Fix: WordPress 403 Forbidden

Bulletproof Backups for Your WordPress Website

Fortify your business continuity with foolproof WordPress backups. No data loss, no downtime — just secure, seamless operation.

Stuck with a “403 Forbidden” error while trying to access your WordPress site? It’s a little scary and quite cumbersome but you can troubleshoot WordPress errors like this. 

It’s a frustrating experience when some pages redirect  and display this baffling message. Perhaps you just updated a plugin, only to have your browser greet you with a 403 error instead. Clicked the refresh button and nothing changed. Even your customers are complaining about facing the same wall of “403 Forbidden.” 

But take a deep breath; this problem is fixable. In this article, we’ll go over what triggered this error and how to fix it. 

TL;DR: A 403 Forbidden error can occur due to incorrect file permissions, plugin conflicts, or server settings. Troubleshooting often involves modifying core files, so it’s crucial to backup your website before making any changes to avoid further issues.

What is the WordPress “403 Forbidden” Error?

The WordPress 403 Forbidden error is an HTTP status code indicating that your server recognizes the request but refuses to grant access to the requested resource. In simpler terms, it’s your website’s way of saying, “Access Denied.” This isn’t just an inconvenience; it’s a common server-side error that can disrupt the browsing experience for both site owners and users trying to visit your pages.

Pro tip: If this happened suddenly, try to restore a backup and see if that reduces the downtime. This way, your customers will still have access.

There are several potential causes for a 403 error. One of the primary reasons is the server’s file permissions might not be set correctly, preventing access. It can also arise from plugin conflicts, especially before or after updates. Moreover, an incorrectly configured .htaccess file can lead to such access problems. Lastly, overzealous security settings or firewall rules might inadvertently block legitimate requests, resulting in a 403 Forbidden error. Understanding these underlying causes is the first step in effectively resolving the issue for a seamless WordPress experience.

How to fix the WordPress “403 Forbidden” error?

Now that we’ve identified what the WordPress 403 Forbidden error is and the common causes behind it, the next logical step is addressing how to fix it. 

The first thing to do is determine if the issue is site-wide or isolated to your access. Copy your URL and paste it in Down for Everyone or Just Me

This step is crucial because if the site is up for others, the problem might be related to your network or local settings. On the other hand, if the tool confirms that the site is down for everyone, it underscores a server-side issue that needs attention.

Pro Tip: Always create a backup before troubleshooting the 403 Forbidden error. Altering core files or settings can lead to unintended consequences. With BlogVault, you can easily create secure backups, ensuring you have a safe restore point if anything goes awry. This precaution can save you from potential headaches down the line.

1. Change file permissions

File permissions in WordPress dictate who can read, write, or execute files and directories on your server. These permissions are set using a numeric code, often seen as a trio of numbers like 755 or 644, which correspond to permissions for the owner, group, and others. 

Changing file permissions to the correct settings can resolve the 403 error by ensuring that your server allows the necessary access for WordPress to function. For instance, directories typically need permissions set to 755, while files are generally set to 644. These settings ensure that files are secure but accessible as needed by the server.

Using cPanel to change file permissions

  1. Log In to cPanel: Start by logging into your hosting account and accessing the cPanel dashboard. This is typically done via a provided URL and your hosting credentials.
  2. Find File Manager: Once in cPanel, navigate to the “File Manager” section. This tool allows you to view and manage the files associated with your website.
  1. Locate WordPress directory: In File Manager, look for the directory where WordPress is installed. This is usually within the public_html directory, or you may find it in a subdirectory like public_html/yourdomain.com if your WordPress site is situated in a specific domain folder.
  2. Select change permissions: Right-click on the directory containing your WordPress installation and select “Change Permissions” from the context menu. This option allows you to modify the access settings for the directory.
  1. Modify permissions: A dialog box will appear presenting permission options for the user, group, and public. Here, adjust the permissions by setting them to 775. This configuration ensures that the necessary read, write, and execute permissions are granted to the user and the group, while keeping the public permissions more restricted.

