How to Fix the 403 Forbidden Error in WordPress

403 forbidden error is one of the HTTP status codes that indicate the user attempting a forbidden action, requiring an account of such sort, or not having the required permissions for a resource. The user will not be able to access the website content to some extent of time until it is properly configured.

This issue could happen on any WordPress website and would soon have a direct impact on your web visitors if it is not fixed promptly. The article will help you understand this error and its causes so you can identify the basic problems and solve them in advance.

What is the 403 Error in WordPress?

As soon as you use your browser to access a website, the server will reply with a different numerical HTTP status code if something goes wrong. These numbers are pretty significant since they allow you to pinpoint precisely what's wrong with your site.

The 403 error in WordPress, also known as a forbidden error, appears when the authorization settings on your WordPress website are misconfigured.

The server understood the request but refused to authorize it. You might find various 403 error messages, yet they usually will give you a hint that you are either “forbidden” or “no permission to access” a website.

What Triggers the 403 Forbidden Errors?

Misconfiguration of the authorization settings or access permission is potentially the main trigger of the 403 forbidden errors. In WordPress, there are some possibilities of misconfiguration that can lead to the 403 error. They are as followings:

• Plugin Problems

• Invalid File Permission

• .htaccess File Issues

• Undetected Index File

• Incorrect IP Address

• Hotlink Protection Setup

Plugin Problems

When the plugin code is written inconsistently with your WordPress version or not keeping in tune with the WordPress coding standards or requirements, there will be more chance for plugin conflict as different plugins may become incompatible with one another. Accordingly, you would notice some conditions or errors including the 403 forbidden errors on your site depending on the level of the plugin conflict or found bug.

Invalid File Permission

The permission access level for each file and folder would determine whether the content is writable, executable, or readable. If the configuration of the permission access on the server is incorrect, it will display the 403 error for any user trying to access a website.

.htaccess file Issues

Several types of .htaccess file issues can result in 403 errors. Once the .htacces rules go wrong due to malware infection, or it tries to force a specific PHP version, the forbidden 403 error would likely happen.

Undetected Index File

For some reason, the index file) can be undetected, possibly because it is corrupted, not found in the WordPress website’s root folder, or has an incorrect file name.

Incorrect IP Address

The WordPress security plugins might block the IP address, which can cause the 403 error. Another thing that can cause the error is when the domain name refers to the wrong IP address.

Hotlink Protection Setup

Another improper configuration that can lead to 403 forbidden errors is the Hotlink Protection on the CDN or hosting server. This Hotlink Protection feature is offered to protect direct linking to images or media files in general.

6 Steps to Fix the 403 Forbidden Error in WordPress

Depending on what triggers the 403 forbidden error in your WordPress website, you can try to use one of these techniques to help you detect the source of the issues and fix the error later on.

1. Deactivate Installed WordPress Plugins

2. Setting Up the Correct File Permission

3. Check the .htaccess File

4. Upload the Proper Index FIle

5. Inspect the IP Address Configuration

6. Disable Hotlink Protection

1. Deactivate Installed WordPress Plugins

If there’s any suspicion that the WordPress plugin is the main cause of the 403 error, especially if you just installed a new one, you can just deactivate it and see if the error persists. These steps might be required since there’s no way to access the WordPress admin.

1. Go to the File Manager in CPanel or use FTP clients, such as CuteFTP or FileZilla.

2. Access the public_html folder and then the wp-content folder

3. Rename the newly installed plugin folder with any name to deactivate it

4. Reload your website page in the browser and see if it works

Alternatively, you wouldn’t notice which WordPress plugins caused the error, or even not sure that the 403 forbidden error is a result of any problems in the WordPress plugins as you suddenly found your site is not working normally. If this is the case, follow these steps:

1. Go to the File Manager in CPanel or use the FTP client.

2. Access the public_html folder and then the wp-content folder

3. Rename the main plugin folder with any name to deactivate it

4. Reload your website page in the browser and see if it works

5. Log in back to your WordPress admin and go to the WordPress Dashboard then go to the Installed Plugins page. You will find that all plugins are deactivated by default.

