Home » 10 Ways to Fix WordPress 403 Forbidden Error

10 Ways to Fix WordPress 403 Forbidden Error

wordpress 403 forbidden

wordpress 403 forbidden

Maybe you are familiar with the term “404 Not Found Error“, but have you ever encountered a WordPress 403 Forbidden Error while accessing a website?

You as a website owner can lose a lot of potential visitors if this error is not fixed immediately. The 403 Forbidden Error message is an HTTP status code that appears when you try to access a page and forbids you to view it.


Seeing a 403 Forbidden Error notification on a computer or smartphone screen is definitely annoying and frustrating, here is a guide on how to fix it.


What is WordPress 403 Forbidden?

A 403 Forbidden Error is what happens when the web page (or other resource) you are trying to open in a web browser is either disabled or banned. It’s called a 403 Forbidden Error because that’s the HTTP status code that web servers use to describe such errors.


You usually encounter this error for one of two reasons. The first is that the owner of the web server has set the access permissions correctly, and you are not allowed to access the resource. The second reason is that the owner of the web server has set the permissions incorrectly and you are denied access when you shouldn’t.


You may see a 403 Forbidden Error message that looks different on certain websites. The website may use a slightly different name for this. For example, you might see things like:

  • HTTP Error 403 – Forbidden
  • 403 forbidden request forbidden by administrative rules
  • 403 Forbidden
  • Access Denied You don’t have permission to access
  • Error 403
  • Error 403 Forbidden
  • Error 403 Access Denied
  • HTTP ERROR 403
  • 403 Forbidden – nginx
  • Forbidden
  • You are not authorized to view this page
  • Forbidden: You don’t have permission to access [directory/file] on this server
  • It appears you don’t have permission to access this page
  • HTTP Error 403 – Forbidden – You do not have permission to access the document or program you requested
  • Access to [your domain] was denied. You don’t have the authorization to view this page.


Cause WordPress 403 Forbidden

The 403 Forbidden Error is caused by a problem trying to access something that is not accessible. Before discussing how to solve this WordPress 403 Forbidden, it is important to know what the real cause is. There are basically two main reasons behind this, namely:

  • Incorrect or incorrect file or folder permissions
  • Incorrect settings in .htaccess file (corrupt .htaccess file)


In addition, there are also three factors as follows:

  • Empty website directory

Make sure that your website content has been uploaded to the correct directory on the server.

If Plesk server: /var/www/vhosts/example.com/httpdocs/ and cPanel server: /home/example/public_html/ are not found, feel free to create them.


  • No index page

The homepage of the website should be called index.html or index.php. To resolve this error, upload the index page to httpdocs or public_html directory.


  • Permission/ownership error

403 Forbidden Errors can also be caused by incorrect ownership or permissions on website content files and folders.


In addition to the five things above, there is also a possibility that the error occurs due to a problem with the plugin used on the website in question.

After knowing this, let’s see how to get rid of the error message:

  1. Check the .htaccess File

The first step to resolve HTTP WordPress Forbidden 403 Error is to check the .htaccess file. This file can be accessed via cPanel in the following way:

  • Login to cPanel, then go to File Manager
  • Access the root folder and go to the public_html directory
  • Find the file with the name .htaccess
  • Download the .htaccess file to back up the original .htaccess file
  • After successful download, delete the .htaccess file in the folder


If after this you can access the website again, it is certain that the 403 error is caused by a corrupt .htaccess file. Next, you need to create a new .htaccess file by logging into your site’s wp-admin, and selecting Settings > Permalinks.


After making sure the Permalinks settings are correct, click the ‘Save Changes‘ button. This will help the website generate a new default .htaccess file.



  • If the .htaccess file is not found when logging into the website root in public_html, click the Settings button in the top right. Then check the Show Hidden Files (dotfiles) option. This will help you to find hidden .htaccess files.
  • If the .website in question is located in a subdomain folder, make sure the .htaccess file to delete is a file that matches the subdomain folder.


  1. Check Permissions

If the problem is not triggered by a corrupt .htaccess file, the next step is to check the permissions on your files and folders. Usually, website files and folders are set with certain permissions by default.


So to access the file, you need to change the permissions on the file or folder. This permission change can be done via an FTP client such as Filezilla or File Manager.


The following are the steps to edit permissions via File Manager in cPanel:

  • Log in to your hosting server’s cPanel account, then select File Manager.
  • Find public_html or the root folder where the website domain is installed, then right-click “Change Permission”.
  • Change the permission value to 755 by ticking Read, Write, and Execute.
  • Click “Save”.


Check again whether your website can be accessed normally again or not.


  1. Deactivating Plugins

If the 2 methods above still don’t work, this WordPress Forbidden 403 error could be triggered due to one of the problematic plugins. To get rid of this 403 Forbidden error, try temporarily disabling all plugins.


If after the plugin is disabled the error disappears, then it is certain that this error was triggered by a problematic plugin. You can try turning off this plugin via cPanel or Filezilla.