Using an FTP client to change file permissions 

  1. Connect to your server: Open Cyberduck and connect to your server using your FTP login credentials, which typically include your host details, username, and password. This connection enables you to access your website’s file directory.
  2. Navigate to public_html: Once connected, locate the public_html directory, which is the root directory where your WordPress files are generally stored. If your site is set in a specific domain folder, you may need to navigate to a subdirectory like public_html/yourdomain.com.
  3. Open the Permissions tab: In the file listing, right-click on your WordPress directory and select “Info” from the context menu. This will open a new window providing detailed information about the selected directory. In the Info window, navigate to the “Permissions” tab. This tab displays the current file permissions and allows you to modify them as needed.
  1. Set permissions to 775: Adjust the displayed permissions by setting them to 775. This configuration ensures that the directory is accessible and writable by the user and the group, while maintaining more restricted access for the public.

2. Replacing the old .htaccess

The .htaccess file is an essential configuration file in WordPress, used to control how URLs are handled and to set server instructions. For example, you can use the .htaccess file to setup security. It can become corrupt or misconfigured, leading to errors like the 403 Forbidden error. Resetting the .htaccess file to its default state can clear up misconfigurations that might be causing access issues. 

  1. Connect to your server using FTP: Start by opening an FTP client and connecting to your server. Use your FTP login credentials to access the server where your WordPress site is hosted.
  2. Locate the root directory of your WordPress site: Navigate to the root directory of your site where WordPress is installed. This is typically the public_html or a similar directory specific to your domain.
  3. Find the existing .htaccess file: Within the root directory, look for the existing .htaccess file. This file may be hidden by default, so ensure your FTP client is set to display hidden files. Right-click on the .htaccess file and rename it to .htaccess_old. This step ensures you have a copy of the original file, just in case you need to revert any changes.
  1. Create a new .htaccess file: Use a text editor like Notepad or TextEdit to create a new blank file. Copy and paste the default WordPress .htaccess rules into this new file:
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress

Save your newly created file as .htaccess. Ensure that it’s saved with no additional file extensions.

  1. Upload It to the root directory: Use the FTP client to upload the new .htaccess file to your WordPress site’s root directory.
  2. Test your site to check for errors: Finally, go to your website in your browser and refresh the page to check if the 403 Forbidden error persists. If the issue is resolved, it means the problem was with the old .htaccess file. Review any custom rules you added to identify what might have caused the issue. If the problem persists, delete the new file and rename the old file back to .htaccess.

3. Checking for incompatible plugins

Sometimes, the 403 Forbidden error may be the result of incompatible or faulty plugins on your WordPress site. Plugins that contain bad code or are outdated can cause conflicts. Sometimes. Even a plugin update can crash your site. Moreover, security plugins might block requests if they mistakenly flag your IP address as suspicious.

  1. Deactivate plugins one by one: Log in to your WordPress admin panel and click Plugins in the sidebar. Click Installed Plugins. Hover over a plugin and click Deactivate.

Pro tip: Start with the security plugin first to see if it is causing the 403 Forbidden error. It’s possible that the security plugin has setup rules that are blocking your access. 

  1. Check compatibility: After deactivating the security plugin, visit your website to see if the error persists. If the error is resolved, it suggests that the deactivated plugin is blocking requests. In this case, contact the plugin’s support team for assistance.
  2. Repeat with other plugins: If the error remains unresolved, deactivate your other plugins one by one. Check your site after disabling each plugin to identify which, if any, are causing the conflict.

4. Eliminate theme incompatibility

Theme incompatibility is often a key reason for a 403 Forbidden error on your WordPress site. Even theme updates can fail. If they are not aligned with the current WordPress version or your server’s PHP version, they can cause conflicts, leading to access restrictions and 403 errors. 

