WordPress 403 Forbidden: Troubleshooting

by

7-layers of Security for Your WordPress Site

Your website needs the most comprehensive security to protect it from the constant attacks it faces everyday.

Struggling with a 403 Forbidden error when trying to access your site? It’s both scary and annoying, but you can work through WordPress errors like this. 

It’s frustrating when some pages redirect and show this puzzling message. Maybe you updated a plugin, only for your browser to respond with a 403 error. Or you tried refreshing your page, hoping it was a temporary glitch, but the refresh button isn’t helping this time. Even worse, your customers are hitting the same 403 forbidden wall. But don’t worry; this problem can be fixed, and we’re here to guide you through it step-by-step.

TL;DR: A 403 forbidden error might pop up because of incorrect file permissions, plugin conflicts, or server settings. Fixing it usually requires changing core files, so always back up your site first to prevent more problems.

What is the WordPress 403 forbidden error? 

It’s an HTTP status code that means your server recognizes the request but refuses to grant access to the resource. In simpler terms, it’s your website saying, Access Denied. This isn’t just a hassle; it’s a common server-side error that can disrupt browsing for both site owners and visitors.

There are several reasons for a 403 error. Permission issues are a primary cause, where the server’s file permissions aren’t set correctly, blocking access. Plugin conflicts, especially after updates, can also trigger it. An incorrectly set up .htaccess file might cause access problems too. Lastly, overly strict security settings or firewall rules might unintentionally block valid requests, leading to a 403 forbidden error. Understanding these causes is the first step to resolving the issue for a smooth WordPress experience.

How to fix the WordPress 403 forbidden error? 

Now that we’ve identified the WordPress 403 forbidden error and its causes, let’s focus on how to fix it. Before diving into solutions, check if the issue is site-wide or just affecting you. Use a tool like Down for Everyone or Just Me to see if the error impacts all users or just your connection. This step is important; if others can access the site, the problem might be with your network or local settings. If the site is down for everyone, it indicates a server-side issue that needs fixing.

Pro Tip: Always back up your site before troubleshooting the 403 forbidden error. Changing core files or settings can have unintended results. With MalCare, you can easily create secure backups, giving you a safe restore point if anything goes wrong. This precaution can save you from potential headaches later on.

Change file permissions 

File permissions manage who can read, write, or execute files on your server, and they’re set with codes like 755 or 644. Directories typically need permissions set to 755, while files should be 644 to ensure proper access. 

Adjusting file permissions to the right settings can fix the 403 error by making sure your server allows the needed access for WordPress to work.

Using cPanel:  

  1. Log in to cPanel with your hosting credentials.  
  2. Go to File Manager.  
  3. Find your WordPress directory in public_html or a specific domain folder.  
  4. Right-click to select Change Permissions.  
  1. Adjust permissions to 775 to allow proper access.

Using an FTP client:  

  1. Connect to your server with FTP credentials.  
  2. Navigate to the public_html directory.  
  3. Right-click on your WordPress directory and select Info.  
  4. In the Permissions tab, set permissions to 775 for proper access.

Rewriting the .htaccess file

The .htaccess file offers security control over server behavior and access restrictions. It allows you to set rules for who can access certain directories or files, preventing unauthorized users from reaching sensitive areas. However, if not configured correctly, the .htaccess file can lead to a 403 error, blocking legitimate access due to overly stringent rules or misconfigured permissions. 

Replacing the old .htaccess to fix a 403 error involves resetting it to default. This file is crucial for URL handling and server instructions in WordPress. If it’s corrupted, it can cause access issues. Here’s how to safely reset it:

  1. Connect to your server using an FTP client.
  2. Navigate to your WordPress site’s root directory, usually public_html.
  3. Look for the .htaccess file. Make sure your FTP settings show hidden files.
  1. Rename the .htaccess file to .htaccess_old for backup.
  2. Open a text editor and create a blank file.
  3. Insert the default WordPress .htaccess rules:
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress
  1. Save it as .htaccess, with no extra extensions.
  2. Use your FTP client to upload the new .htaccess file to the root directory.
  3. Refresh your website in a browser to see if the 403 error is gone. If it’s resolved, the problem was the old .htaccess file. In that case, review the custom rules you had added to see what could cause the issue. If not, then delete the file and restore the name of the old file. 

