Opening your WordPress site and seeing a 403 Forbidden error can be really scary. This kind of error not only drops your ad/sale revenue but also impacts search traffic drastically in a negative way.
Also, Google doesn’t like it as well, that’s why it is really important to fix this error asap!
We’ll learn everything about this error, like, and we’ll also see some of the most reliable ways to fix this error. So, without further ado, let’s begin!
- 1 What is a 403 Forbidden Error?
- 2 How To Fix 403 Forbidden Error
- 3 Solution 3: Deactivate And Then Reactivate The Plugins
- 4 Solution 4: Deactivate Your CDN
- 5 Solution 5: Contact Your Hosting Provider
What is a 403 Forbidden Error?
The 403 Forbididden error simply means that the server understood the request but refuses to allow it. Like many other WordPress errors, this error is also a status code that a web server uses to interact with your web browser.
Normally, your site shows a 200 status code, which is kind of a green signal for browsers. But, you won’t see it because it happens behind the scenes.
In case something wrong happens, then your site won’t show the 200 status code, it will show a different status code, like 403, 404, or any other 400 error.
Numbers like 403 can be really frustrating to see but they are actually important because they help you find out what is the exact problem wrong on your site.
The 403 Forbidden error means that your web server knows the request that the browser is making, but the server is currently unable to fulfill it right now.
Let’s understand the 403 error in an even simpler way, imagine your friend has invited you to a party, but when you reach there, you found out that your name is not on the list of guests, and because of that the bodyguards aren’t allowing you to enter. Bodyguards know what you want but they can’t allow you because your name is not on the list of guests.
So, your server knows exactly what you want to do, but it won’t let you do it because you don’t have the proper permits.
Why does 403 Forbidden Error happen?
403 Forbidden Error mostly happens because of corrupt .htaccess file or incorrect file permission. There are some more causes other than these major two’s. Here is the list of possible triggers:
Cause 1: Missing index page – the site’s homepage name is not index.html or index.php.
Cause 2: Corrupt/faulty WordPress plugin – if a WordPress plugin is not set up correctly or is incompatible with other plugins or themes, it may cause this error.
Cause 3: Wrong IP address – your domain name is pointing to a wrong or an old IP address that now hosts a site that blocks your entrance.
Cause 4: Malware infection – a malware infection may create the .htaccess file to be steadily corrupted. You’ll need to eliminate the malware before restoring the file.
Cause 5: New web page link –you may have updated the page’s link, which is now changed from the cached version.
Types Of 403 Error
You may have seen different types of 500 errors, but do you know that there are many types of 403 errors present as well, and before finding out how to resolve the 403 error, we should know about it.
- 403 Forbidden Error – this is the error we’re going to solve in this tutorial post. This error is mainly caused by changes in file permission or issues in the .htaccess file. 403 forbidden means you don’t have permission to access / on this server.
- Error 403 – Forbidden
- 403 – Forbidden Error – You are not permitted to access this address
- 403 Forbidden – nginx
- HTTP Error 403 – Forbidden – You are not allowed to access the document or program you requested
- 403 Forbidden – Access to this resource on the server is rejected
- 403. That’s an error. Your client does not have permission to get URL / from this server
- “You are not authorized to view this page”
- “It appears you don’t have permission to access this page.”
How To Fix 403 Forbidden Error
(Note: Before following these instructions, make sure to have a backup copy of your website ready. These solutions below are risky and you may lose all your work, so it’s better to not take any risk. Create a backup now if you don’t have already.)
As I said, there are two main causes of this error, issues in the .htaccess file or folders/files permission. So, first, we’ll try to fix the issue by looking into these two things, and then we’ll look at some other methods like plugins, CDN, and hotlinks.
Solution 1: Fix The .htaccess File Name
The .htaccess file is an important website file that manages the high-level configuration of your website. On servers that work Apache (a web server software), the .htaccess file enables you to make adjustments to your website’s configuration without having to write server configuration files.
The .htaccess file location is usually found in your website’s public_html folder.
