Did you but try to access your WordPress site but to exist hitting past some message telling you something is "Forbidden" or that you don't have permission to access something on your site? If so, you've likely encounter the 403 Forbidden error on WordPress.

Seeing an error on your WordPress site can be frustrating and deflating, which is why nosotros've created this detailed guide to aid yous prepare the 403 Forbidden Fault on WordPress and go your site functioning again as quickly as possible.

Let's get started without any farther introduction considering we're certain you lot but want to fix your site!

  • What is the 403 Forbidden fault
  • How to gear up the 403 Forbidden fault

Adopt the video version?

What is the 403 Forbidden Mistake?

The Internet Engineering Job Force (IETF) defines the error 403 Forbidden as:

The 403 (Forbidden) status lawmaking indicates that the server understood the request just refuses to authorize information technology. A server that wishes to make public why the asking has been forbidden can depict that reason in the response payload (if whatever).

Like many other common WordPress errors, the 403 Forbidden fault is an HTTP status code that a web server uses to communicate with your web browser.

403 forbidden error in Chrome
403 forbidden error in Chrome

Quick groundwork on HTTP condition codes – whenever y'all connect to a website with your browser, the web server responds with something chosen an HTTP header. Usually, this all happens behind the scenes considering everything is working normally (that'southward a 200 status lawmaking, in instance yous were wondering).

All the same, if something goes incorrect, the server will respond dorsum with a different numbered HTTP status code. While these numbers are frustrating to see, they're actually quite important considering they help y'all diagnose exactly what's going incorrect on your site.

The 403 Forbidden error means that your spider web server understands the request that the client (i.e. your browser) is making, only the server will non fulfill information technology.

In more human being-friendly terms, it basically means that your server knows exactly what you lot desire to do, it only won't let yous do information technology considering y'all don't have the proper permissions for some reason. It'due south kind of similar you're trying to go into a individual event, but your name got accidentally removed from the guestlist for some reason.

Other HTTP status codes mean different things. Nosotros've written guides on fixing problems with 404 non found errors, 500 internal server errors, 502 bad gateway errors, and 504 gateway timeout errors.

What Causes the 403 Forbidden Mistake on WordPress?

The two about likely causes of the 403 Forbidden Mistake on WordPress are:

  1. Corrupt .htaccess file
  2. Incorrect file permissions

It's too possible that yous're seeing the error considering of an outcome with a plugin that you're using at your site. In this commodity, we'll evidence you lot how to troubleshoot all of these potential issues.

403 Forbidden Mistake Variations

Similar many other HTTP status codes, there are a lot of different variations for how this mistake code presents itself.

Here are some common variations that y'all might come up across:

  • "Forbidden – You don't have permission to access / on this server"
  • "403 – Forbidden: Access is denied"
  • "Error 403 – Forbidden"
  • "403 – Forbidden Error – You are not allowed to admission this address"
  • "403 Forbidden – nginx"
  • "HTTP Mistake 403 – Forbidden – You lot exercise not have permission to access the certificate or program y'all requested"
  • "403 Forbidden – Admission to this resource on the server is denied"
  • "403. That'due south an error. Your client does not have permission to get URL / from this server"
  • "You are not authorized to view this page"
  • "It appears y'all don't accept permission to access this page."

If yous're on an Nginx server, information technology will await like this beneath. Basically, if y'all see any mention of "forbidden" or "not allowed to admission", you're probably dealing with a 403 Forbidden mistake.

What the 403 Forbidden Error looks like at Kinsta
What the 403 Forbidden Error looks like at Kinsta

How to Fix 403 Forbidden Error on WordPress

To assistance you gear up the 403 Forbidden Error on your WordPress site, we'll cover five separate troubleshooting steps in detail:

  • File permissions
  • .htaccess file
  • Plugin issues
  • CDN issues
  • Hotlink protection

one. File Permissions

Each folder and file on your WordPress site'south server has its own unique file permissions that control who tin:

  • Read – see the data in the file/view the contents of a folder.
  • Write – modify the file/add or delete files inside a folder
  • Execute – run the file and/or execute it as a script/access a folder and perform functions and commands.

