common than you may realize, and we know fixing them isn’t half as interesting as working on your actual website and upgrading it.
So, let us help you fix this common issue and you can be back to handling your everyday website tasks in no time. But first, let’s just briefly explain the 403 Forbidden error so you know what you’re dealing with.
403 Forbidden Error – What Is It?
The key to solving this WordPress error (or any WordPress error for that matter) consists of understanding what it does and how much damage it can create. This error specifically doesn’t cause any extreme amount of chaos or damage other than being slightly annoying – the 403 Forbidden error is just one of the many HTTP status codes your server uses in order to establish communication with your web browser.
The 403 Forbidden error is part of the 400 status codes indicating client error codes that signal problems with the requests. Within this 400 codes group, there are other errors such as “401 Authorization Required”; “404 Page Not Found”; “405 Method Not Allowed”; “429 Too Many Requests”, and so on. Think of them as one big status code family, each specific code being a family member.
The “family member” we’re analyzing today is obviously the 403 Forbidden error. In very simple words, this code appears when users try to access something they don’t actually have the permission to. The website turns down your request to load the web page you’re trying to gain access to. This can be due to various reasons. For example, you could be trying to access files that are password-protected without logging in first.
While the server fully understands your request (it knows which content/web page you’re trying to access), it refuses to comply with it. It doesn’t fulfill your demand simply because you don’t have the adequate permission.
This is like going to the hospital to visit your friend, but you’re told only close family members are allowed to see him. Everyone (doctors and nurses) knows what your request is (to see your friend), yet, your request is denied, as you aren’t qualified to receive the authorization you seek.
Anyway, you get the point.
Now let’s see what you can do to address this WordPress issue.
How Can You Fix the 403 Forbidden Error?
403 Forbidden Error Causes:
Before you start fixing the error, it’s useful to know what might be causing it. There are a couple of reasons for this, the most frequent one being poor plugin configuration (as silly and simple as it may sound!). It could also be a corrupt file disabling users from gaining web page access. Very rarely this error might occur as a result of some changes your hosting provider might have recently implemented.
403 Forbidden Error Solutions:
There are a few ways to resolve a 403 Forbidden error in WordPress, so let’s go through all of them in detail.
1.Deactivate WordPress Plugins
We aren’t talking about a permanent plugin deactivation – only a temporary one. The problem with plugins is that some may not be compatible among each other, or they may even be incompatible with your site, and this can be causing your issue
How to Identify the Faulty Plugin?
- Deactivate all the plugins you have on your WordPress site;
- Then, start activating them again one by one so that you are able to see which one is malfunctioning;
- Go your WordPress site to see if “403 Forbidden Error” is being shown after each activation;
- Repeat the steps until you find the problematic plugin (you’ll notice this because when you activate the problematic plugin, the same error is going to be displayed again).
Now you may wonder how and where you can do this plugin deactivation. This depends on whether you can access your WordPress dashboard or not (however, the same steps we’ve already outlined above apply).
How to Deactivate Plugins via FTP (File Transfer Protocol)?
If you don’t have access to your WordPress dashboard, then you’d have to establish a connection to your site by using a FTP (File Transfer Protocol). A File Transfer Protocol is a standard network protocol whose function is to connect local computer files to an online server.
So, once you’re connected to your server through a FTP do the following:
- Find the public_html folder. This is the folder that contains your WordPress installation files).
- Next, locate the wp-content folder.
- Find the Plugins folder (try renaming the folder so that it’s easier for you to remember e.g. “dis_plugins”, “disabled_plugins”, “plugins_disabled”). By renaming the folder you’ve actually deactivated your plugins.
- Try accessing your website. Is your problem fixed? If yes, then the plugin was causing the error. Now, try activating them one by one to find the faulty plugin.
This applies if you’re using a FTP. However, if you can freely access your WordPress dashboard, go to the Plugin section.
How to Deactivate Plugins in Your WordPress Dashboard?
