Did you just try to access your WordPress site only to be hit by some message telling you something is "Forbidden" or that you don't have permission to access something on your site? If so, you've likely run into the 403 Forbidden mistake on WordPress.

Seeing an mistake on your WordPress site can be frustrating and deflating, which is why nosotros've created this detailed guide to help you lot fix the 403 Forbidden Error on WordPress and get your site performance once more equally quickly every bit possible.

Let's get started without any further introduction because nosotros're sure you just want to fix your site!

  • What is the 403 Forbidden error
  • How to fix the 403 Forbidden fault

Prefer the video version?

What is the 403 Forbidden Error?

The Internet Engineering Job Force (IETF) defines the error 403 Forbidden as:

The 403 (Forbidden) condition code indicates that the server understood the request simply refuses to qualify information technology. A server that wishes to make public why the request has been forbidden can describe that reason in the response payload (if any).

Like many other common WordPress errors, the 403 Forbidden error is an HTTP status lawmaking that a web server uses to communicate with your spider web browser.

403 forbidden error in Chrome
403 forbidden error in Chrome

Quick background on HTTP status codes – whenever you connect to a website with your browser, the web server responds with something chosen an HTTP header. Usually, this all happens behind the scenes because everything is working normally (that's a 200 status code, in case you were wondering).

Yet, if something goes wrong, the server will answer back with a different numbered HTTP status code. While these numbers are frustrating to encounter, they're actually quite important because they assistance you diagnose exactly what'south going wrong on your site.

The 403 Forbidden mistake means that your web server understands the request that the customer (i.e. your browser) is making, only the server volition non fulfill it.

In more human-friendly terms, it basically means that your server knows exactly what you want to do, it merely won't let yous do information technology because you don't have the proper permissions for some reason. It'southward kind of like you lot're trying to go into a private event, but your proper noun got accidentally removed from the guestlist for some reason.

Other HTTP status codes mean different things. Nosotros've written guides on fixing issues with 404 non found errors, 500 internal server errors, 502 bad gateway errors, and 504 gateway timeout errors.

What Causes the 403 Forbidden Fault on WordPress?

The two most likely causes of the 403 Forbidden Mistake on WordPress are:

  1. Decadent .htaccess file
  2. Incorrect file permissions

It'southward also possible that y'all're seeing the mistake because of an issue with a plugin that you're using at your site. In this article, we'll evidence y'all how to troubleshoot all of these potential issues.

403 Forbidden Error Variations

Similar many other HTTP status codes, at that place are a lot of different variations for how this error code presents itself.

Here are some common variations that you might come up across:

  • "Forbidden – Yous don't have permission to admission / on this server"
  • "403 – Forbidden: Admission is denied"
  • "Fault 403 – Forbidden"
  • "403 – Forbidden Error – Yous are non allowed to admission this address"
  • "403 Forbidden – nginx"
  • "HTTP Error 403 – Forbidden – You do not have permission to access the document or programme yous requested"
  • "403 Forbidden – Access to this resource on the server is denied"
  • "403. That's an mistake. Your client does not accept permission to get URL / from this server"
  • "Y'all are not authorized to view this page"
  • "It appears you don't have permission to access this page."

If you're on an Nginx server, it will expect like this below. Basically, if you encounter any mention of "forbidden" or "not allowed to admission", yous're probably dealing with a 403 Forbidden error.

What the 403 Forbidden Error looks like at Kinsta
What the 403 Forbidden Mistake looks like at Kinsta

How to Fix 403 Forbidden Error on WordPress

To help you fix the 403 Forbidden Fault on your WordPress site, we'll cover five dissever troubleshooting steps in detail:

  • File permissions
  • .htaccess file
  • Plugin issues
  • CDN issues
  • Hotlink protection

i. File Permissions

Each folder and file on your WordPress site's server has its own unique file permissions that control who can:

  • Read – see the data in the file/view the contents of a folder.
  • Write – modify the file/add together or delete files inside a folder
  • Execute – run the file and/or execute it as a script/admission a folder and perform functions and commands.