These permissions are indicated by a 3-digit number, with each digit indicating the level of permission for each of the 3 categories in a higher place.

Subscribe Now

Normally, these permissions just "piece of work" for your WordPress site. However, if something gets messed up with the file permissions at your WordPress site, it can cause the 403 Forbidden error.

To view and change your site's file permissions, you'll demand to connect via FTP/SFTP. Here's how to use SFTP if y'all're hosting at Kinsta.

For the screenshots in the tutorial below, we'll be using the free FileZilla FTP program. The basic principles volition employ to whatsoever FTP program, though – you'll just need to employ them to a unlike interface.

Once you're continued to your server, y'all tin can view a file or folder's permissions by right-clicking on information technology:

View file permissions in FileZilla
View file permissions in FileZilla

Of grade, manually checking the permissions for each file or folder isn't really an option. Instead, you can automatically use file permissions to all the files or folders inside of a folder.

According to the WordPress Codex, the ideal file permissions for WordPress are:

  • Files– 644 or 640
  • Directories – 755 or 750

Ane exception is that your wp-config.php file should be 440 or 400.

To gear up these permissions, right-click on the folder that contains your WordPress site (the binder name is public at Kinsta). And so, choose File Attributes:

Bulk edit file permissions in FileZilla
Bulk edit file permissions in FileZilla

Enter 755 or 750 in the Numeric value box. So, choose Recurse into subdirectories and Apply to directories only:

File permissions for WordPress directories
File permissions for WordPress directories

One time you've applied the correct permissions for directories, you lot'll echo the process for files. Only this time:

  • Enter 644 or 640 in the Numeric value box
  • Choose Recurse into subdirectories
  • Choose Apply to files simply
File permissions for WordPress files
File permissions for WordPress files

To finish the process, you just demand to manually adjust the permissions for your wp-config.php file to brand them 440 or 400:

File permissions for wp-config.php file
File permissions for wp-config.php file

If file permissions problems were causing the 403 Forbidden Error, your site should now outset working over again.

2. .htaccess File

Kinsta uses the NGINX web server, so this potential event doesn't apply if y'all're hosting your site at Kinsta because Kinsta sites practise not have a .htaccess file.

However, if you're hosting elsewhere and your host uses the Apache spider web server, one common cause of the 403 Forbidden error is a problem in your site's .htaccess file.

The .htaccess file is a bones configuration file used by the Apache web server. Yous tin can use it to fix redirects, restrict access to all or some of your site, etc.

Because it'due south then powerful, even if a picayune mistake can cause a big issue, like the 403 Forbidden fault.

Rather than trying to troubleshoot the .htaccess file itself, a simpler solution is to just force WordPress to generate a new, clean .htaccess file.

To do that:

  • Connect to your server via FTP
  • Find the .htaccess file in your root folder
  • Download a copy of the file to your computer (it'southward always a proficient idea to have a backup simply in case)
  • Delete the .htaccess file from your server later on you have a safe backup copy on your local computer
Delete the .htaccess file
Delete the .htaccess file

Now, you should exist able to access your WordPress site if your .htaccess file was the issue.

To force WordPress to generate a new, make clean .htaccess file:

  • Go to Settings → Permalinks in your WordPress dashboard
  • Click Salve Changes at the bottom of the page (you do not need to make any changes – but click the button)
How to generate a new, clean .htaccess file
How to generate a new, clean .htaccess file

And that's it – WordPress will now generate a new .htaccess file for you lot.

3. Deactivate and then Reactivate Your Plugins

If neither your site's file permissions nor .htaccess file are the problems, the next place to look is your plugins. It could be a bug in a plugin or a compatibility upshot between dissimilar plugins.