You can find your .htaccess file in a few different ways:
- From your hosting account’s file management tool like cPanel
- From an sFTP or FTP client
Tip: If you’re unable to see your .htaccess file in your public_html folder, then use “Show Hidden Files.” Let’s look at how to fix the corrupt .htaccess file to fix the 403 error.
Step 1: Log In To Your cPanel
You can visit your cPanel by entering yoursite.com/cpanel or follow the link you received after purchasing the hosting from your host.
Step 2: Go To File Manager
The file manager is easily visible under the Files section. If you’re unable to see it, then use the ctrl+F keys. Once you find it, click on it to open it.
Step 3: Go To Public_html Folder
Look at the left side menu, you should be able to see the Public_html file there. If not, then scroll a bit, or use the same keys ctrl+f.
Open the folder.
Step 4: Rename The .htaccess File
Now, find the .htaccess file. I know most of you won’t see it because these kinds of files are mostly hidden because they are sensitive or maybe not many people edit them. So, we gonna use the settings option present at the top right to find out every hidden file.
Select “Show Hidden Files”, click “Save”.
Now, you should be able to see the .htaccess file. Right-click on it, then click on “Rename”.
Rename the file as “Test” and click “Rename File”
Step 5: Open Your Site And Go Permalinks
Your site should be working now. If it is working that means, the issue was caused by the corrupt .htaccess file. Now, go to the settings of your site and then permalinks. Settings>Permalinks.
Don’t do anything just click on Save Changes.
Once you do that, a new .htaccess file will be created in your cPanel.
Some of you might be wondering why did I change the name of the .htaccess file? The reason why I changed the name is that we wanna show the site’s server that now we don’t have that corrupt .htaccess file now, so my site should work. It is similar to deleting a file, but instead of deleting we just changing the name.
Solution 2: Fix The File Permissions
Every file or folder present on your site’s server has its own unique file permissions. These file permissions are indicated by 3 digit numbers. These digits indicate the level of permission for each of the 3 categories (Read, Write, and Execute).
File permissions are a set of commands that define ‘who’ can enter ‘what’ on your WordPress site. For example, you can set who can access the wp-admin folder and in what capacity, meaning if they can only view the folder or make changes as well.
There are 3 types of users that can access your folders and files:
User – This is the head/owner or administrator of the site.
Group – This means a set of users who have parts on your sites such as subscribers, contributors, or editors.
World – This is the common public or rather, anyone on the internet.
Now, as we discussed earlier, not all types of users require full permission to view your files and folders. Giving the world complete access to sensitive files could be destructive!
You need to give different levels of permissions to various types of visitors depending on the level of support you have with that specific user. There are 3 levels of permissions you can give to users:
Read (R) – This provides a user the capability to view a file.
Write (W) – The user can change/modify and edit the file.
Execute (X) – The user can control/run scripts and programs in a file or folder.
By using the correct files and folders permissions, you can stop hackers from obtaining confidential data and from changing crucial files.
File Permission Numbers in Detail
File permissions are a sequence of 3 numbers:
From left to right, the numbers are in the line of the permissions allowed to the type of user – user, the group, and the world.
Each number indicates a specific level of permission allowed to the corresponding user:
- 0 – No access
- 1 – Execute
- 2 – Write
- 4 – Read
The remainder of the numbers is a combination of 1, 2, and 4.
- 3 – (2+1) Write and execute
- 5 – (4+1) Read and execute
- 6 – (4+2) Read and write
- 7 – (4+3) Read, write and execute
You would not need all file permissions to be set to 777 and give the whole world access to read, write, and execute your important files and folders. This presents write permissions that means a hacker can also edit your files to redirect your visitors to his sites.
Also, you can not set everyone’s permission to 000, 400 or 444 either. This is because WordPress often asks permission to execute files or alter them. When you install plugins and themes, they need a way to certain files and folders in order for you to be capable to use them.
If you allow read-only access to everyone, WordPress and many plugins and themes won’t be able to work smoothly. These kinds of WordPress permissions will break your WordPress website.
