WordPress website owners can occasionally face an Error 403 — Forbidden. But don’t worry, it is not as serious as it looks.
It is like having the right key to open a door but still being unable to enter. You just have to find the reason why the key isn’t turning.
Now, let’s consider you have paid for a hosting service, set up your CMS (Content Management System) by yourself, and the servers didn’t decide to take control over your site (a more conducive assumption for those who love a conspiracy theory).
To solve that problem, we prepared a tutorial so you won’t have your access denied to your pages and can keep a steady Digital Marketing strategy. Check it out!
What does an HTTP Error 403 mean?
The Error 403 is usually related to the page access settings on WordPress.
There are some permissions needed so the process can run smoothly, but a small failure can happen, especially in the system’s installation.
The problem can also be identified as HTTP Error 403 or simply Forbidden. The message you see depends on the server:
- Your client does not have permission to get URL/intl from the server.
- No permission to access.
- You don’t have permission to access the server.
- Request forbidden by administrative rules.
You will probably spend more time thinking about what went wrong than actually fixing the issue. Despite that, let’s see some of the possible 403 forbidden error’s causes next.
What causes a 403 Forbidden Error?
Even if the HTTP status codes the page is sending are correct, the server can still forbid access to a URL when it considers that the data isn’t compatible with keeping its communication stream.
That “comm error” can be useful to identify problems with your website’s settings — in short, the server understands your request but doesn’t execute them because you don’t have the right permissions.
That is the most common issue that leads to an Error 403.
It is also possible that you didn’t set up right the protection for a directory or list of files in that folder, that a .htaccess file is corrupted, or that some plugin is not working as it should.
Still getting that http error 403, and neither of the above common causes appears to be the problem? Try assessing whether it might be one of the following issues.
- One or more of your installed WordPress plug-ins isn’t configured correctly, causing the http error 403.
- You’re missing a crucial index page — a homepage that isn’t either index.php or index.html
- The page link may have been changed or updated to a version that no longer matches the cached version stored by your browser.
- Your domain name may be attached to an outdated or otherwise incorrect IP address.
- You could have a malware infection that needs to be addressed before you can resolve the error.
How do you fix Error 403 on WordPress?
Before pointing out the steps to fix Error 403, you need to certify that your backup is up to date.
In the case you didn’t set up a backup solution for your WordPress website, do that immediately — it will spare you from a lot of headaches, especially with website-breaking issues.
When that is covered, just take the following three steps.
1. Verify your file permissions
As we mentioned at the beginning of this post, Error 403 is a consequence of the server denying a request because you lack the appropriate permissions.
To verify those, you need to access the FTP manager on your hosting service dashboard.
In your WordPress installation folder, there is a directory called public_html. Click twice to open it:
Inside each of the files, there will be a number like you see on this image:
That value tells which interactions are activated for each group of users. For example, all WordPress folders should be set up to 755 by default. If the column with that data isn’t showing, you can:
- Click the right mouse button on the columns’ header to activate it.
- Click the right mouse button on each file/folder and choose the “File Permissions” option.
This numeric value can be changed manually, and it will be automatically updated:
The value 755 (or 744) is applied to folders and allows users to read and execute the files included in them. It also limits to the admin the permission to make alterations.
The value should be 777 to let any user insert and edit the files — not advised due to security concerns. In the case of individual files, the code is 644 (or 640), which has the same specification as 755.
All folders should have the value set to 755. You can configure this permission by checking the box “Apply to directories only”. By clicking OK, the FTP manager will update all permissions for every subdirectory included in the folder.
You will also need to repeat the steps with individual files, in this case using the value 644 and also checking “Apply to directories only”. If the error persists, follow the next step.
2. Inspect your .htaccess file
Another common issue causing the Error 403 message is a corrupted .htaccess file.
The good news is that it’s easy and quick to fix it via FTP. You can find it in the main directory where you installed WordPress; usually, it is the first individual file listed.
Click on it using the right mouse button and choose the “download” option. After that, it will be stored locally on your system:
When your backup is saved, delete the .htaccess file stored on the server via FTP and try to access the website again. If the problem isn’t solved, restore your backup and go to the next step.
3. Deactivate and reactivate plugins
To investigate if you have a defective WordPress plugin, you can disable them on your dashboard and see if it solves the issue. If it does, then test one by one to identify which is causing the problem.
If the error persists, you will also have to use the FTP: rename your plugins folder to see if the 403 is gone. If the answer is still negative, you will need to change each name individually until you find the culprit.
4. Upload an index page
Since the absence of a proper index page can definitely cause an http error 403, you’ll want to take a look at yours.
It should be labeled either index.php or index.html. If yours isn’t, consider renaming your page to reflect one of those options and see if it resolves the error message.