Here are the steps to turn off the plugin via cPanel:

  • Log in to your hosting server’s cPanel account, then select File Manager
  • Look for public_html or the root folder where the website domain is installed
  • Look for the wp-content folder, then Plugins
  • To find out if the plugin is the source of the problem, try to rename the plugin folder (eg disabled-plugin)


Try accessing the website again. If the website can be accessed properly, it means that the 403 Forbidden error problem is triggered by a plugin. The next step is to find out which plugin is actually the cause of the problem.


The method is as follows:

  • Rename the “disabled-plugin” folder to its original name “plugins”.
  • Rename each existing plugin folder by adding the word -disabled to test for problematic plugins.
  • Do these name changes one by one and alternately, then refresh until you find the plugin that has the problem.


This method will be effective in finding which plugin is causing this 403 Forbidden error. Next, try removing the problematic plugin and then reinstalling or updating to the latest available version.


  1. Uploading Index Page

When you access a website domain, you will be directed to the index.html or index.php page as the website’s homepage. If this index file does not exist or maybe you use a different name for the homepage, the website will display a 403 Forbidden error message.


But don’t worry, you can choose the following two ways to solve it:

  • First, by changing the name of your homepage to index.html or index.php.
  • Second, by uploading the index.html or index.php file to the public_html folder in the File Manager menu of your hosting.

Then, copy the following code into the .htaccess file:

Redirect /index.html /homepage.html


This code will redirect the index.html or index.php file access to your current homepage file. Don’t forget, replace homepage.html with the name of your homepage.


  1. Checking A Record

The next way to solve the 403 Forbidden error is to check the A record. Make sure the domain is pointing to the correct IP Address.



In general, you can check the A record through the DNS Zone Editor menu in cPanel hosting.

Then, select the DNS Management tab and find the domain with the record type labeled A Record. In the Value column, make sure the IP Address is filled in correctly.


If there is an IP writing error, you can edit it by clicking the pencil icon on the selected record.

If you don’t find an A record, you can create one by clicking the Add Record button to add a new record. There are four fields on the form that you need to fill in, namely:

  • Record Type : Select A Record
  • Name : Leave blank to create a record for the main domain
  • IPv4 : Enter the correct IP Address
  • TTL : Leave the default value 14400


Now, if everything is filled in, don’t forget to click the Save Record button to save a new record.


  1. Perform Malware Identification

If you’ve tried various ways to solve the WordPress Forbidden 403 error, but still don’t work, this error might be caused by malware that has attacked your website.

Therefore, try to identify malware by using a malware detection plugin on WordPress such as Wordfence.


  1. Editing File Ownership

For VPS users with Linux operating systems, File Ownership or file ownership can also be the cause of the 403 forbidden error.

Usually, a file or folder is assigned to an Owner, a certain Group or both. By default, the owner of the file should be your hosting account username.


However, to be sure, you can check the ownership status of the file. Please login to the server via SSH first, then, run the following command: “ls -1 [filename]”.

Later, you will get output similar to this: “-rwxrw-rw- 1 [owner][group] Nov 30 21 10:00 file.html”.


If the file owner is not your username, please change the file ownership with the chown command. Please change the command above using the file name and username of your hosting account.


  1. Temporarily Disabling CDN

If a 403 Forbidden error appears on an image, Javascript, or CSS asset, then there may be an error in your Content Delivery Network (CDN).


To work around this, you can disable the CDN you are using, for example, Cloudflare. To do this, please login to your hosting cPanel and enter the Cloudflare menu.


You will be directed to the Cloudflare integration page, select the Domains tab to see a list of your DNS configurations. Temporarily disable Cloudflare by moving the toggle on record A and CNAME to OFF.

This DNS change process will take at least 1×24 hours in the DNS propagation period.


  1. Checking Hotlink Protection Configuration

Hotlink Protection is a setting to prevent the use of links in the form of your files or images on other websites without permission. In other words, hotlink protection prevents content theft.


Hotlink Protection can be easily enabled on your hosting. However, make sure the configuration is correct. Because a configuration error will trigger a WordPress Forbidden 403 error.


  1. namecheap2


    Contact Hosting Service

Usually the 403 Forbidden Error problem will be resolved with the above solutions. But what if you have tried all solutions, the problem is still not solved?

The last step you can do is ask for technical assistance on the hosting service you are using.
Any professional hosting service technical team like Hostgator, Cloudways or Bluehost managed WordPress will definitely help identify any issues you’re having and fix them.


Fix the 403 Forbidden Error
WordPress 403 Forbidden Error can be caused by many things, one of which is an error in the .htaccess file or setting file permissions.

Make sure you access the correct website URL, delete the website history/cache and refresh the website page after you perform the steps to fix the 403 Forbidden Error above.

1 thought on “10 Ways to Fix WordPress 403 Forbidden Error”

  1. Pingback: What Is 502 Bad Gateway and How to Solve It - Wordpress Hosting Plans

Leave a Reply

Your email address will not be published.