How Can I Fix 403 Forbidden Error in WordPress?

WordPress

What is a 403 Forbidden?

A 403 Forbidden error is an HTTP status code that indicates the server has received your request, but denies authorization to operate the requested resource.

In simpler terms, it’s like trying to enter a private building. The doorman (the server) knows you’re there and what you’re asking for (the resource), but they’re telling you, “No, you’re not allowed in here,” even if your request itself was perfectly valid.

Common Causes and Solutions:

  1. Move browser cache and cookies: Clear your browser cache and cookies. A 403 error can occur if the browser cache is not cleared.How to: Clear your browser’s cache and cookies, then try accessing your site again. You can also try a “hard refresh” (Ctrl+F5 or Cmd+Shift+R) or access the site in an incognito/private window.
  2. Corrupted .htaccess file: It is a strong configuration file that enables server interactions with your WordPress site. A manipulated or misconfigured .htaccess file leads to 403 errors.How to:
    1. Join the website via FTP/SFTP or your web hosting provider’s File Manager.
    2. Identify the .htaccess file in the root directory of the WordPress installation, which is public_html or www.
    3. Make a copy of the .htaccess file by downloading and saving it into your computer.
    4. Next, you have to delete the .htaccess file from the server.
    5. Try to access your website. If it’s done, then the actual problem was the .htaccess file.
    6. Generate a new .htaccess file:
    7. Log in to your WordPress admin dashboard.
    8. Go to Settings > Permalinks.
    9. Without making any changes, simply click the “Save Changes” button at the bottom. This will generate a new, default .htaccess
  3. Incorrect File and Directory Permissions: Files and folders on your server have permissions that dictate who can read, write, or execute them. False permission can block the server and deny access to important files, leading to a 403 error.
    • Recommended Permissions:
      • Folders (directories): 755
      • Files: 644
      • wp-config.php (for security): 440 or 400
    • How to (using an FTP/SFTP client like FileZilla or File Manager in cPanel):
      1. Connect to your website via FTP/SFTP.
      2. Navigate to your WordPress root directory.
      3. For folders: Right-click on a folder (e.g., wp-admin, wp-content, wp-includes, etc.), and go to “File Permissions” (or “Change Permissions”). Give the name in numeric value to 755. Look for “Recurse into subdirectories” and “Apply to directories only”.
      4. For files: You have to cover all the files available in the directory (or your entire WordPress root). Right-click and choose “File Permissions”. Set the numeric value to 644. Check the option “Recurse into subdirectories” and “Apply to files only”.
      5. For wp-config.php: You have to locate the wp-config.php file in your root directory. Right-click, select “File Permissions”, and set the numeric value to 440 or 400.
      6. After adjusting permissions, check your website again.
  4. Plugin Conflicts: A misbehaving or incompatible plugin, especially security plugins, can sometimes cause a 403 error by blocking legitimate access.
    • How to:
      1. Deactivate all plugins:
        • If you can access your WordPress dashboard, go to Plugins > Installed Plugins, select all, and choose “Deactivate” from the bulk actions dropdown.
        • If you’re not able to operate your dashboard, then try to connect via FTP/SFTP. Navigate to wp-content/plugins/. Rename the plugins folder to something like plugins_old. This will deactivate all plugins.
      2. Check your website. If the error is ended, then the plugin was the offender.
      3. Reactivate plugins one by one:
        • Rename the plugins_old folder back to plugins.
        • Go back to your WordPress dashboard (or simply rename the individual plugin folders back via FTP/SFTP and check your site after each one).
        • Activate each plugin one by one, checking your site after each activation, until the 403 error reappears.
        • Once you locate the complex plugin, you can follow these steps to overcome the issue:
          • Find an alternative.
          • Contact the plugin developer for support.
          • Adjust its settings if it’s a security plugin that’s being too aggressive.
  5. Theme Incompatibility: Less common than plugins, but a theme can also cause conflicts.How to:
    You can opt for the default WordPress theme.
    After setting up WordPress, you’ll see the default WordPress theme, with which you can start.
    If you can access your dashboard, go to Appearance > Themes and activate a default theme.
    If you cannot access your dashboard, connect via FTP/SFTP. Go to wp-content/themes/. Rename your active theme’s folder to something like yourtheme_old.
    WordPress will automatically fall back to a default theme if one is present.
    Check your site.
    If you have overcome the issue, then assume there was an issue in the theme only.
    You might need to update your theme, contact the theme developer, or switch to a different theme.
  6. Security Plugin Settings: Many security plugins are designed to block suspicious activity, and sometimes they can be overly aggressive and block legitimate users or your IP address.How to: If you have a security plugin installed (like Wordfence, Sucuri, iThemes Security), check its settings for any blocking rules, blacklisted IP addresses, or firewall configurations that might be causing the issue. Temporarily disabling the plugin (as in step 4) can help to confirm if it’s the cause.
  7. Hotlink Protection: Some hosting providers or CDNs have hotlink protection enabled to prevent others from directly linking to your images or files. In case a wrong configuration takes place, then 403 errors occur.How to: You can look for a web hosting control panel or CDN settings to protect the hotlink and disable it to check whether it resolves the issue.
  8. CDN (Content Delivery Network) Issues: If you’re using a CDN (like Cloudflare), it may consist of security rules or caching issues that can cause a 403 error.How to: Temporarily disable your CDN and see if the error resolves. If it does, check your CDN’s settings for any IP blocking, firewall rules, or caching problems.
  9. Malware Infection: Malware can often modify core WordPress files, .htaccess, or inject malicious code that results in 403 errors.

    How to:

    • Scan your website for malware using a reputable security plugin (like Wordfence or Sucuri).
    • Remove any detected malware.
    • Consider restoring a clean backup from before the issue started.
  10. Server-Side Issues / Contact Hosting Support: If none of the above solutions work, the problem might be on your hosting provider’s end (e.g., misconfigured server, mod_security rules, IP blocking at the server level).How to: Contact your web hosting support team. Provide them with details about the error, what troubleshooting steps you’ve already taken, and any relevant error messages you might have found in your server logs. They have access to server logs and can diagnose server-specific issues.

By systematically going through these steps, you should be able to identify and fix the 403 Forbidden error on your WordPress website. Remember to work methodically and test your site after each change.

Read: Boost Your Site Speed: 11 Essential WordPress Caching Plugins

Conclusion

In summary, resolving a 403 Forbidden error in WordPress typically involves checking file permissions, reviewing security settings, and ensuring that plugins or themes are not causing conflicts, ultimately restoring access and functionality to your site. By systematically addressing these potential issues, users can effectively troubleshoot and eliminate this frustrating error.

 

Post Views: 208
Leave a comment ,

Leave a Reply

Your email address will not be published. Required fields are marked *