Did you try to open your WordPress Website only to be welcomed by an error message telling you that you don’t have access to your site? If that’s the case, you’ve just encountered the 403 Forbidden error on WP.

Whenever an error such as this pops up, people tend to go into panic mode. That’s completely normal. After all, each second your website is offline means fewer visitors. But thankfully, most errors in WordPress are easily fixable.

In this article, we’ll teach you everything you need to know about the 403 Forbidden Error. We’ll first go over what the 403 status code means and what causes it – and then we’ll explain how to fix it.

What Is 403 Forbidden – Acces Denied In WordPress?

Whenever WordPress sites run into an issue, they display an error code.

When WP displays a 403 Forbidden error code, that means your hosting server doesn’t allow access to a specific page.

For starters, here’s a quick rundown on HTTP status codes:

When you connect to a website with your web browser, the server responds with an HTTP header. In most cases, these things happen without your knowledge because everything works as usual. When things are working as they should, you get the 200 status code.

But, when something goes wrong, the server will report back with a different HTTP status code. While these status codes can be pretty frustrating, they’re pretty crucial because they can help you figure out precisely what the problem with your website is.

When the web server returns a 403 HTTP status code, it essentially means that it understands the request you (the client) are making but is unable to fulfill it.

In more plain terms, it means that your hosting server knows exactly what you need; it just won’t let you proceed because you don’t have the necessary permissions. This error code is similar to trying to get to a private party even though your name never made it to the list.

403 Forbidden error messages

This error is commonly accompanied by a message, such as:

  • 403 Forbidden – You don’t have permission to access [URL] on this server
  • 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request.
  • You are not allowed to access this address – 403 Forbidden Error
  • 403 Forbidden – ngx
  • 403. That’s an error. Your client does not have permission to get URL / from this server

There are a couple of different scenarios where you might encounter this HTTP status code. For instance:

  • You might run into this error when accessing the wp-admin or WP admin login page
  • When installing WordPress
  • This error can also pop out when your try to visit a page on your WordPress website
  • Instead of a 403 code, it is possible only to get the “access denied” message when visiting a page

As you might’ve gathered so far, wherever you receive a message saying “forbidden” or “access denied”, it means that you’re dealing with a 403 error.

What Causes 403 Error On WordPress?

The most common reason behind the 403 error occurring in WordPress is poorly set security plugins. Most WP security plugins can block an IP address if they believe it to be malicious. But if you don’t configure the plugin correctly, it may flag your IP address as malicious and deny you access to your own website.

Another reason why you might be getting this error is due to a corrupt .htaccess file or incorrect file permissions on your hosting server.

Your hosting provider can sometimes make changes to their server, which could mess with your website.

Now that you know what this error is and what causes it, it’s time to find out how to fix it.

Fix 403 Forbidden Error Message In WordPress – How-To Guide

This error message can be pretty difficult to resolve because your web browser won’t be able to load any scripts. After all, the server won’t allow it. However, if you’re using WordPress, you can resolve this error in less than an hour.

We’ve covered several methods for getting rid of 403 forbidden errors below.

#1 Create Backup

Before doing anything, we recommend making a backup. It’s always a helpful thing to have:

You can sometimes make things even worse when trying to fix them; a backup ensures that you can revert to how things were.

Making a backup is simple; just access your cPanel. You’ll find the Backup option right on your dashboard once you log in. After you open it, you’ll be greeted by a pretty straightforward menu. Just select the “Download a Full Account Backup” and let cPanel do its magic.

403 create backup

If you have access to the WordPress dashboard, you can make a backup of the website with a plugin. Many different plugins will allow you to do this.

For example, Backup Migration lets you create a backup in a couple of clicks.

First, add the plugin to your WP website. You can do this using the Add New option found in the plugins submenu. Search for the plugin – and then click on the Install button.

403 install plugin

Once the plugin installs, you’ll get a new option in your dashboard:

dashboard

Open the plugin and configure the backup. We recommend you keep the default settings. By default, the plugin will backup the database, core files, and your uploads.

To start the backup process, select the Create Backup Now option.

403 forbidden error - create backup

Follow the instructions – and let the plugin do its thing. When the process is done, the plugin will give you a link that you can use to download the backup to your local machine. We recommend that you keep a locally stored backup just in case.

#2 Rollback Your Backup To The Last Running Version

If your hosting provider has an application or server backup, you could revert your WordPress website to the last running version.

For instance, your website was working fine two days ago. You can choose the backup that was made two days ago – and revert your website to the state it was then in a couple of clicks.

That about does it for using backups. If this didn’t help, there are a couple of other methods you can try.

#3 Check The .htaccess File

One reason why you’re getting the 403 Forbidden HTTP error might be that your .htaccess file is corrupted. You can fix this in a few seconds using any FTP client. We recommend going with FileZilla because it’s free and relatively easy to use.

To start fixing the .htaccess file, log in to your web server. From there, open the public_html directory. There, you will find the .htaccess file.

Right-click on the file – and choose the download option. That will download a copy of the file to your computer. Once the file’s downloaded, you can delete the file on the server.

To delete a file via an FTP client, just right-click and choose the Delete option.

Now that you’ve deleted the .htaccess file, you need to see if that fixed the 403 error.

Open your web browser and navigate to your website. If you’re still getting the error message, you need to move to the next troubleshooting step – checking file permissions.

