How to fix the 403 Forbidden error (11 simple methods)
A 403 Forbidden error is an HTTP status code that blocks access due to permission or configuration issues. This error indicates that the server understands the request but refuses to authorize it, typically because of restricted permissions.
Keep reading as we walk you through actionable solutions to fix the 403 Forbidden error, from simple troubleshooting steps to more advanced server-side configurations:
- Clear browser cache and cookies.
- Temporarily disable your VPN.
- Scan for malware.
- Disable conflicting WordPress plugins.
- Turn off your CDN temporarily.
- Restore or regenerate the .htaccess file.
- Reset file and directory permissions.
- Edit file ownership settings.
- Upload an index page.
- Verify your A record.
- Update your nameservers.
Additionally, potential causes that can trigger this error include:
- Misconfigured file and folder permission settings. Prevents users from accessing sensitive files or certain parts of a website, often leading to a 403 Forbidden error.
- Corrupt .htaccess file. Misconfiguration or malware can break the .htaccess code.
- Missing index page. The index.html or index.php file, which is the default homepage template, isn’t available in the website’s directory.
- Incompatible WordPress plugin. A WordPress plugin might be conflicting with another plugin or could’ve been incorrectly configured.
- Incorrect IP address. The domain name points to an inaccurate IP address, blocking access to your website.
- Malware scan. Your website’s security measures can limit access to specific resources to prevent malicious attacks.
- New webpage link. The webpage link was recently updated, causing it to differ from the cached version.
- Empty website directory. The URL is trying to access your website’s directory instead of a file.
Download comprehensive HTTP status codes cheat sheet
1. Clear your browser cache and cookies
Browser cache stores outdated files, which can conflict with updated site permissions and trigger a 403 error. Cookies save login and preference data, and when they become corrupted or outdated, they may block access to some pages.
First, clear your browser cache and cookies to remove any conflicting or outdated data. This forces the browser to fetch fresh files from the server, which can resolve access issues – though you’ll need to log in again to most sites afterward.
Here’s how to do it in Google Chrome (similar steps apply to Firefox and Safari):
- Click the three-dot icon in the top-right corner and select Settings.
- Go to Privacy and security → Delete browsing data.
- In the time range menu, choose All time.
- Check Cookies and other site data and Cached images and files.
- Click Delete data to remove them.
After clearing cache and cookies, revisit the website and try logging in to see if the 403 Forbidden error is resolved.
2. Temporarily disable VPN
A virtual private network (VPN) routes your connection through remote servers. However, some websites block these servers for security or regional compliance, often resulting in a 403 error.
Temporarily disable your VPN and try accessing the website again. If this resolves the issue, switch to a different VPN server or contact your VPN provider for guidance.
If these simple checks don’t solve the problem, move on to the next steps, which involve checking your website’s security.
3. Scan for malware
Malware can insert harmful code into your website’s files. This can change permissions or configuration rules, leading to restricted access and a 403 Forbidden response.
Scan your website for malware to identify and remove any harmful code. On Hostinger web hosting plans, you can use the built-in Malware Scanner in hPanel without third-party tools:
- Go to your website’s dashboard, then select Security → Malware Scanner from the left sidebar.
- If no malware is found, you’ll see your hosting plan’s name and the time since the last scan.
- Otherwise, the tool will list the infected files and the actions taken to clean them.
For additional protection, use reputable WordPress malware scanner plugins like Wordfence or Solid Security. These tools detect threats in real time and block suspicious activity before it can cause further issues.
If the scan reveals infections, clean or replace the affected files, then recheck your site to confirm the 403 error is gone.
4. Disable WordPress plugins
Faulty or incompatible WordPress plugins may override permission settings. When this happens, affected pages can become inaccessible and return a 403 Forbidden error.
Disable your WordPress plugins to determine if one is causing the issue. You can do this from your WordPress dashboard or directly in hPanel if you’re a Hostinger customer:
- From your website’s dashboard, go to WordPress → Security.
- Scroll down to the Installed plugins section.