Plugins section in WordPress dashboard
- Go to your WordPress Dashboard.
- Find the Plugin area.
- Navigate to Plugins → Installed Plugins → Bulk Actions → Deactivate.
- Refresh your website. If it’s working just fine afterwards, you’ve identified that a plugin is causing this error.
- Activate your plugins one by one, until you identify the faulty plugin.
- After you’ve found the misbehaving plugin, make sure you rename the plugin folder back to “Plugins”.
Once you identify the plugin (irrespective of whether you managed to access your WordPress dashboard or you used a FTP), you can either remove the faulty plugin entirely or re-configure it (keep in mind that a problematic plugin can be tricky to keep around, and if its issues aren’t properly addressed, it’s highly likely to cause trouble again in the future).
2.Deactivate Your CDN
Deactivating your CDN temporarily could show you if the problem lies here or somewhere else. After you disable your CDN, go to your WordPress website and see if it’s working. If your website doesn’t display the 403 error, you’ve managed to successfully identify the problem.
3.Check .htacess File
The .htaccess file (hypertext access) can be a source of many website complications if it isn’t properly configured. Since it’s actually a highly powerful file, improper .htaccess configuration can cause a lot of problems, and even a minor deviation can lead to a big problem.
And you may not even be familiar with the .htaccess file, as it’s usually hidden in a project directory. It’s actually a basic configuration file that the Apache web server uses (it can restrict to parts of your website or even all of it; it can set redirects, rewrite URLs, and so on). You can access it and change it in a couple of different ways depending on your hosting.
However, a much better option is to simply create a new, properly configured .htaccess file, rather than trying to troubleshoot the corrupted one. Here’s how you can do it:
- The first step is to connect with your FTP (File Transfer Protocol) server;
- Locate the .htaccess file (it should be in your root folder);
- Do backup (download a file copy on your device);
- After you’ve done the necessary backup and you have the file on your device, you can now erease it from your server.
After doing so, you should have no problem accessing your website (if your .htaccess file was causing the 403 error). You should now create a new .htaccess file in WordPress. Here’s how:
- Go to your WordPress dashboard
- Settings → Permalinks → Save Changes
Permalink settings in WordPress Dashboard
These are the simple steps to creating a new .htaccess file in your WordPress dashboard. Remember, you don’t need any complex software or additional information to access or change your .htaccess file. In fact, you can create a .htaccess file by simply using an editor such as Notepad. Here’s how:
- Click on “File” → “Save as” (appears as an option in the drop down menu);
- Type .htaccess as the file’s name in the pop up dialogue;
- Choose “All files” in the “Save as type”;
- Click on the “Save” button to have the file on your device.
And that’s it. Now you have a new .htaccess file.
4.Check File Permissions
All the files on your website have file permissions. These so-called permissions are what specifies who can read, write, execute, or access them. However, incorrect file permissions can cause a 403 error to appear.
File permissions are regulated by a three digit number and this number is specifically assigned. To understand these file permissions better, it’s useful to perceive these permission modes as a set of “who can do what” statements, in which each digit corresponds to the “who” part of the statement:
- First digit – what the user of the account that owns the file can do;
- Second digit – what other user accounts in the owner’s group can do;
- Third digit – what the user accounts of everyone else (including website visitors) can do.
Next, the number corresponds to the “what” part of the statement and it’s a sum of a combination of any of these digits:
- 4 Read a file, or read the names of the files in a folder;
- 2 Write or modify a file, or modify the contents of a folder;
- 1 Execute or run a file, or access the files in a folder.
It’s recommended that file permissions are the same for all WordPress users, although they might differ from host to host. They usually function without any complications on your website, however, if something gets messed up, or there’s an issue, they may cause the 403 error to appear.
If this happens, you have to find, view, and make some modifications to your file permissions. To do so, you’ll have to connect by using a FTP (File Transfer Protocol).
Modifying Your File Permissions
Once you establish the connection to your server, click right on it and you’ll see an option “File permissions” from the menu. Then the FTP client will show you a file permissions dialog box.