Before you continue troubleshooting, don’t forget to upload the .htaccess file you downloaded.

If deleting the file resolved the issue, you simply need to generate another .htaccess file.

How do you do that? Just log in to your WordPress dashboard and then go to Settings -> Permalinks. Once the page loads, select the “Save Changes” option to generate a new .htaccess file.

403 forbidden error - Htaccess

#4 Check File Permissions

Most files in WordPress require access permissions. Sometimes, the server might glitch out and change said permissions. When that happens, the server will return a 403 Forbidden error when you try to access those files.

Fixing file permissions is pretty straightforward. All you need is an FTP client – and a couple of minutes.

First, log in to your web server and go to the root directory. Next, find the public_html directory, right-click on it – and then choose the File permissions option.

A dialog box will pop with all kinds of settings. What you’re interested in is the numeric value option, though.

You need to set the said value to either 744 or 755. After setting the numeric value, choose the Recurse into subcategories option and select the Apply to directories only radial option.

Once you’ve set all this up, select the OK button – and let the FTP client do its work.

Check if 403 error is fixed

Now it’s time to see if changing file permissions fixed the error. Open your web browser again, and navigate to your website. If there is no 403 Forbidden status code, you’re done.

However, if the error persists, you must change the file permissions for the individual files in the public_html directory.

That is another relatively straightforward process:

Fire up your FTP client of choice and connect to your web server. Navigate to the root directory. Once there, locate the public_html directory. Right-click on it – and then choose the File permissions option.

Like with directories, you need to set the correct file permissions for individual files. So, set the value in the dialog box to 644 or 640. Next, click on the Recurse into subcategories option and choose the Apply to files only option.

Once you’ve set all this up, click the OK button – and the FTP client will do the rest.

Now it’s time to see if this resolved the 403 Forbidden error. Open your browser and navigate to your website. If there are no errors, you’re done.

But if the error persists, it’s time to move on to the next troubleshooting step.

#5 Deactivate Plugins

Another common reason for 403 errors is a misbehaving plugin. To see if that’s the case, you must deactivate your plugins, one at a time, and refresh your website every time until the error message disappears.

There are two ways of doing that.

You can either deactivate plugins from your WordPress dashboard or use the FTP client. We’ll walk you through both methods.

Let’s start with the more accessible one – deactivating plugins using the WordPress dashboard.

Login to your WordPress website. Once there, navigate to the Plugins menu. There, you’ll find all plugins you have installed on your WordPress website.

Deactivate the first plugin by clicking on the Deactivate option below its name. Once you have deactivated the plugin, visit your website in another browser tab and see if the error is gone.

If the error persists, reactivate the plugin by clicking on the Activate option.

Rinse and repeat; do the same with the rest of the plugins you have installed.

403 forbidden error - deactivate plugins

If you getting 403 error when login to WordPress Dashboard

If you get the 403 error when visiting your WordPress dashboard, the only way you can disable plugins is via the FTP client.

Open the FTP client and then connect to your web browser. Navigate to the public_html directory – and there, you will find another directory named plugins. The plugins directory is essentially storage for all your plugins.

How do you start disabling the plugins on your WordPress website? You will have to rename the subdirectories in the plugins folder.

Now, you can rename a directory by right-clicking on it and then choosing the Rename option. We recommend you rename the folders to something like [plugin name]-old. That way, you’ll know which plugin you disabled.

The process is the same as what you did in the WordPress dashboard:

Rename one of the plugin directories and then visit your website. If the error persists, open the FTP client again and rename the folder you just renamed to the original name.

Repeat this with the remainder of the plugins.

If the 403 Forbidden error persists, there are still a couple of things you can try.

#6 Deactivate The CDN Temporarily

If you’re only getting the 403 error when you try accessing some of your website assets, such as images and scripts, there might be an issue with the content delivery network (CDN).

If that’s the case, try disabling your CDN for a short while and check if that resolves the error.

That said, if your hosting plan includes CDN, you can disable it using the cPanel. If you’re using a third-party CDN, you need to log in to their dashboard and disable it from there.

Once you’ve disabled the CDN, visit your website. If the error somehow persists, you can check to see if hotlink protection is misconfigured.

#7 See If Hotlink Protection Is Misconfigured

Hotlinking is, in simple terms, when you add an image to your site, but the hosted link is pointing to another website. And to prevent this, some people set up hotlink protection.

You can do this either with the WordPress host or the CDN provider.

When hotlink protection is enabled, it will return a 403 error. That is to be expected. But, if you’re getting the 403 error when accessing something that isn’t linked, then you must ensure that your hotlink protection is configured correctly.

If this didn’t help you, all that’s left is to reach out to your web host.

Yes, this can be a lengthy process – but they have the resources to point you to the root of these issues. They could even help you get your WordPress website up and running, but note that this can take several days if the support team is overburdened with work.

Quick Summary

In short, 403 Forbidden status code means the web server understands your request – but can’t proceed with it because you don’t have the proper permissions.

The two most common culprits are your websites’ file permissions or a corrupted .htaccess file. Besides those two, the cause of the error could also be a misbehaving plugin.

But if you’ve followed the instructions in this guide, your site should be up and running by now!

If you still experiencing problems with 403 forbidden error, contact Meshnetics support team, and we will fix your WordPress issue in no time!