- Toggle each plugin off individually and check your site after each change.
If you prefer a manual method, you can disable all plugins at once via the file manager or an FTP client:
- Navigate to the wp-content folder in public_html.
- Rename the plugins folder to disabled-plugins. This will deactivate all plugins simultaneously.
- Check your website. If the error is gone, one of the plugins is the culprit.
- Rename the folder back to plugins to reactivate them.
- From your WordPress dashboard, deactivate plugins one by one to identify the problematic one.
Once you’ve found the plugin causing the error, update it or remove it entirely.
If security-related fixes don’t work, the next steps address server configurations and file settings.
5. Temporarily disable CDN
A content delivery network (CDN) stores cached copies of your site across multiple servers, and outdated or misconfigured cache can lead to a 403 status code.
If your website uses a CDN, temporarily turn it off to check if it’s serving the error instead of your origin server. Hostinger automatically enables the in-house CDN for the Business web hosting plan and above. To disable it in hPanel:
- Go to Performance → CDN.
- In the CDN status section, hit Disable.
- If this resolves the problem, keep the CDN disabled temporarily and contact our support for further troubleshooting.
6. Restore the .htaccess file
A corrupted or misconfigured .htaccess file can apply incorrect server rewrite or access rules, blocking visitors and returning a 403 Forbidden error.
If recent changes or malware have altered your .htaccess file, replace it with a clean version. If you’re using Hostinger, you can create a new .htaccess file through hPanel’s File Manager:
- Go to Files → File Manager in your website dashboard.
- Open the public_html directory and locate the .htaccess file.
- Right-click the file and select Download to create a backup.
- Delete the current .htaccess file.
- Click New file and name it .htaccess without any extensions.
- Paste the following default code and save the file:
# Enable URL Rewriting
RewriteEngine On
# Rewrite rule to redirect requests to index.php
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ index.php?/$1 [L]
For WordPress websites, you can also regenerate the file without using File Manager:
- Log in to your WordPress dashboard.
- Go to Settings → Permalinks.
- Hit Save Changes without modifying any settings.
After restoring .htaccess, try accessing your site again. If the error disappears, the file was likely the cause.
7. Reset file and directory permissions
File permissions control access to your website’s data. When a file is too restrictive, the server blocks access for security reasons, resulting in a 403 Forbidden error.
If your file permissions are incorrect, you can easily reset them in just one click using Hostinger’s built-in Fix File Ownership tool:
- In hPanel, search for Fix File Ownership.
- Select the checkbox to confirm and hit Execute. The tool will automatically set default permissions for all website files and folders.
Alternatively, you can reset file permissions manually using an FTP client like FileZilla:
- Connect FileZilla to your website.
- Right-click the public_html directory and select File Attributes.
- In the Numeric value field, enter 755 for directories. This lets the owner read, write, and execute the file but prevents others from modifying it.
- Select Apply to directories only, then hit OK.
- For files, repeat the process, entering 644 for the Numeric value and selecting Apply to files only. This gives the owner read and write access, while others can only read.
Once you’ve applied the correct permissions, revisit your site to confirm if the 403 error disappears.
8. Edit File Ownership
In Linux and VPS hosting environments, the ownership settings decide which users can modify or execute files. If ownership is incorrectly assigned, you may be denied access to certain resources, causing a 403 error.
This fix is more technical, as it requires using SSH to connect to your server and running Linux commands. Follow these steps to check and adjust file ownership in Linux:
- Connect to your server using an SSH client like PuTTY.
- To check the ownership of a file, run:
ls -l [file name]
The output will look like this:
-rwxrw-rw- 1 [owner][group] 22 Sep 22 10:00 filename.txt
- Owner and group should match your hosting account’s username. If not, use the chown command to fix it:
chown [owner][:group] [file name]
For example, if your username is John, use:
chown John filename.txt
9. Upload an index page
If your website lacks an index page, such as index.html or index.php, users may receive a 403 Forbidden error when trying to access it.
This occurs because the web server expects an index page to load by default, and without one, the server blocks access.