Recommended File Permissions in WordPress
Here are the recommended file permissions (presented by WordPress itself) that you can use for your site.
- wp-admin: 755
- wp-content: 755
- wp-content/themes: 755
- wp-content/plugins: 755
- wp-content/uploads: 755
- Wp-Config.PHP: 600
In case, the file permissions aren’t matching the recommended file permissions then you might see a 403 error. So, set the file permissions to the suggested file permissions to solve the issue.
How to Change File Permissions on WordPress
Editing your file permissions is actually very simple. But before you continue, I fully recommend taking a backup of your site. Any changes to the backend of the WordPress site are risky and can lead to a collapsed site.
To set permissions, you want to access your WordPress folders and files. You can do this using cPanel or FTP, but I can only show you how to do it in cPanel as most people use cPanel.
- Change WordPress file permissions using cPanel
Step 1: Log in to your web hosting account and go to ‘manage your hosting’ and choose cPanel. (The process could be different in your host).
Step 2: Inside cPanel, click on File Manager.
Step 3: Click and open the folder called public_html and you’ll see your WordPress website’s folders and files inside it.
Step 4: Right-click on the folder or file you need to fix permissions for and select change permissions.
Reminder: You can adjust permissions on individual files. You can also choose multiple folders and files, and edit permissions for all of them collectively.
Step 5: Choose the permissions you want and click ‘Change permissions’ to save your settings.
Solution 3: Deactivate And Then Reactivate The Plugins
If you’re still facing the issue, then there is a high chance that a plugin is causing the issue. To find out which plugin is causing the issue, we need to follow a few methods.
If you’re able to log in to your WordPress site, then go to your site dashboard and disable the plugin that is causing the issue. If you’re not able to log in to your WordPress dashboard, then simply follow the steps given below.
Step 1: Login To Your cPanel
You can log in to your cPanel by logging into your host’s account, or use yourdomain.com/cpanel
Step 2: Open File Manager
The File Manager is easily visible once you’re logged in to your cPanel. If you’re unable to find it then use the search tab or ctrl+F to find it.
Step 3: Click on the Public_html folder and then open the wp-content folder
Click on the public_html folder, and then open the wp-content folder. wp-content is one of the most important folders, there you’ll see your plugins folder which we gonna rename shortly.
Step 4: Rename The Plugin Folder
Select the Plugins folder or right-click on it to see the rename option. Rename it to something like “Plugins-test”.
By renaming the folder, you have completely disabled all the plugins on your WordPress site.
Now, try to access your site again. If your site is opening or working, you know that one of your plugins is making the 403 Forbidden error.
After editing the file name of the plugins folder, you may see a number of errors that say the “plugin file does not exist” when you visit the Plugins area on your website:
To correct this issue and regain the power to control your plugins, use your cPanel to change the name of the folder back to plugins. So, if you renamed it to plugins-test, just turn it back to plugins.
Once you perform that, you’ll see the complete list of all your plugins again. Only now, they will all be deactivated.
Use the Activate button to reactivate them one by one.
Solution 4: Deactivate Your CDN
In Cloudflare, you can do this easily by login into your Cloudflare account, select the domain, scroll down to the near bottom, and under Advanced Actions click on “Remove Site from Cloudflare”.
Also, the process is almost dame in all the CDN’s, if you are not finding any way to disable your CDN then contact your CDN support or visit their forum section, there you’ll find your answer.
Solution 5: Contact Your Hosting Provider
Contacting your hosting provider is one of the most reliable things to do as it saves your time and effort. You may be wondering if it is the best thing to do then why I’ve raked it as solution number 5 not number 1? Well, your hosting provider sees tons of contact throughout the day. This issue can easily be fixed by performing some steps, so why increase the burden on your hosting provider’s customer care. Also, you’ll learn a lot of things if you fix an error by yourself.
I’m not saying that you should not contact your customer care at any cost, if the issue is too big to handle, then please contact your hosting provider asap, but if the issue is not so big, then try to fix it by yourself.
Thanks For Reading!