What Is the 403 Forbidden Error & How to Fix It (8 Methods Explained)
Start A Free 7-day Email Course On WordPress
You might encounter the 403 forbidden error when you visit an empty website directory or a specific page that has a permission error. This is because most websites are set up to disallow directory browsing to prevent attackers from accessing sensitive files.
However, if you or your visitors encounter this error on your site, it’s necessary to fix the issue or you may risk losing valuable traffic. Since its causes vary, there are many methods to resolve the 403 errors.
We will explain the different types of 403 forbidden errors, their possible causes, and also provide eight methods to fix the 403 forbidden error.
| Error code | 403 Forbidden Error |
| Error type | Client-side error |
| Error variations | Forbidden: You don’t have permission to access [directory] on this server HTTP Error 403 – Forbidden Error 403 – Forbidden 403 forbidden request forbidden by administrative rules 403 Forbidden Access Denied – You don’t have permission to access Error 403 HTTP 403 Forbidden |
| Error causes | Missing index page Broken WordPress plugin Wrong IP address Malware infection New web page link |
What Is a 403 Forbidden Error?
403 Forbidden – you don’t have permission to access this resource is an HTTP status code that occurs when the web server understands the request but can’t provide additional access.
Video Tutorial
Learn the most common causes and how to fix the 403 forbidden error.
Causes of 403 Forbidden
Often, HTTP 403 forbidden errors are caused by an access misconfiguration on the client-side, which means you can usually resolve the issue yourself.
A common cause of these errors is the file or folder permission settings, which control who can read, write, and execute the file or folder.
There are two possibilities in this case: either the website owner edited the settings so that you couldn’t access the resources, or they didn’t set the correct permissions.
The second common cause is corrupt or incorrect settings in the .htaccess file. This might happen after you’ve made changes to the file. Luckily, it’s easy to solve the issue by simply creating a new server configuration file.
Other than those two common causes, here are some other possible triggers for the error:
- Missing index page – the website’s homepage name is not index.html or index.php.
- Faulty WordPress plugin – if a WordPress plugin is not configured correctly or is incompatible with another plugin, it may trigger the 403 errors.
- Wrong IP address – the domain name points to a wrong or old IP address which now hosts a website that blocks your access.
- Malware infection – a malware infection may cause the .htaccess file to be constantly corrupted. You’ll need to remove the malware before restoring the file.
New web page link – the site owner may have updated the page’s link, which is now different from the cached version.
How to Fix the 403 Forbidden Error
Since the HTTP 403 forbidden error is closely related to file access permissions, this will be the main focus of the following methods to solve it. That said, there are other ways of resolving this issue, such as clearing the browser cache or scanning for malware.
Let’s take a better look at each of the eight available methods to solve the HTTP error 403.
Please note that while the steps mentioned here mainly focus on WordPress, they can be applied to other websites as well.
1. Check the .htaccess File
You may not be familiar with the .htaccess file, as it often remains hidden in the site directory. However, if you use Hostinger File Manager, the file is available in your public_html directory by default.
Follow these steps to locate it:
- Find the File Manager on the hPanel dashboard.
- Open the public_html directory to find the .htaccess file.
If you use cPanel, follow these steps:
- Locate File Manager on cPanel.
- In the public_html directory, look for the .htaccess file.
- If you can’t find the file, click on Settings on the top-right corner of the screen and enable the Show Hidden Files (dotfiles) option.
The .htaccess file is a server configuration file and mainly works by altering the Apache Web Server settings.
Although the file is present on most websites by default, you need to create a new file manually if your website doesn’t have it or if it was deleted unintentionally.
Now that you have found the file, follow these steps to check whether a wrong configuration is causing the error:
- Right-click on the file and select Download to create a backup.
- Once you have the backup, delete the file.
- Try accessing your website. If it works fine, this indicates that the file was corrupted.
- To generate a fresh .htaccess file, log in to your WordPress dashboard and click on Settings -> Permalinks.
- Without making any changes, click the Save Changes button at the bottom of the page.
This will generate a fresh .htaccess file for your website. If this didn’t solve the issue, try the next method.
2. Reset File and Directory Permissions
Another possible cause triggering HTTP 403 errors is incorrect permissions for files or folders. In general, when files are created, they come with specific default file permissions, which control how you can read, write, and execute them.