Identify incompatible plugins

Checking for incompatible plugins can help resolve the 403 error. Sometimes, plugins with bad code, outdated software, or those not compatible with your server’s PHP version can cause conflicts. Even a plugin update can cause issues. Security plugins might even block requests if they mistakenly flag your IP. Here’s how to diagnose and fix these issues:

  1. Log in to your WordPress admin panel. Go to Plugins > Installed Plugins. Hover over a plugin and click Deactivate.

Pro tip: Start with security plugins since they might be blocking your access.

  1. After deactivating a plugin, visit your site to see if the error is gone. If it is, the disabled plugin may be at fault. Contact its support team for help.
  2. If the error remains, continue deactivating other plugins one by one. Check your site each time to find the one causing the problem.

Check for theme incompatibility

Eliminating theme incompatibility can fix the 403 error. As your site updates, themes might not stay aligned with the latest WordPress or PHP versions, causing access issues. Here’s how to solve this:

  1. Temporarily activate a default theme like Twenty Twenty-One or Twenty Twenty-Two. These themes are updated regularly to ensure compatibility.
  1. After switching themes, visit your site to see if the 403 error is gone. If it is, your old theme might be the problem.
  2. If your theme caused the issue, contact the theme developer or support for help. They might offer updates or fixes. If support isn’t available, consider switching to a compatible theme or hiring a developer to make necessary adjustments.

Clear browser cache

Cache consists of temporary files saved by your browser to speed up site loading. If a page or its settings, like permissions, are updated, the cache might not show these changes, causing errors. Clearing your cache ensures that your browser loads the most recent version of the page, which might resolve issues from outdated or corrupt cached data.

Correct any DNS misconfigurations

DNS, or Domain Name System, acts like the internet’s address book, turning domain names into IP addresses. These settings need to point correctly to your web server’s IP to ensure visitors can access your site without problems. Verify these details with your domain registrar.

Check correct directory ownership

Directory ownership decides who can control the files and directories on your server. Incorrect settings can cause access issues like the 403 error. When there’s a conflict, WordPress might not read or write the files it needs, disrupting your site.

Proper ownership settings help the server understand who can perform actions like reading or writing files. Usually, the web server user (like www-data or apache) needs the right permissions. Changing ownership requires root access to the server because it involves advanced command-line tools. This access ensures only authorized individuals can make these vital changes, protecting your site from potential vulnerabilities.

Review security settings

Review your WordPress security settings to prevent overly strict rules from blocking legitimate access. Security settings protect your site, but can sometimes be too restrictive. Custom security configurations, like firewall rules, need careful attention.

Firewalls determine which traffic can reach your site.

If these rules are too strict, they might block important ports and IPs, causing a 403 error. Periodically reviewing these settings ensures security without sacrificing access. For example, a lot of website owners were blocked by the Wordfence plugin. 

Another aspect is understanding port numbers. Ports regulate data flow in and out of your server. For web servers, ports 80 (non-HTTPS) and 443 (HTTPS) handle web traffic, while port 22 is common for SSH access. If you’ve changed default ports for security, make sure they’re properly set in your firewall. This prevents issues with access.

If you’ve tried all troubleshooting steps and the 403 error persists on your WordPress site, it’s time to contact your hosting provider for support. They have access to server logs and settings that you can’t reach, allowing them to identify and fix issues that are beyond your control.

How to prevent the 403 Forbidden error?