First, check if your homepage is named index.html or index.php. If not, rename it through your FTP client or file manager.
If the index page is missing, create one. Here’s how:
- Access your website’s directory.
- Upload or create an index.html or index.php file inside the public_html directory.
- After uploading, try visiting your website again to verify that it now loads the homepage correctly.
If you’re still facing issues, we have two more troubleshooting steps involving domain-related configurations that you can try.
10. Verify the A record
The A record is a type of Domain Name System (DNS) record that maps your domain to the correct IP address. If your domain’s A record points to the wrong IP, users may be denied access to your website. This leads to a 403 Forbidden response.
If you host your website with Hostinger, first find your site’s IP address by going to hPanel → Hosting Plan → Plan Details.
Then, check if your domain’s A record is pointed correctly by following these steps:
- Navigate to Advanced → DNS Zone Editor.
- Locate the A records by scanning the Type column.
- Examine the IP addresses listed in the Content column.
- If the A record doesn’t point to the correct IP address, click Edit to modify it, then click Update.
Please note that editing the A record may affect the services or subdomains using it.
If this doesn’t resolve the error or causes disruptions, consider creating a new A record instead:
- In the same DNS / Nameserver page, scroll up to the Manage DNS records section.
- Select A for the Type, then enter the correct IP address in the Points to field.
- Click Add Record to create the new A record.
11. Update nameservers
When you change hosting providers, your domain’s DNS records need to be updated to point to the correct nameservers. If you skip this step, users will still be directed to your old host, which leads to access issues like the 403 Forbidden error.
If you register your domain at Hostinger, here’s how to update your domain’s nameservers:
- Go to Domains → Domain portfolio → Manage next to your domain.
- Select DNS / Nameservers → DNS records.
- Choose Use Hostinger nameservers (recommended) if your website is with Hostinger, or Change nameservers if you host your site elsewhere.
- Fill in the correct nameserver details, then hit Save.
Learn how to fix the 403 Forbidden error with Hostinger Academy
If you prefer a visual guide, watch our video to discover easy-to-follow solutions for fixing the 403 Forbidden error. We’ll show you step-by-step instructions on how to apply key troubleshooting methods, like adjusting file permissions and resolving issues with the .htaccess file.
Key takeaways
Troubleshooting the 403 Forbidden error requires a systematic approach. Start with the simplest fixes and gradually progress to more complex solutions.
- Clear your browser cache and cookies and switch off your VPN connection to rule out local issues like outdated data or restricted access.
- Perform malware scans and update plugins to avoid conflicts and ensure that your site is secure.
- Reset file permissions and restore your .htaccess file to correct server-side issues that may be blocking access.
- Verify your domain’s A record and nameservers to ensure that your domain points to the correct IP address and has the right configuration for server communication.
If the 403 problem persists, there are still some other methods worth trying:
- Check for issues with hidden files or directories that might be causing the error.
- Inspect the server error logs for detailed information about what might be causing the 403 error.
- Contact your hosting provider’s support team to help you diagnose and fix the error.
All of the tutorial content on this website is subject to Hostinger's rigorous editorial standards and values.
Ariffud is a Technical Content Writer with an educational background in Informatics. He has extensive expertise in Linux and VPS, authoring over 200 articles on server management and web development. Follow him on LinkedIn.
Jordana is a Senior Content Writer at Hostinger with a background in Information Systems. She has over five years of experience in WordPress and is casually dabbling with PHP and MySQL. Her passion for writing and technology drives her to create tutorials for anyone wanting to build their online presence. Follow her on LinkedIn.
Comments
March 04 2019
Thanks for the post. The fix for me was one of the plugins that was causing it.
August 30 2019
oh, very helpful!!! thanks!
April 21 2020
FINALLY!! After going through and checking Cloudflare security settings, Sucuri firewalls, Wordfence IPs, deleting/disabling ALL plugins, checking web server resources and a whole lot more 'fixes' that so many others have recommended ... simply deleting the .htaccess file did the trick. Thank you so much for a great resource!