Now let’s see the suggested WordPress file permissions:
- Your WordPress website folders ought to have a file permission of 744 or 755;
- Your WordPress website files ought to have a file permission of 644 or 640;
- There’s an exception to this rule: your wp-config.php file ought to be 440 or 400.
For example, you can arrange a file permission for the root folder (the numeric value is 744 or 755). Tick “Recurse into subdirectories” and then “Apply to directories only”. Once you adjust the numeric values as well as check the other boxes, click on the OK button. Once you do this, you have to repeat the same procedure for all the remaining files.
File permission for root folder
So next, you need to add 640 or 644 in the numeric value box. Choose “Recurse into subdirectories” again and “Apply to files only” (remember, you’re not selecting “Apply to directories only” this time).
The last thing you might need to do to bring this process to a completion, is to manually modify the permissions for wp-config.php file (this was an exception, remember? So, here the numeric value should be 440 or 400).
In the end, check your website (if file permissions were causing the issue, the problem should be resolved and the site fully functional).
5.Contact Your Hosting Provider
Make contact with your hosting provider
Finally, if nothing seems to be working, and none of the above solutions helps resolve the 403 Forbidden error (which is highly unlikely, we must add!), we’d recommend contacting your hosting provider.
Depending on the hosting service you’re using, you should have solid customer support for any issue your WordPress website might be facing. After all, such errors and issues are what shows you ultimately whether you’ve chosen a reliable hosting provider.
Another possibility could be that your hosting provider did some changes and is now affecting you and your web pages.
Last but not least, before you try fixing ANY WordPress errors including the 403 error, do backup. Some of these errors can sometimes be severe and it’s difficult to know what kinds of consequences they might leave. Thus, backing up your website data can come in handy.
Using plugins is one of the most effective ways of doing backup in WordPress. Some backup plugins we recommend using are the following:
- BoldGrid Backup
403 Forbidden Error Wording
HTTP Status 403 – Forbidden
Finally, keep in mind that the 403 Forbidden error could show up in numerous variants. Below are most of the different variants that can help you realize you’re dealing with this error:
- “403 Forbidden – Access to this resource on the server is denied”;
- “Error 403 – Forbidden”;
- “403 – Forbidden: Access is denied”;
- HTTP 403;
- 403 Forbidden;
- “Your client does not have permission to get URL / from this server. That’s all we know.”
- “You are not authorized to view this page”;
- Error 403 – “It appears you don’t have permission to access this page.”
The 403 Forbidden error variations are called variations for a reason. They all contain similar terminology – “no access”; “not permitted”; “don’t have permission”; “access denied”; “403 error”, an they all denote the same WordPress error.
Final Thoughts on Fix 403 Forbidden Error
We’ve reached the end of our informative 403 Forbidden error guide and we hope we helped you understand what this error signifies, how it shows up on your website, as well as how you can fix it.
To summarize, looking for a faulty plugin, deactivating your CDN, checking your .htaccess file, or going through your file permissions are the key things you have to consider when this error pops up. And don’t forget, you can always reach out to your hosting provider for help.
WordPress errors aren’t fun, but keeping them around is much worse. So always try addressing issues as they appear.
We hope we helped you resolve this one.
P.S. One final reminder – don’t forget to do a backup!
View Related Articles
Emailing today is such an easy task. Compose, hit send, and your message travels across oceans and borders to reach its recipient. It is such an easy task that people’s attention starts to drown in their full inboxes, which are also littered by spammers, phishers and other members of the not-so-nice population of netizens.
But what are redirects, and why are they important? What are the different types of redirects? We’ll fill you in on everything you need to know about redirects, and most importantly – how to do them on your WordPress site.
What are the benefits of opting for a dedicated IP? And perhaps most important of all – do you really need one? Let’s take a closer look at all the questions surrounding dedicated IPs so that you can better understand who needs a dedicated IP and when.