401 Error: 5 Ways to Troubleshoot and Fix It

401 Error: 5 Ways to Troubleshoot and Fix It

If you’re an avid internet user, at some point, you might run into issues when trying to load a website and be presented with different error status codes.

One of the most common error codes is the 401 Error or the 401 Unauthorized Error. This error suggests that the request sent to the website or web application could not be authenticated. Fortunately, in most cases, this error can be quickly resolved.

In this tutorial, you will learn more about the 401 error code in more detail – including its possible causes and five methods to troubleshoot it.

Error codeHTTP 401 Unauthorized Error
Error typeCommonly a client-side error
Error variationsHTTP Error 401 Unauthorized
401 Unauthorized Error
Error 401 Unauthorized
Access Denied
401 Authorization Required
Error causesIncorrect URL
Plugin or theme incompatibility
Incorrect login attempts
Outdated browser cache and cookies
Server configuration errors
IP restrictions

The 401 Unauthorized error indicates that the server’s request was not verified because it lacks valid authentication credentials for the target resource. When accessing a URL, your browser sends a request, which in this case was not verified.

This may be caused by several client-side reasons, including:

  • Inputting the wrong URL
  • Incorrect username or password
  • Outdated browser cache and cookies

For instance, this error may appear when you’re trying to gain access to restricted resources like a password-protected web page without logging in first or entering the correct authentication credentials.

Although client-side issues seem to be the most common causes of this error, sometimes it can be caused by the web server. The server might be blocking the client from accessing the requested resource on purpose, or the server’s authentication process is broken.

When the 401 Error occurs, the browser will show an error code or message instead of taking you to the actual web page.

Example of 401 error.

You may see one of the following error messages indicating the same error:

  • HTTP Error 401
  • 401 Authorization Required
  • 401 Unauthorized Error
  • Access Denied

Here is a list of the different variations of the 401 error and their descriptions:

  • 401.1 – the login attempt has failed.
  • 401.2 – the login attempt has failed due to the server configuration.
  • 401.3 – the login attempt has failed due to the ACL (Access Control List).
  • 401.501 – too many requests have been generated by the client or the client has reached the maximum request limit.
  • 401.502 – This error occurs when a particular client (same IP) sends multiple requests to a single web server, reaching the dynamic IP Restriction Concurrent request rate limit.
  • 401.503 – the IP address of the client is included in the deny list on the server.
  • 401.504 – the client’s hostname is included in the deny list on the server. 

How to Fix the 401 Unauthorized Error

In this section, we will go over five methods to solve the 401 Unauthorized Error.

Important! Before you proceed with any of the methods, check whether the website is down for everyone or just you. This will help to determine whether the issue is local or server-side.

1. Confirm the URL Is Correct

This might sound obvious, but the 401 error code might appear if the user entered the wrong URL in the browser’s address bar. 

Before you attempt the other methods, check the URL you’ve typed in. Verify whether there are any special characters or numbers you may have missed.

If you’re following a hyperlink from another website or web application, double-check if it contains typos. Sometimes, the hyperlink may be mistyped or outdated, triggering the 401 error.

To get the correct URL, try accessing the restricted resources by going to the website’s homepage and manually navigating to the problematic page. Another option is to try searching for the page on Google.

2. Clear User End Issues

We will now go over some common user end issues that may cause the 401 error and how to solve them. 

The following troubleshooting steps are for users who can’t access a specific webpage when others can. However, if you are convinced that the 401 error also appears to everyone else who is trying to access the page, scroll down to method three.

Before you try the following troubleshooting steps, try reloading the page and see if that fixes the issue. Sometimes, a misloaded page can cause the 401 error code. 

Clearing Browser Cache and Cookies

The browser’s cache and cookies improve the online experience, specifically with regards to loading speeds and personalization. However, in some cases, they may cause the 401 error.

Both browser’s cookies and cache are saved in your device’s internal storage. The cache saves a website’s “static assets” – data that usually doesn’t change during repeat visits. This lets the browser preload some assets of the live version of the website, shortening loading time.