March 01 2022
I have a problem of my website, last few month , 15days gap, a file downloaded instead of opening my site, everytime I change .htaccess file, change version of php, then open my site, but why this happen everytime, what is the permanent solution?
March 01 2022
Hi there, it looks like your website might be hacked - I would suggest to contact your host and check out this guide on how to fix a hacked website if necessary.
May 13 2020
Thank you, this was very helpful!
June 11 2020
I am so happy this worked and I did not contact anyone from support. * THE MORE YOU KNOW*
July 05 2020
Thanks. This has cured the error on my site. You might want to add to the article that it can take quite some time for the Permissions to change. So far mine are still going and taking over half an hour.
July 07 2020
Happy to help, Bernie! :) If your changes take a while to reflect, try clearing your browser cache. We have a tutorial for that here.
August 06 2020
good
August 21 2020
Just I can say Thank thank and thank you this was very helpful You are perfect
August 25 2020
You are very welcome, Reza! Thank you for your kind words!
August 22 2020
I had this anonymous mail from wordcamp@wordpress.com which registered itself as an admin to my website and later i am still unable to retrieve it after doing all the steps given above I need instant help
November 11 2020
Hey Harshit! :) Looks like your website got hacked. Check this guide here. You can also follow our guide here on how to clean your website up! :) Good luck.
September 08 2020
Thank You so much. 403 forbidden issue solve: it was because the .htaccess file was corrupted. How? 1) Downloaded the .htaccess from Cpanel to have a backup of it. and then, deleted the file. 2) Generated a fresh .htaccess file, by login to the WordPress dashboard, and click on Settings › Permalinks. 3)Without making any changes I clicked on the save changes button at the bottom of the page. and it generated a fresh .htaccess file for me And my issue just got fixed
November 11 2020
Hey Muhammad. Thanks for the input. Glad it worked.
September 26 2020
Hi,i i did everything but still my issue is not resolved. What else can be the problem. Is it possible to have a problem from hosting provider?
November 18 2020
Hey there Zubair. Please make sure you are pointing to the correct nameservers/IP address. Additionally, you can message our Success team and they will gladly help you out.
November 13 2020
I have tried all 3 above methods to explained but my problem is still not resolve. Please let me know if any other solution is possible. 403 Forbidden Access to this resource on the server is denied!
February 02 2021
Hi there! If this doesn't help, I'd suggest you contact our Customer Success team to help you troubleshoot ;)
November 18 2020
Thank you so much for this. I tried so many other "solutions" from other sites, but this went straight to the issue and I could fix it in minutes. Deleting .htaccess instantly solved my problem. You officially rock!
February 09 2021
Happy it helped, Trevor!
November 30 2020
403 Access Denied I have seen these error on my site and it's not solved by the above answer. Please help me.
February 09 2021
Hi! It could be that the issue is coming from your host's side. If all of the options above didn't help resolve it, I'd suggest checking with your host to help you troubleshoot :)
December 09 2020
I have a website (wordpress) and this works well. If I log in as a member this works fine but if I log in as an administrator I get “Forbidden You don’t have permission to access on this server.” in front page and admin page. If I delete cookies the site is online again. I follow all step I delete .htaccess file I have change the permitions in all folders (755) and all files (644) with ftp. I have rename plugin folder, but nothing... Any idea?
February 09 2021
Hi, Panos! If disabling .htaccess and plugins didn't help, I'd suggest checking with our Customer Success team - they'll be happy to help you troubleshoot further :)
May 06 2021
Arts council England website keeps giving me a '403 forbidden' error- nginx. what has happened? am i blacklisted? Arts council wales and Scotland works for me -so do other websites. arghhh! help!
May 13 2021
Hi Tracey, The error could be coming from the website you are trying to access. They may need to fix their permissions before you are able to access it again.
August 03 2021
You forgot to include that wp-config.php needs to then be changed back to 600 or you'll be letting the world access your config file.
