How to Fix a 403 Forbidden Error on Your WordPress Site

If you are on this page, you are most probably looking for solutions to fix the 403-Forbidden error on your WordPress site. It is among the dreadful HTTP status codes used by servers to communicate that you don’t have the required permission to access this page. 

The 403 Forbidden error might show up when you are typing to log in to your WordPress site or visiting any specific page. This error is similar to 401, where access to a page is denied because of a lack of valid authentication credentials. 

However, in a 403 error, re-authenticating doesn’t work. Access to the page is permanently forbidden, as there is insufficient right to the resource. 

Fortunately, there are a few easy solutions to fix the 403 forbidden error on your WordPress site. 

Let’s get started.

What is a 403 Forbidden error on WordPress? 

There are certain HTTP codes given by Microsoft’s Internet Information Services as standard internet codes. Servers use these codes to communicate with web browsers like Firefox, Chrome, Yahoo, etc. In normal circumstances, when the website is working fine, the web server sends a status code of 200. 

However, when things aren’t going well, the server sends a unique code to communicate different problems. Error 403 signifies that the user doesn’t have access to the requested web page. 

You might get the following messages or similar variations when error 403 occurs:

• 403 – Forbidden: Access is denied;
• 403 – Forbidden Error – You are not allowed to access this address;
• HTTP Error 403 – Forbidden – You do not have permission to access the document or program you requested;
• You are not authorized to view this page;
• It appears you don’t have permission to access this page;
• Forbidden – You don’t have permission to access / on this server;
• Error 403 – Forbidden;
• 403 Forbidden – Access to this resource on the server is denied;
• 403. That’s an error. Your client does not have permission to get URL / from this server.

The 403 error is a client-side issue, which means something has gone wrong on the client-side of things. The server has correctly understood the request but has refused to grant access. 

There are multiple reasons why you are seeing this message.

Does the 403 forbidden error have effects on search engine rankings?

If your website is showing 403 errors when someone is trying to access it, then it’s for sure that you will lose your search engine rankings and organic traffic. Search engines like Google, Yahoo, Bing, etc., take the utmost care of their users’ experience, and they will never rank websites that aren’t offering any value. 

To avoid such situations, you should keep an eye on your website analytics and search console data to ensure there are no errors. 

Log into your Google Console, and type in your website’s URL. Then, select coverage under the index.

It will display the number of errors and their types your visitors face. Doing this can save you time figuring out if any of your website pages are experiencing any issues.

What causes the 403 Forbidden error?

Most 403 forbidden errors occur due to access misconfiguration. This means the permission setting is improperly read, written, or executed for a webpage or directory. 

Here are some common reasons why you might be facing this misconfiguration:

• Empty website directory: Your website homepage has no index.html page or index.php;
• Permission errors: There are issues with the permission setting or ownership of the page;
• Incorrect or corrupt .htaccess file: This holds important website configuration settings, and it might be corrupted;
• Malware infection: Files infected with malware can infect the .htaccess file and limit access;
• Cached outdated web page: The 403 error can come up if your page link is updated but the cached version is not;
• Faulty plugins: There are chances that your WordPress plugin is misconfigured or isn’t compatible with other plugins.

How to fix a 403 Forbidden error on WordPress? (7 methods)

There are a number of ways in which you can fix a 403 forbidden error on your WordPress. We highly recommend creating a backup of your site before you start fixing the error in case anything goes wrong. 

1. Change your file permission settings

All folders and files on your WordPress site’s server offer unique permission settings to:

• Read- View the content of the folder;
• Write- Make changes to the file or delete folders;
• Execute- Run the file, perform actions and commands and access the folders.

The 403 Forbidden error is an effect of misconfiguration in the three categories above. 

To check the file settings, you can call your hosting provider or connect to your site with a Secure File Transfer Protocol (SFTP) like FileZilla.

Once you connect your file, you will see the permission setting in the public_html folder. Right-click on it to choose File Attributes.

Manually tracking the permission settings of each file and folder isn’t feasible. Instead, you can automatically change the permission settings of the files and folders with a click. The ideal file permission for files is 644 or 640, and the directories are 755 or 750 in WordPress. 

A popup window appears after you choose File Attributes. Locate Numeric field, write 755 or 750 and select the Directories Only option to change the permission setting of your directories. 

You have to do the same thing to change the permission setting of your file. Under the Numeric field, type 640 or 644 and select Apply to files only. Then, click OK.

Finish the process by manually changing the permission setting for your wp-config.php file to make it 440 or 400.

All of your WordPress files and folders now have the correct permission. You can go back to your site to check if it’s working fine. 

If not, let’s try some more fixes.