Pro Tip
If you’re using Hostinger, there’s a special tool that will take care of all your permission problems in just a single click. Enter Fix File Ownership in the search bar or scroll to the bottom of your control panel to Other and locate it there.
This tool will save you loads of time and will restore all file and directory permissions to default values.
Using FTP will let you edit file and folder permissions. To begin, you should:
- Configure an FTP client and connect it to your website.
- Once connected, right-click public_html and select File Attributes.
- Enter permission 755 in the Numeric value field, select Apply to directories only, and press OK.
The general practice for file permission numeric values is using 755 for folders, 644 for static content, and 700 for dynamic content.
- After changing folder permissions, repeat step 2 and step 3, but now enter 644 in the Numeric value field and select the Apply to files only option.
Once done, try accessing your website and see if the error is resolved.
3. Disable WordPress Plugins
If you have come this far and none of the previous methods work, chances are that the error is caused by an incompatible or faulty plugin. In this step, we will try disabling plugins to check whether doing so fixes the 403 forbidden error.
We recommend disabling all the plugins at once instead of going through the process one by one. Following this method, you should be able to detect the problem and work towards a solution. Here is what you’ll have to do:
- Access your hosting account via FTP or use the hosting account’s file manager and go to the public_html -> wp-content folder.
- Locate the plugins folder.
- Rename the folder with a different name like “disabled-plugins” to disable all plugins.
Try reaccessing the website. If the error is no longer there, a problematic plugin is the actual source of the error.
Rename the folder back to plugins. Now you have to disable the plugins one by one from your WordPress dashboard and check if the site is still working. This way, you will be able to detect the faulty plugin.
Once you find it, update the plugin if necessary or delete it. However, if the error still appears, you may need to contact your hosting provider for assistance.
4. Upload an Index Page
Check your website’s homepage name – it should be called index.html or index.php. If it’s not, then there are two alternatives. The first and simplest one is to rename the homepage as index.html or index.php.
However, if you want to keep the current homepage name, upload an index page to your public_html directory and create a redirect to your existing homepage.
Here are the steps to follow:
- Upload an index.html or index.php file to your public_html directory. Use your hosting account’s file manager or FTP to do so.
- Open the .htaccess file.
- Insert this code snippet to redirect the index.php or index.html file to your existing homepage. Don’t forget to replace
homepage.htmlwith the page’s actual name.
Redirect /index.html /homepage.html
5. Edit File Ownership
Incorrect file ownership can trigger the 403 forbidden error if you use Linux or VPS web hosting.
Typically, files and folders can be assigned to an Owner, a Group, or both. Keep in mind that you need SSH access to modify ownership in these environments. You’ll also need an SSH terminal to connect to the VPS.
Once you’ve connected SSH to your website server, check the ownership by using this SSH command:
ls -1 [file name]
The result will look something like this:
-rwxrw-rw- 1 [owner][group] 20 Jul 20 12:00 filename.txt
Look at the owner and group part. The correct ownership should be your hosting account’s username. If you see different ownership, use the chown Linux command to modify file ownership. Here’s the basic syntax for chown:
chown [owner][:group] [file name]
For example, if your username is Hostinger, use syntax like this:
chown Hostinger filename.txt
If you don’t feel comfortable using SSH yourself, contact our support team for help.
6. Verify the A Record
The 403 forbidden error can also happen if your domain name points to the wrong IP address, where you don’t have a permission to view the content. Therefore, double-check that your domain name points to the correct IP address.
To check if the domain A record is pointed correctly, access the DNS Zone Editor on your hPanel:
- Log in to your hPanel.
- Go to the Advanced section and click on DNS Zone Editor.
- You will see a list of DNS records. Find a record with the label A in the type column.
- Check the IP address on the Content column.
- If it’s pointing to the wrong IP address, click Edit to change it. Once you’ve finished, click Update.
If you don’t find the correct record, create a new one from the Manage DNS records section. Make sure you select A as the Type and insert the correct IP address into the Points to field. Then, click Add Record.
If you have recently migrated from one web host to another and forgot to change your nameservers, your domain may still be pointing to your old web host. Once the old host cancels your account, it will cause a 403 error status code.
7. Scan for Malware
Malware can be another cause of the 403 error. If your WordPress site becomes infected by malicious software, it may constantly keep injecting unwanted code into the .htaccess file. That way, even if you keep fixing the file using the first method we presented, the error will persist.