  1. Switch to a default theme: Temporarily activate a default WordPress theme like Twenty Twenty-One or Twenty Twenty-Two. These themes are regularly updated to be fully compatible with the latest WordPress core versions, making them a reliable baseline for testing.
  1. Check your site: After switching to a default theme, revisit your website to see if the 403 Forbidden error persists. If the error is resolved, this indicates that your previous theme was likely causing the issue.
  2. Address theme compatibility: If your original theme is the problem, reach out to the theme developer or support team for guidance. They may provide patches or updates to ensure compatibility. If support isn’t available or solutions are delayed, you might need to consider replacing the theme with a more compatible option or hiring a developer to modify the theme as needed.

5. Clear cache

The cache is a collection of temporary files stored by your browser to speed up loading times for frequently visited sites. However, when a page is updated or its configurations change, like permissions, the cached files might not reflect these changes, causing errors such as the 403 error. By eliminating the cache, you ensure that your browser fetches the most recent version of the web page, potentially resolving the error caused by stale or corrupt cached data.

6. Check DNS configurations

Ensuring your DNS configurations are correct is crucial when troubleshooting a 403 Forbidden error on your WordPress site. DNS (Domain Name System) is essentially the address book of the internet, converting domain names into IP addresses. These settings must accurately point to your web server’s IP address so that visitors can access your site without issues. You can check these details with your domain registrar. 

7. Ensure correct directory ownership

Ensuring the correct directory ownership is vital for the security and functionality of your WordPress site. Directory ownership determines which user or system account has control over the files and directories on your server. Incorrect ownership settings can lead to a range of access issues, including the 403 Forbidden error. When a server denies access due to ownership conflicts, web applications like WordPress may be unable to read or write necessary files, disrupting site operations.

Changing directory ownership typically requires root access to the server because it involves using advanced command-line tools. This level of access ensures that only authorized personnel can make critical changes, thereby safeguarding your site against potential vulnerabilities introduced by incorrect settings.

8. Review your WordPress security settings

Security settings, while crucial for protecting your site, can sometimes be too restrictive and inadvertently block legitimate access requests. This is particularly important if custom security configurations, like firewall rules, have been applied.

The firewall rules on your server act as gatekeepers, determining which traffic is allowed to reach your website. If these rules are too strict or improperly configured, they can block essential ports and IP addresses, leading to access issues such as the 403 error. It’s important to periodically review these settings to ensure they balance security without hindering accessibility.

Additionally, understanding port numbers is vital in this context. Ports are like gates that control the flow of data in and out of your server. For web servers, ports 80 (non-HTTPS) and 443 (HTTPS) are standard for handling web traffic. Additionally, port 22 is commonly used for SSH access. This allows secure management of your server remotely. If you’ve recently altered these ports for security enhancements—such as changing default port numbers to obscure server access—it’s critical to ensure they are correctly configured in your firewall rules.

Expert advice: If you’ve exhausted all troubleshooting steps and still encounter the 403 Forbidden error on your WordPress site, it may be time to reach out to your hosting provider for support. Your hosting provider has access to server-level logs and settings that are beyond typical user reach, enabling them to identify and resolve issues that you might not be able to address on your own.

How to prevent the WordPress 403 forbidden error?

After all the troubleshooting you’ve just done, you want to make sure this doesn;t happen again. Preventing the 403 Forbidden error on your WordPress site involves proactive maintenance and management. 

  • Keep everything updated: Regularly update your WordPress core, themes, and plugins to the latest versions. Updates often include patches for security vulnerabilities and improvements for compatibility with other components, reducing the possibility of conflicts that could lead to a 403 error.
  • Regularly check file permissions: Periodically review and verify that file and directory permissions are correctly set. For instance, files should typically be set to 644 and directories to 755. Incorrect permissions can lead to access issues.
  • Use a good security plugin: Implement a reliable security plugin to protect against unauthorized access and potential exploits that could alter permissions or block legitimate requests. A quality security plugin also provides insights and alerts about suspicious activity.
  • Disable unused plugins and themes: Unused plugins and themes are potential security risks and can cause conflicts. Deactivate and remove them to keep your site streamlined and reduce the chance of compatibility issues.
  • Configure a correct .htaccess file: Ensure your .htaccess file is properly configured to handle URL rewrites and server directives without causing access issues. Regularly back up your .htaccess file and know how to restore it to default settings if necessary.
  • Set correct directory ownership: Ensure that directory ownership aligns with the server permissions needed to run WordPress smoothly. This is especially crucial if you’ve changed hosting environments or server configurations. Proper ownership prevents unauthorized access and modifications.
  • Monitor server settings and firewall rules: Regularly review server settings and firewall rules to ensure they are not overly restrictive and blocking legitimate access. Make sure that necessary ports, like 22 for SSH, and 80 or 443 for the web server, are correctly configured.