To prevent the WordPress 403 forbidden error, focus on proactive maintenance and management. Here’s how to keep your site stable and error-free:

  • Keep everything updated: Regularly update your WordPress core, themes, and plugins to the latest versions. Updates include security patches and compatibility improvements to avoid conflicts.
  • Regularly check file permissions: Ensure file and directory permissions are correct. Files should usually be 644 and directories 755 to prevent access issues.
  • Use a good security plugin: A reliable security plugin protects against unauthorized access and potential exploits. Choose one that offers insights and alerts for suspicious activity.
  • Disable unused plugins and themes: Remove inactive plugins and themes to reduce security risks and compatibility issues.
  • Configure a correct .htaccess file: Make sure your .htaccess file is set up properly for URL rewrites and server directives. Back it up regularly and know how to restore it if needed.
  • Set correct directory ownership: Ensure directory ownership aligns with server permissions for smooth operation. This is important if you change hosting or server setups.
  • Monitor server settings and firewall rules: Review these settings to ensure they aren’t overly restrictive. Check that necessary ports, like 22 (SSH) and 80 or 443 (web server), are correctly configured.

Pro Tip: Use a backup plugin to regularly back up your site. This way, if a 403 error occurs, you can quickly revert to a previous version, restoring original settings and minimizing downtime.

Final thoughts

Facing a 403 forbidden error means being blocked from your own site, which is both frustrating and disruptive. The causes can include misconfigured permissions, outdated themes, incompatible plugins, and restrictive server settings. Fixing this error often involves dealing with core files and configurations, so it’s important to be cautious to avoid further issues. Always back up your site before making changes to have a quick restore. With patience and care, you can troubleshoot the error and regain full access to your site.

FAQs

How to fix a 403 forbidden error in WordPress?  

To resolve a 403 error in WordPress, start by checking file permissions—they should typically be 644 for files and 755 for directories. Look at your .htaccess file for any issues and reset it to default if necessary. Try deactivating plugins and switching to a default theme to find conflicts. Also, verify that your DNS settings and server configurations are correct. If the problem persists, contact your hosting provider for help.

Can you fix a 403 Forbidden error?  

Yes, you can fix a 403 error by addressing its root causes. This involves checking file permissions, reviewing security and firewall settings, adjusting .htaccess configurations, and resolving conflicts with plugins or themes. With careful troubleshooting and backups in place, you can effectively resolve the error.

What is a 403 error log in WordPress?  

A 403 error log in WordPress is a record in your server logs created whenever a 403 error occurs. These logs provide detailed information about denied requests, helping identify issues like incorrect permissions or blocked IPs. Accessing these logs often requires contacting your hosting provider or checking server configuration files.

What is a 403 response in WordPress?  

A 403 response in WordPress is an HTTP status code that indicates the server acknowledges the request but refuses to grant access to the requested resource. This response can be caused by incorrect file permissions, misconfigured server settings, or conflicts with plugins or themes.

Does 403 Forbidden mean I’m blocked?  

A 403 forbidden error means access to a resource is denied. It doesn’t always mean you’re intentionally blocked. Instead, it indicates an issue with access permissions, server settings, or security configurations. Investigating the cause can reveal if it’s due to a restrictive setting or an IP block that needs adjustment.

Category:

You may also like


WordPress Site Not Loading: 7 Easy Fixes
WordPress Site Not Loading: 7 Easy Fixes

You’ve probably experienced a small business’s website crashing during a Black Friday sale. Eager shoppers flood the site all at once causing it to become unresponsive. This is one of…

Solve: The Site Is Experiencing Technical Difficulties
Solve: The Site Is Experiencing Technical Difficulties

“The site is experiencing technical difficulties” error can feel frustrating. Just when you’re about to update a plugin or upgrade your PHP, this pesky problem appears. And sometimes, it locks…

How can we help you?

If you’re worried that your website has been hacked, MalCare can help you quickly fix the issue and secure your site to prevent future hacks.

My site is hacked – Help me clean it

Clean your site with MalCare’s AntiVirus solution within minutes. It will remove all malware from your complete site. Guaranteed.

Secure my WordPress Site from hackers

MalCare’s 7-Layer Security Offers Complete Protection for Your Website. 300,000+ Websites Trust MalCare for Total Defence from Attacks.