September 24 2021
Hi Paul, that's a good point - thanks for pointing that out! However, it will only be accessible from inside of the server, so as long as your server isn't compromised, it shouldn't be an issue. You can read more about it over here :)
March 04 2022
good work
March 10 2022
Over the past couple of days, I've been seeing an increase in traffic across multiple sites I manage getting 403 - Forbidden errors, and the URLs they're generating them from are not ones the public should be able to access. It's always the same IP address with a known malicious user-agent triggering this error code and being blocked by WordFence. So I'd add that another cause of this error is your file permissions doing their job properly and stopping a bad actor from gaining unauthorized access to areas of your site or server they should not have access to.
March 16 2022
Hi Jason, that's a very good point - thanks for pointing that out and sharing!
March 23 2022
Solves problem forbidden
April 21 2022
I have a Wordpress site showing "Forbidded:You don't have permission to access this resource." Now I follow all the instructions here and even remove all files just leaving the domain. But still it is showing the forbidden error. Help please.
April 25 2022
Hello there, I would suggest to reset all of your permissions to default and make sure you have a /public_html folder along with an index.php or index.html file in there. If that doesn't help, it would be best to contact your hosting provider to check if everything is well on their end and that your IP is not being blocked. In case you're hosting with Hostinger, you can reach our Customer Success team here.
June 04 2022
I am still getting the 403 forbidden error, even after I followed the steps you provided in the tutorial that didn't apply to WP, as I don't use WP. I don't understand why this is happening. Sometimes it appears to load fine, and other times, it gives me the 403 error. I tried using two different browsers and the same thing happens on both. Sometimes it works and other times it doesn't. Please help.
June 07 2022
Hi there! Most of the methods mentioned in the article (apart from plugins) are applicable to any website, so I'd suggest going through them again and making sure you've tried them all ?
October 24 2022
i cant open my website. so how can i edit public_html folder along with an index.php ??
October 28 2022
Hi, TO edit public_html, you do not need for the website to be running, as website files are edited from the File Manager or an FTP client. You can check out this article to learn how to use File Manager.
March 09 2023
i need 403 solution
March 10 2023
Hey there! If you see a 403 Forbidden error it's usually related to permissions. First make sure that your domain is properly pointing to your hosting provider since incorrect A record can cause 403. Next up, double check file permissions from your hosting provider File Manager, depending on the file/folder type permission values will be different. Another possible cause is .htaccess file or plugins that create restricting rules inside .htaccess file, best bet would be to reset it to its default values. Hope this helps!
April 04 2023
I build my own website using python. As per instruction I have tried all the applicable solutions but to no avail. Initially I was redirected to the hostinger page. One info as per an article in your website was to delete the default.php file when being redirected to hostinger, but after deleting the default.php I was being shown Error: 403. Also after double clicking the "public.html" I only see my website folder and nothing other than that, I don't see .htaccess Now how do I navigate. (is .htaccess something that is present when using wordpress ? )
April 07 2023
Hello there! Public_html folder is where all of your website files should be located along with the index.php or index.html file. A quick test to see if everything is working properly is to create an index.html file on domains/yourdomain.tld/public_html/index.html, as for contents you can use code from here. After that, visit your website and you should see the generic landing page. As for .htaccess it can be used on any type of website not only WordPress and it can be responsible for protecting your site with a password, creating a custom-made error page or redirecting visitors to another pages, more about it here. Now lastly, keep in mind that Python websites are only supported on our VPS plans, so if you are using shared hosting, it won't work and you would need to migrate your files to a VPS. If I missed something or you have any additional questions, feel free to contact our live support and we will gladly help you!
November 15 2023
Thank you for this im a high school student and this really helped me i was wondering why my websites we'rent working thank you
November 16 2023
You're welcome! If you have any more questions, feel free to ask. Happy coding ?
March 30 2024
Nice elaboration
July 21 2024
When I want make paypal account it shows mee 403 error
July 24 2024
Hello there! A 403 error usually means access is denied. Try clearing your browser's cache or using a different browser. If the problem persists, you might need to contact PayPal support.