Scan your website to identify any malware. There are plenty of security plugins for WordPress such as Sucuri or Wordfence to do so.
Most WordPress security plugins like WordFence can remove malware. Once the plugin identifies all infected files, you’ll get actionable options for these files, such as deleting or restoring them.
Another method is restoring the website using backup files. It’s also possible to restore it using the database backup if you don’t have a complete backup of the site files.
8. Clear Your Web History/Cache
Your browser’s cache and cookies may also cause a 403 error. Cache stores data to make a website load faster the next time you visit it. However, it’s possible that the website’s link has been updated, and the actual web page link is now different from the cached version.
Another possibility is that the error comes from the cookies. It may be the case on a website that you usually log in normally, but the latest login attempt showed you this error message.
Clearing browser cache and cookies should resolve this issue. Note that clearing the cache may cause the next visit to the website to take a long time as your browser will ask for all the site files again. Clearing the cookies also signs you out from all logged-in websites.
Follow these steps to clear the cache and cookies on Google Chrome:
- Click on the three-dot icon on the top right corner and select Settings.
- Find the Privacy and security section and click Clear browsing data.
- Use the drop-down menu to select the time frame for data deletion. Then, check the Cookies and other site data and Cached images and files options.
- Click Clear data.
Once you’ve completed all the steps, try revisiting the website and logging in if it requires you to do so. If this or any other solutions don’t work, we recommend contacting our support team via live chat to resolve this issue.
Troubleshooting Other 4xx Errors
How to Fix 401 Unauthorized Error?
How to Fix 413 Entity Too Large Error?
How to Fix 404 Not Found Error?
How to Fix 429 Too Many Requests Error?
HTTP Error 431: 3 Ways to Fix Request Header Fields Too Large
Conclusion
403 forbidden errors can cause a great deal of frustration as they will prohibit you from accessing a resource. They mainly occur due to incorrect file permissions, but there are several other possible causes, like a missing index file, faulty plugins, or even a malware infection.
Finding the real cause of the 403 errors can be tricky. However, by following the methods listed in this article, we’re sure you can get your website working again.
To recap, here are the actions you should take to get rid of the 403 error message on your WordPress site:
- Check the .htaccess file.
- Reset file and directory permissions.
- Disable WordPress plugins.
- Upload an index page.
- Edit file ownership.
- Verify the A record.
- Remove any malware.
- Clear the web browser history and cache.
The 403 forbidden error is just one of many HTTP error codes. As a website owner, you may have encountered other client-side errors such as the 404 error or server-side errors like the 504 gateway timeout.
We encourage you to keep learning about these errors so that you know how to handle them if they ever appear on your website.
Was this tutorial helpful?
Domantas leads the content and SEO teams forward with fresh ideas and out of the box approaches. Armed with extensive SEO and marketing knowledge, he aims to spread the word of Hostinger to every corner of the world. During his free time, Domantas likes to hone his web development skills and travel to exotic places.
Comments
March 04 2019
Thanks for the post. The fix for me was one of the plugins that was causing it.
August 30 2019
oh, very helpful!!! thanks!
April 21 2020
FINALLY!! After going through and checking Cloudflare security settings, Sucuri firewalls, Wordfence IPs, deleting/disabling ALL plugins, checking web server resources and a whole lot more 'fixes' that so many others have recommended ... simply deleting the .htaccess file did the trick. Thank you so much for a great resource!
March 01 2022
I have a problem of my website, last few month , 15days gap, a file downloaded instead of opening my site, everytime I change .htaccess file, change version of php, then open my site, but why this happen everytime, what is the permanent solution?
March 01 2022
Hi there, it looks like your website might be hacked - I would suggest to contact your host and check out this guide on how to fix a hacked website if necessary.
May 13 2020
Thank you, this was very helpful!
June 11 2020
I am so happy this worked and I did not contact anyone from support. * THE MORE YOU KNOW*
July 05 2020
Thanks. This has cured the error on my site. You might want to add to the article that it can take quite some time for the Permissions to change. So far mine are still going and taking over half an hour.
July 07 2020
Happy to help, Bernie! :) If your changes take a while to reflect, try clearing your browser cache. We have a tutorial for that here.