No matter what the result is, the easiest way to find the problematic plugin is with a little trial and error. Specifically, you lot'll demand to deactivate all of your plugins and and so reactivate them one by i until y'all find the culprit.

If you tin can still access your WordPress dashboard, y'all tin can perform this process from the normal Plugins area.

If you cannot access your WordPress dashboard, you'll instead need to connect to your WordPress site's server via FTP/SFTP (hither's how to connect via SFTP at Kinsta).

Once you're connected to your server via FTP:

  1. Browse to the wp-content folder
  2. Find the plugins folder within of the wp-content folder
  3. Right-click on the plugins folder and choose Rename
  4. Change the proper noun of the folder. Yous tin name it anything different, but we recommend something like plugins-disabled to arrive easy to call back.
Rename the plugins folder
Rename the plugins binder

Past renaming the folder, you've effectively disabled all the plugins at your site.

Now, try accessing your site again. If your site is working, y'all know that 1 of your plugins is causing the 403 Forbidden error.

To find the culprit, reactivate your plugins one-by-one until you discover which plugin is causing the upshot.

After changing the file proper noun of the plugins folder, you should encounter a number of errors that say plugin file does not be when y'all get to the Plugins area on your site:

What happens after renaming the plugins folder
What happens after renaming the plugins folder

To fix this issue and regain the ability to manage your plugins, use your FTP programme to modify the name of the folder back to plugins. So, if you lot renamed it to plugins-disabled, just modify it dorsum to plugins.

One time you practice that, you'll meet the full list of all your plugins once more. Merely now, they'll all be deactivated:

Reactivate your plugins one by one
Reactivate your plugins one by one

Apply the Activate button to reactivate them ane-by-1.

Once you find the plugin that'due south causing the issue, y'all can either attain out to the plugin's programmer for help or choose an alternate plugin that accomplishes the same affair (we've nerveless the best WordPress plugins here).

4. Deactivate CDN Temporarily

If you're getting 403 forbidden errors on your assets (images, JavaScript, CSS), it could be a trouble with your content commitment network (CDN). In this case, we recommend temporarily disabling your CDN and and then checking your site to see if it works. If you're a Kinsta client, click into your site and and so on the "Kinsta CDN" tab. Once there, toggle the "Kinsta CDN" button off.

Disable Kinsta's CDN
Disable Kinsta's CDN

Hotlinking is when someone adds an paradigm to their site, but the hosted link is still pointed to someone else's site. To prevent this, some will set up what is called "hotlink protection" with their WordPress host or CDN provider.

When hotlink protection is enabled, information technology will typically return a 403 forbidden mistake. This is normal. Withal, if you're seeing a 403 forbidden error on something you shouldn't be, check to make sure hotlink protection is configured properly.

Still Having Bug? Achieve Out to Your Hosting Provider

If none of the higher up solutions worked for you, then we recommend reaching out to your hosting provider. They can virtually likely help you pinpoint the result and get you back up and running. If y'all're a Kinsta client, open upward a support ticket with our team. We are available 24/7.

Summary

The 403 Forbidden error ways that your server is working, but you no longer have permission to view all or some of your site for some reason.

The two most likely causes of this error are issues with your WordPress site'southward file permissions or .htaccess file. Beyond that, some plugin bug might also crusade the 403 Forbidden error. Or it could exist that something is misconfigured with hotlink protection or your CDN.

By following the troubleshooting steps in this guide, you lot should be able to get your site dorsum to working in no fourth dimension.

Save time, costs and maximize site operation with:

  • Instant help from WordPress hosting experts, 24/seven.
  • Cloudflare Enterprise integration.
  • Global audience reach with 29 data centers worldwide.
  • Optimization with our congenital-in Application Operation Monitoring.

All of that and much more, in one program with no long-term contracts, assisted migrations, and a xxx-day-money-dorsum-guarantee. Check out our plans or talk to sales to find the program that's right for you lot.