Cookies, on the other hand, are pieces of data that remember information about the device and its user’s behavior. Many websites use cookies to store user authentication details. 

For example, staying logged in on a specific website is possible thanks to cookies.

Unfortunately, the browser’s cache and cookies may become corrupted, leading to a web server authentication failure. It’s also possible that the current cache and cookies are outdated and in need of manual refreshing.

To clear your browser’s cache and cookies, simply go to your browser’s settings and find the option to clear them. If you use Google Chrome, follow these steps:

  1. Click the three-dotted menu icon on the top-right corner.
  2. Go to Settings -> Privacy and security -> Clear browsing data
Clear browser's cache on Chrome
  1. In the Time range drop-down menu, select All time. Then, check Cookies and other site data and Cached images and files.
How to clear cookies and cached files on Chrome
  1. Select Clear data. 

Flushing DNS Cache

In addition to the browser’s cache and cookies, DNS records are also stored locally on your device. 

The data in the DNS cache lets your device match URLs to their IP addresses faster for shorter loading times. However, unlike the browser’s cache and cookies, the DNS cache operates on the system level.

Although rare, a DNS error may result in the 401 HTTP status code. The DNS cache may be outdated, containing incorrect URL and IP address details.

Flushing your DNS will clear the existing DNS records of your device, forcing it to make a completely new request and re-authenticate the URLs.

Here’s how to flush your DNS cache on Windows:

  1. On your desktop, navigate to the search bar and type in “Command Prompt.”
Searching for command prompt on Windows
  1. Open Command Prompt.
  2. Type in the command “ipconfig/flushdns” and press Enter. If successful, you will see the message “Successfully flushed the DNS Resolver Cache”.
How to flush DNS Resolver Cache.

3. Check Authentication Credentials

The 401 Unauthorized Error code may appear when you’re trying to gain access to a locked resource, such as a password-protected page, with invalid authentication credentials. As a consequence, you won’t be able to open the page.

Double-check whether you’re logged in with a valid user ID and password. If you’re sure that you have entered the details correctly, try changing the password.

If you’re having trouble accessing a password-protected WordPress site, attempt resetting your WordPress password.

4. Disable Password Protection

If you’re a webmaster trying to solve the 401 error, it’s worth temporarily disabling password protection for the problematic section of your website.

If you have enabled password protection using .htaccess and .htpasswd files, follow these steps to disable it:

  1. Go to your hosting account’s File Manager.
  2. Open the password-protected website directory.
  3. Find the .htaccess file that you created when you enabled the password protection in the first place. Its content should look similar to this: 
AuthType Basic

AuthName "Your authorization required message."

AuthUserFile /path/to/.htpasswd

require valid-user
  1. Back up the content of the .htaccess file in case you want to re-enable password protection in the future.
  2. Delete the .htaccess file from the directory.
  3. Find the secret location of the .htpasswd file, back it up, and delete it as well.

hPanel has a user-friendly feature that lets Hostinger users manage password-protected website directories.

5. Troubleshoot the Code

Sometimes, the 401 error is not caused by a client-side issue – there could be a problem with the web server.

Use the following methods to verify if the issue is caused by a server error, especially if you are the website administrator of the problematic page.

WWW-Authenticate Header

Begin by checking the site’s WWW-Authenticate header for errors.

According to the IETF, a server generating a 401 (Unauthorized) response has to send a WWW-Authenticate header field containing at least one challenge applicable to the target resource.

This response header determines the authentication method the web browser should follow to access a specific page. Knowing what response the header sends and which authentication method is used will help determine the problem.