2. Disable and enable the WordPress plugin

Next is to find the problematic plugin that might be causing the error. This is a little time-consuming process, where you have to disable all WordPress plugins and enable them one by one. 

If you can access your WordPress dashboard, you can perform this process in the plugins area. 

If not, connect your site to your WordPress server with an SFTP like FileZilla. 

Once done, browse to the wp-content folder, and find the plugins folder inside it. Right-click on it and select “Rename.” 

You can rename these plugins to anything, but we recommend something like “plugins_test” or “plugins_disabled” so it’s easy to remember. This will automatically disable all your WordPress plugins. 

Now, try reaccessing your site. If your site works, you know the culprit is one of these plugins. To find it, reactivate your plugins one by one until you find the plugin creating an error. 

 Once you find the default plugin, you can either reach out to its developer for technical assistance or find an alternative.

3. Deactivate .htaccess File

One common cause of the 403 forbidden error is a corrupt .htaccess file. It is located in your website’s root directory and allows WordPress to interact with your server. The.htaccess file is such a powerful file that even a small mistake can cause this error. So, instead of troubleshooting the .htaccess file, we will create a new one. 

 Connect your site to your WordPress server with an SFTP like FileZilla and save your .htaccess file in your root directory. Download the .htaccess file for backup and then delete it. 

Now, go back to your website to see if it’s working correctly. If it is, you know the .htaccess file was the problem, 

Now, use WordPress to create a new.htaccess file.

Sign in to your WordPress dashboard, and go to Settings > Permalinks and save your changes. You need not make any edits, simply click the button. 

That’s it; your new .htaccess file is created.

4. Disable your CDN

If you are facing a 403 forbidden error on digital assets like CSS, JavaScript, or images, it’s a problem with your Content Delivery Network (CDN). This is a network of servers in different parts of the world hosting a couple of websites. 

Many hosting providers offer CDN to help improve the site’s performance. You can disable your CDN by logging into your hosting account under CDN settings. If you cannot access your content delivery network, we recommend getting in touch with your hosting provider. 

5. Enable hotlinking protection

Another fix for the 403 forbidden error is enabling hotlinking protection. Hotlinking means adding an image to your site, but the hosted link is pointed to someone else’s site. 

You find an image on the internet and directly put it on your website. The image displayed on your website was originally available at a different location. This is quite convenient for hotlinker but is a theft for the hotlinked site. Hotlinking is illegal for websites, and it might hurt your SEO. 

Various hosting and CDN providers offer hotlink protection. If not set up properly, it can cause a 403 forbidden error on your website. You can connect with your hosting provider to resolve this issue. 

6. Clear cache/history

Your browser’s cache can also be the reason for getting a 403 error. A cache is stored data that helps a website load faster the next time you visit it. However, it’s possible that the website’s link has been updated and the actual web page is different from the cached version. 

Clearing the browsing history and cache should resolve this issue. The next time you visit the website, it will show the updated website page link and fix the 403 error. 

Here are steps to clear your cache and history on Google Chrome:

• Click the three-dot icon at the top right corner of the page and select Settings;
• Under Privacy and Security section, select “Clear browsing data”;
• Select the time frame for which you want the data to be deleted. Then, check all the options, Browsing history, Cookies and other site data and Cached images and files;
• Click on Clear Data.

Once done, try reconnecting to the website, it might start to work now.

7. Scan for malware

Check for malware to fix the 403 forbidden error. If your WordPress site has been infected by malware, it constantly injects unwanted code into your .htaccess file and causes it to crash. This way, even if you create a new.htaccess file, you won’t be able to access your website. 

You can use WordPress plugins like Sucuri Security, Wordfence Security, or Quttera Web Malware Scanner to identify infected files. You will then get the option to either delete or restore these files.

8. Add an index page

Your website’s homepage should have index.php or index.html in its name. If not, you can rename your homepage to index.php or index.html.

However, if you don’t want to change your homepage’s name, you need to upload an index page to your public_html directory and redirect it to your homepage. 

Here is how you can do it:

•  Connect your site to your WordPress server with an SFTP like FileZilla;
• Upload an index.html file or index.php to your website’s public_html directory;
• Open your .htaccess file and insert the following code snippet for redirecting the index.php or index.html file to your current website’s homepage.

Wrapping up

403 forbidden errors deny access to your web page, which is quite frustrating. This error can come up for various reasons, like an empty website directory, permission errors, corrupt .htaccess file, or malware infection. But now, you have a fix, whatever the cause. 
However, if none of these fixes work, you can reach out to WordPress support and maintenance experts like stylemix.net to get it resolved quickly. They offer comprehensive WordPress support and maintenance, fix bugs, conduct daily audits, and provide real-time security monitoring. You can hire a dedicated WordPress developer to boost the performance of your website.