August 06 2020
good
August 21 2020
Just I can say Thank thank and thank you this was very helpful You are perfect
August 25 2020
You are very welcome, Reza! Thank you for your kind words!
August 22 2020
I had this anonymous mail from wordcamp@wordpress.com which registered itself as an admin to my website and later i am still unable to retrieve it after doing all the steps given above I need instant help
November 11 2020
Hey Harshit! :) Looks like your website got hacked. Check this guide here. You can also follow our guide here on how to clean your website up! :) Good luck.
September 08 2020
Thank You so much. 403 forbidden issue solve: it was because the .htaccess file was corrupted. How? 1) Downloaded the .htaccess from Cpanel to have a backup of it. and then, deleted the file. 2) Generated a fresh .htaccess file, by login to the WordPress dashboard, and click on Settings › Permalinks. 3)Without making any changes I clicked on the save changes button at the bottom of the page. and it generated a fresh .htaccess file for me And my issue just got fixed
November 11 2020
Hey Muhammad. Thanks for the input. Glad it worked.
September 26 2020
Hi,i i did everything but still my issue is not resolved. What else can be the problem. Is it possible to have a problem from hosting provider?
November 18 2020
Hey there Zubair. Please make sure you are pointing to the correct nameservers/IP address. Additionally, you can message our Success team and they will gladly help you out.
November 13 2020
I have tried all 3 above methods to explained but my problem is still not resolve. Please let me know if any other solution is possible. 403 Forbidden Access to this resource on the server is denied!
February 02 2021
Hi there! If this doesn't help, I'd suggest you contact our Customer Success team to help you troubleshoot ;)
November 18 2020
Thank you so much for this. I tried so many other "solutions" from other sites, but this went straight to the issue and I could fix it in minutes. Deleting .htaccess instantly solved my problem. You officially rock!
February 09 2021
Happy it helped, Trevor!
November 30 2020
403 Access Denied I have seen these error on my site and it's not solved by the above answer. Please help me.
February 09 2021
Hi! It could be that the issue is coming from your host's side. If all of the options above didn't help resolve it, I'd suggest checking with your host to help you troubleshoot :)
December 09 2020
I have a website (wordpress) and this works well. If I log in as a member this works fine but if I log in as an administrator I get “Forbidden You don’t have permission to access on this server.” in front page and admin page. If I delete cookies the site is online again. I follow all step I delete .htaccess file I have change the permitions in all folders (755) and all files (644) with ftp. I have rename plugin folder, but nothing... Any idea?
February 09 2021
Hi, Panos! If disabling .htaccess and plugins didn't help, I'd suggest checking with our Customer Success team - they'll be happy to help you troubleshoot further :)
May 06 2021
Arts council England website keeps giving me a '403 forbidden' error- nginx. what has happened? am i blacklisted? Arts council wales and Scotland works for me -so do other websites. arghhh! help!
May 13 2021
Hi Tracey, The error could be coming from the website you are trying to access. They may need to fix their permissions before you are able to access it again.
August 03 2021
You forgot to include that wp-config.php needs to then be changed back to 600 or you'll be letting the world access your config file.
September 24 2021
Hi Paul, that's a good point - thanks for pointing that out! However, it will only be accessible from inside of the server, so as long as your server isn't compromised, it shouldn't be an issue. You can read more about it over here :)
March 04 2022
good work
March 10 2022
Over the past couple of days, I've been seeing an increase in traffic across multiple sites I manage getting 403 - Forbidden errors, and the URLs they're generating them from are not ones the public should be able to access. It's always the same IP address with a known malicious user-agent triggering this error code and being blocked by WordFence. So I'd add that another cause of this error is your file permissions doing their job properly and stopping a bad actor from gaining unauthorized access to areas of your site or server they should not have access to.
March 16 2022
Hi Jason, that's a very good point - thanks for pointing that out and sharing!
March 23 2022
Solves problem forbidden
April 21 2022
I have a Wordpress site showing "Forbidded:You don't have permission to access this resource." Now I follow all the instructions here and even remove all files just leaving the domain. But still it is showing the forbidden error. Help please.
April 25 2022
Hello there, I would suggest to reset all of your permissions to default and make sure you have a /public_html folder along with an index.php or index.html file in there. If that doesn't help, it would be best to contact your hosting provider to check if everything is well on their end and that your IP is not being blocked. In case you're hosting with Hostinger, you can reach our Customer Success team here.