Pro tip: Regular backups with a backup plugin are crucial for reducing the impact of a 403 Forbidden error on your WordPress site. They allow you to quickly revert to a previous version, restoring original settings if configurations fail or updates cause issues. With backups, you can swiftly undo changes from incompatible plugins, minimizing downtime and ensuring your site remains functional and accessible.

Final thoughts

Encountering a 403 Forbidden error essentially means you’re being blocked from accessing your own site, a frustrating and disruptive issue for any website owner. The causes of this error are varied, ranging from misconfigured permissions and outdated themes to incompatible plugins and restrictive server settings. Addressing this error often involves delving into core files and configurations, which requires a cautious approach to avoid introducing further complications. Always take a comprehensive backup before making any changes, ensuring you have a reliable fallback if needed. With patience and care, you can navigate the troubleshooting process and restore full access to your site.

FAQs

How to fix 403 Forbidden in WordPress?

To fix a 403 Forbidden error in WordPress, start by diagnosing and addressing potential causes. Check and adjust file permissions to ensure they are set correctly, typically 644 for files and 755 for directories. Review your .htaccess file for any misconfigurations and restore it to default if necessary. Deactivate plugins and switch to a default theme to pinpoint conflicts. Ensure DNS settings and server configurations are correct, and if restrictions persist, consult with your hosting provider for further assistance.

Can you fix a 403 Forbidden error?

Yes, a 403 Forbidden error can be fixed by identifying and addressing its root causes. This involves checking file permissions, reviewing security settings and firewall rules, adjusting .htaccess configurations, and troubleshooting potential conflicts with plugins or themes. By carefully following these steps and taking backups before making changes, you can resolve the error effectively.

What is 403 error log in WordPress?

A 403 error log in WordPress is a record generated in your server logs whenever a 403 Forbidden error is triggered. These logs provide detailed insights into requests that were denied access and can help identify the source of the error, such as incorrect permissions or blocked IP addresses. Accessing these logs often requires reaching out to your hosting provider or checking server configuration files.

What is 403 response in WordPress?

A 403 response in WordPress is an HTTP status code indicating that the server understands the request made by a user but refuses to authorize access to the requested resource. This type of response can be triggered by various factors, including incorrect file permissions, misconfigured server or security settings, and plugins or themes causing conflicts.

Does 403 Forbidden mean I’m blocked?

A 403 Forbidden error means that access to the requested resource is denied. It doesn’t necessarily mean you are blocked intentionally; rather, it indicates an issue with access permissions, server settings, or security configurations. By investigating the underlying cause, you can determine whether it’s due to a restrictive setting that needs adjustment or an IP block that requires lifting.

Tags:

You may also like


Feature Imavge for WerdPress fatal error
8 Ways To Fix WordPress Fatal Error

Encountering this WordPress error can definitely be stressful. The term ‘fatal’ suggests serious problems, even potential data loss. But take a deep breath—your site is neither dying nor beyond repair….

How do you update and backup your website?

Creating Backup and Updating website can be time consuming and error-prone. BlogVault will save you hours everyday while providing you complete peace of mind.

Updating Everything Manually?

But it’s too time consuming, complicated and stops you from achieving your full potential. You don’t want to put your business at risk with inefficient management.

Backup Your WordPress Site

Install the plugin on your website, let it sync and you’re done. Get automated, scheduled backups for your critical site data, and make sure your website never experiences downtime again.