These permissions are indicated past a iii-digit number, with each digit indicating the level of permission for each of the iii categories above.

Subscribe Now

Usually, these permissions just "work" for your WordPress site. However, if something gets messed up with the file permissions at your WordPress site, it can cause the 403 Forbidden fault.

To view and modify your site's file permissions, you lot'll need to connect via FTP/SFTP. Here'southward how to utilize SFTP if you lot're hosting at Kinsta.

For the screenshots in the tutorial below, nosotros'll exist using the free FileZilla FTP program. The basic principles will utilize to whatsoever FTP program, though – you'll just need to apply them to a different interface.

Once you're connected to your server, you can view a file or folder's permissions past correct-clicking on it:

View file permissions in FileZilla
View file permissions in FileZilla

Of course, manually checking the permissions for each file or binder isn't really an option. Instead, you can automatically apply file permissions to all the files or folders inside of a binder.

According to the WordPress Codex, the ideal file permissions for WordPress are:

  • Files– 644 or 640
  • Directories – 755 or 750

Ane exception is that your wp-config.php file should be 440 or 400.

To set these permissions, right-click on the folder that contains your WordPress site (the folder name is public at Kinsta). Then, cull File Attributes:

Bulk edit file permissions in FileZilla
Bulk edit file permissions in FileZilla

Enter 755 or 750 in the Numeric value box. And then, cull Recurse into subdirectories and Apply to directories only:

File permissions for WordPress directories
File permissions for WordPress directories

Once you've applied the correct permissions for directories, y'all'll repeat the process for files. Only this time:

  • Enter 644 or 640 in the Numeric value box
  • Choose Recurse into subdirectories
  • Choose Apply to files simply
File permissions for WordPress files
File permissions for WordPress files

To finish the procedure, you just need to manually arrange the permissions for your wp-config.php file to make them 440 or 400:

File permissions for wp-config.php file
File permissions for wp-config.php file

If file permissions issues were causing the 403 Forbidden Error, your site should now starting time working again.

ii. .htaccess File

Kinsta uses the NGINX web server, and then this potential upshot doesn't apply if you're hosting your site at Kinsta because Kinsta sites practice not have a .htaccess file.

Still, if you're hosting elsewhere and your host uses the Apache web server, one mutual cause of the 403 Forbidden error is a problem in your site'south .htaccess file.

The .htaccess file is a bones configuration file used by the Apache web server. Yous can employ it to set up up redirects, restrict access to all or some of your site, etc.

Considering it's so powerful, even if a footling error can crusade a big issue, like the 403 Forbidden error.

Rather than trying to troubleshoot the .htaccess file itself, a simpler solution is to just force WordPress to generate a new, clean .htaccess file.

To do that:

  • Connect to your server via FTP
  • Find the .htaccess file in your root folder
  • Download a re-create of the file to your computer (it's always a good idea to have a backup but in case)
  • Delete the .htaccess file from your server afterward you lot accept a safe backup re-create on your local computer
Delete the .htaccess file
Delete the .htaccess file

At present, you should be able to access your WordPress site if your .htaccess file was the effect.

To force WordPress to generate a new, clean .htaccess file:

  • Go to Settings → Permalinks in your WordPress dashboard
  • Click Save Changes at the bottom of the page (you do non demand to make whatsoever changes – merely click the push)
How to generate a new, clean .htaccess file
How to generate a new, make clean .htaccess file

And that's it – WordPress volition now generate a new .htaccess file for yous.

3. Deactivate and then Reactivate Your Plugins

If neither your site's file permissions nor .htaccess file are the problems, the side by side place to look is your plugins. Information technology could exist a bug in a plugin or a compatibility issue between different plugins.

No matter what the issue is, the easiest way to discover the problematic plugin is with a little trial and error. Specifically, you lot'll need to deactivate all of your plugins and then reactivate them i by ane until yous find the culprit.