Not keen on that idea and prefer to keep your homepage under its current name? You can still resolve the 403 error by uploading a new index page and setting it up so it redirects to your existing homepage.
- Create your choice of an index.php or index.html file. Then upload it to your public_html directory via an FTP or the file manager feature at your hosting account.
- Open up the .htaccess file
- Paste in the code snippet “redirect /index.html /homepage.html” with your homepage’s actual name subbed in for “homepage.html”. This will facilitate the redirect.
5. Edit file ownership
As mentioned above, improper file ownership credentials are a prevalent reason for 403 errors. This is especially the case for those using virtual private server (VPS) web hosting.
To modify ownership of the necessary files, you’ll need SSH (secure shell protocol) access. (SSH lets web users securely and safely access and modify many aspects of their remote servers online.)
You’ll also need to secure a proper SSH terminal to get into your VPS.
Once you’re in, you can check the ownership of a file by using the “ls -1 [file name]” command (with your actual file name subbed in for “file name”, of course).
When you do that, you’ll see a result that looks a lot like: “-rwxrw-rw- 1 [owner][group] 20 Jul 20 12:00 filename.txt”.
Look carefully at the information that occupies the “owner” and “group” sections of that result. If it’s anything other than your account username, you’ll need to modify ownership.
This can be done using the chown Linux command.
6. Verify your a record
As detailed above, one possible reason an http 403 error might display is a domain name that points to an incorrect IP address that won’t allow you to view the requested page.
Verification of the domain’s A record is how you can check on this to ensure everything’s as it should be.
- Log into your DNS editor to access your running list of DNS records.
- Look for the record labeled type “A”. Naturally, that’s your A record.
- Take a good look at the IP address attached to the A record.
- If the specified IP address is incorrect, go ahead and edit it before updating your changes.
Can’t find your A record? You can actually create one via your “manage DNS records” panel.
Just make sure you specify “A” as the record type you want to create. Then insert the proper IP address before confirming that you’d like to add the record to the list.
7. Scan your site for malware
Malware can cause an entire host of issues on a website, as you may already know if you’ve had your website for long.
If the malicious software in question keeps bombarding your .htaccess file with code that shouldn’t be there, it can definitely cause 403 errors.
Malware is especially likely to be the culprit if you keep resolving the 403 error only to have it recur repeatedly.
That necessitates a good, thorough scan, so choose your favorite WordPress security plug-in to get the job done.
Run your scan. See what the plug-in advises as far as actionable ways to address any infections found. (You may be asked to delete some or possibly restore others.)
If you prefer, you can also use a backup file to restore your website to a point where everything was working correctly.
Run regular malware scans moving forward to ensure you catch any future infections before they have a chance to affect your website’s function.
8. Dump your web cache
A build-up of web cookies or web cache can also cause an http 403 error, so you’ll want to take a look at this possibility, as well.
As with your web browser and favorite go-to programs on your computer or phone, cached information helps support the fastest possible load times.
However, cached versions of web links may not match the actual links if they’ve been updated recently, leading to errors.
The same thing can happen if you’re carrying cookies that interfere with anything about the page’s current information.
Try clearing out your web cache, cookies, and web history to see if that resolves the 403 error. (You can do this by accessing your browser’s feature for clearing out browsing data.)
Naturally, you’ll need to log into the website again. And it will almost certainly take longer to load than usual. But it may be all you need not to have to see the 403 error again.
BONUS: How to Fix Error 403 as a User
If you’re encountering a 403 error as a user, there are a few tips and tricks you can use to resolve it then, as well. Here are a few quickies to keep in mind.
Try refreshing the page
Not all 403 errors stick around for the long haul, so it’s worth trying a simple page refresh to see if it resolves the issue. If that doesn’t do the trick, try waiting a bit before coming back to the page again.
Clean your cookies and cache
As with resolving http error 403 as a website owner, clearing your browsing data can also help you as a user. Try accessing your browser’s data cleaning feature and clearing your cookies, cache, and web history. Then try the page again.
Get in touch with the website
If you believe the 403 error is an actual issue with the website you’re trying to access, you can contact the site owners for assistance. However, if you can confirm that the site is only malfunctioning like this for you specifically, you should contact your ISP for help instead.
Try disconnecting from your VPN
If you use a VPN, you may occasionally run into issues like 403 errors, as not all websites allow VPNs. If there’s a possibility this could be the issue, try disconnecting from your VPN before attempting to access the site again. That may be all it takes to resolve the error.
The Error 403 is a great annoyance to users, but it is not that big of a deal for WordPress. With our tips, you can quickly solve it and recover access to your website.
Now that you know how to fix the 403 Forbidden error, check out our ebook on WordPress for corporate blogs and get rid of your doubts about this tool: its main features, plugins, widgets, and tags!