6. Activate every plugin one by one to see if your website loads properly after each plugin activation to identify which plugin causing the error.

2. Setting Up the Correct File Permission

When you’re sure that the WordPress plugin issues do not trigger the 403 error, you can continue to check the file permission of your WordPress website folder and files, either it is incorrect or needs a few settings to reset.

The steps to set up the correct file permission are as followings:

1. Go to the File Manager in CPanel or use the FTP client.
2. Access the public_html folder and then right-click to select the File Permissions or Change Permissions option

3. You will see an options window to input numeric values for different file permission settings on WordPress:

• Input 750 or 755 for all folders file permission and check the “Recurse into subdirectories” box, then select the “Apply to directories only” option. Click OK to save the setting.

• Input 644 or 640 for all files file permission, checkmark the “Recurse into subdirectories” box, and select the “Apply to files only” option. Click OK to continue

• Input 440 or 400 for the wp-config .php file permission and click OK to save the final setting.

3. Check the .htaccess File

Run a malware scan if you think the .htaccess file is infected by malware. Sometimes .htaccess file contains code for file permission that is not correctly set or forced to run on a specific PHP version. If one of those cases is obvious to happen, just remove the command code and see if the error stops occurring.

A corrupted .htaccess file may stop a website to load properly and you’ll get a 403 error. Simply delete the file after you make a backup file and generate the new one with these steps:

1. Go to the File Manager in CPanel or use the FTP client.
2. Access the public_html folder and find the .htaccess file.
3. Make a backup by selecting the download option after you right-click the file.
4. Delete the .htaccess file in the public_html folder and refresh your website to see if it works properly

5. Generate the new .htaccess file as you back to the WordPress admin and go to the WordPress Dashboard, click Settings and go to Permalinks, then click the Save Settings button.

4. Upload the Proper Index File

As explained before, one of the things that cause the 403 forbidden error is the undetected Index file in the WordPress website public_html folder directory. WordPress requires index.php to run and if the file is corrupted or missing, you need to upload a new index.php file in that directory file. Follow these steps to start it:

1. Go to the File Manager in CPanel or use the FTP client.

2. Access the public_html folder and check the index.php file if there are any

3. Delete the corrupted index.php file

4. Create a new index.php file or download it from WordPress.org.

5. Upload the new index.php file in the public_html folder

6. Refresh your web page to see if it loads normally

5. Inspect the IP Address Configuration

Make sure that your domain name is referring to the correct IP address especially if you just migrated to a new web hosting. 403 forbidden error is also a sign that your domain name is linked to an IP address where you do not have the authorization or permission to access the site’s content.

Inspect its configuration by following these steps:

1. Go to the hosting server CPanel

2. In the DOMAINS section, select the DNS Zone Editor

3. Click the Manage button

4. See if the A Record is pointing to the correct IP address, which is the same as the shared IP address provided by your hosting server

5. Click the Edit button and save if you need to configure the A Record

6. Reload your website page in the browser and see your site is back to normal

6. Disable Hotlink Protection

If your hosting provider gives you access to CPanel to manage your site, once you disable the protection, the system deletes the entries in the List the URLs to which you wish to allow access list. Here are the steps to disable Hotlink Protection:

1. Go to the hosting server CPanel

2. In the SECURITY section, select the Hotlink Protection

3. Click Disable button if the current setting is currently enabled

4. Refresh your web page to see if it usually loads after disabling the Hotlink Protection

Conclusion

Dealing with the 403 forbidden errors would need careful analysis and a series of inspections to be sure what is the misconfiguration or the potential cause of the error. It is wise to make a backup before you make changes and configurations to fix the 403 forbidden error from your WordPress website.

Contact your hosting for WordPress server admin support if you’re unsure what causes the 403 errors after trying all of the above-suggested techniques.

Frequently Asked Questions