If you lot tin can still access your WordPress dashboard, you tin can perform this process from the normal Plugins area.

If you cannot access your WordPress dashboard, you lot'll instead need to connect to your WordPress site'south server via FTP/SFTP (here's how to connect via SFTP at Kinsta).

Once you lot're connected to your server via FTP:

  1. Browse to the wp-content folder
  2. Discover the plugins binder within of the wp-content folder
  3. Right-click on the plugins folder and choose Rename
  4. Alter the name of the folder. Y'all can proper noun information technology annihilation different, just we recommend something like plugins-disabled to arrive easy to remember.
Rename the plugins folder
Rename the plugins binder

By renaming the folder, you've finer disabled all the plugins at your site.

Now, try accessing your site over again. If your site is working, you lot know that one of your plugins is causing the 403 Forbidden error.

To detect the culprit, reactivate your plugins i-by-ane until yous discover which plugin is causing the upshot.

Afterwards changing the file proper name of the plugins binder, yous should see a number of errors that say plugin file does not be when you become to the Plugins surface area on your site:

What happens after renaming the plugins folder
What happens afterwards renaming the plugins binder

To fix this consequence and regain the ability to manage your plugins, use your FTP program to alter the proper noun of the folder back to plugins. So, if you renamed it to plugins-disabled, just change information technology back to plugins.

One time you do that, y'all'll encounter the full list of all your plugins again. Only now, they'll all be deactivated:

Reactivate your plugins one by one
Reactivate your plugins ane by one

Utilize the Activate button to reactivate them i-past-ane.

Once you find the plugin that's causing the issue, y'all can either reach out to the plugin'south developer for help or choose an alternate plugin that accomplishes the aforementioned matter (we've nerveless the best WordPress plugins here).

4. Deactivate CDN Temporarily

If you're getting 403 forbidden errors on your assets (images, JavaScript, CSS), information technology could be a trouble with your content delivery network (CDN). In this instance, nosotros recommend temporarily disabling your CDN and then checking your site to see if it works. If you're a Kinsta customer, click into your site and and so on the "Kinsta CDN" tab. In one case there, toggle the "Kinsta CDN" push off.

Disable Kinsta's CDN
Disable Kinsta's CDN

Hotlinking is when someone adds an paradigm to their site, but the hosted link is still pointed to someone else'south site. To prevent this, some will prepare what is called "hotlink protection" with their WordPress host or CDN provider.

When hotlink protection is enabled, information technology volition typically render a 403 forbidden error. This is normal. However, if you lot're seeing a 403 forbidden error on something yous shouldn't be, check to make sure hotlink protection is configured properly.

Nonetheless Having Issues? Reach Out to Your Hosting Provider

If none of the higher up solutions worked for you, then nosotros recommend reaching out to your hosting provider. They can almost probable help you lot pinpoint the issue and become y'all dorsum up and running. If you're a Kinsta customer, open up a support ticket with our team. We are bachelor 24/7.

Summary

The 403 Forbidden error means that your server is working, just y'all no longer have permission to view all or some of your site for some reason.

The two most likely causes of this error are issues with your WordPress site'south file permissions or .htaccess file. Across that, some plugin problems might also cause the 403 Forbidden fault. Or information technology could exist that something is misconfigured with hotlink protection or your CDN.

By following the troubleshooting steps in this guide, you should be able to get your site back to working in no time.

Save time, costs and maximize site operation with:

  • Instant assist from WordPress hosting experts, 24/7.
  • Cloudflare Enterprise integration.
  • Global audience reach with 29 data centers worldwide.
  • Optimization with our congenital-in Awarding Operation Monitoring.

All of that and much more, in one programme with no long-term contracts, assisted migrations, and a 30-twenty-four hours-coin-back-guarantee. Bank check out our plans or talk to sales to find the plan that's right for you.