To check a WWW-Authenticate header for the cause of the 401 Unauthorized Error, follow these steps:

  1. Access the page that generates the 401 error code. If you’re using Chrome, right-click it and select Inspect or press Ctrl+Shift+J to open the developer console.
  2. Open the Network tab, then reload the page. Click on the entry with the 401 error status. 
How to check a WWW-Authenticate header for the cause of the 401 error.
  1. Open the Headers tab. Find the WWW-Authenticate entry under the Response Headers section. It will show the authentication method the server enforces to provide access to the content.
  2. Refer to the HTTP Authentication Scheme Registry to find out the page’s authentication method. In this case, the page uses the basic authentication method, which means that it only requires standard login credentials.

Disable Plugins, Modules, and Themes

If you encounter the 401 error code as the website’s administrator, you can identify its cause by disabling the plugins, modules, and themes you have installed on your website. 

Unfortunately, no matter which CMS you use – be it WordPress, Prestashop, or Magento – these additional pieces of code can cause issues on your website, including the 401 Unauthorized Error.

We’ll use WordPress as an example. If you have a WordPress site and still can access its admin dashboard, changing your theme to the default one and disabling all your plugins at the same time will be easy. 

To reinstate the default theme, simply go to Appearance -> Themes and Activate the default theme.

To disable all WordPress plugins at the same time, go to Plugins -> Installed Plugins. Bulk select all the plugins, choose Deactivate from the drop-down menu and click Apply.

The process to change your design template and disable the modules should be similar with any other CMS dashboard.

However, if you don’t have access to your WordPress admin dashboard, you can disable your WordPress plugins by opening the File Manager on your hosting account and renaming the Plugins folder. Hostinger users can manage their plugins straight from hPanel.

Similarly, you can change your WordPress theme without opening the admin dashboard by making changes to files through File Manager and phpMyAdmin. 

Error 401 vs. Error 403 Comparison

The 401 error code appears when the client’s web browser fails to receive resources from a web server due to a lack of or invalid authentication information.

On the other hand, the 403 Forbidden Error indicates that the server has received the request but won’t provide access to a specific part of the website.

Incorrect login details are the most common cause of the 401 error, while insufficient access levels trigger the 403 client error. An example would be a WordPress site with a membership feature preventing users with a “visitor role” from accessing the members-only content.

Geo-blocking may also result in the 403 client error status response. The web server might be restricting access to IP addresses originating from specific countries or regions.

Here are other variations of the 403 HTTP status code you may encounter:

  • 403 Forbidden
  • Forbidden: You don’t have permission to access [directory] on this server
  • Access Denied ‒ You don’t have permission to access

Other 4xx Errors

Other than the 401 error, you may run into other 4xx status codes. If that happens, take a look at the following guides where we explain their causes and how to fix them:

Conclusion

The HTTP error 401 occurs when the browser’s request to the server lacks valid authentication credentials. While it’s most commonly caused by a client-side issue that is easy to fix, it can also stem from a server error.

In this guide, we’ve gone over five methods to solve the 401 Unauthorized Error code:

  1. Confirm the URL is correct – double-check the URL in case it’s misspelled or outdated. 
  2. Clear user end issues – clear the browser’s cache and cookies for a possible solution. If that fails, try flushing your DNS cache.
  3. Check authentication credentials – make sure you’ve entered the valid username and password. If the issue persists, try resetting the password.
  4. Disable password protection – if you experience this issue as the website administrator, try temporarily disabling the problematic section’s password protection by deleting the .htaccess and .htpasswd files.
  5. Troubleshoot the code – check the WWW-Authenticate header and try disabling problematic plugins, modules, or themes.

We hope that the information in this article has helped you fix the 401 error. If you have any questions or tips, feel free to leave us a comment in the section below.

401 Unauthorized Error FAQ

Why Do I Get 401 Unauthorized?

If you’re trying to access a page that has restricted viewing rights, you can get a 401 unauthorized error message. Usually contacting the page admin and getting valid login credentials solves this error.

Author
The author

Hasna A.

Hasna is passionate about tech, culture, and the written word. She hopes to create content that helps people succeed on the web. When not writing, rearranging, or polishing sentences, she enjoys live music and overanalyzing movies.