At some point, you may encounter the dreaded 403 Forbidden error message on your website. Don’t panic! In this post, we’ll show a few ways to fix a 403 Forbidden error issue on your WordPress site.
What is a 403 Forbidden Error?
The 403 Forbidden error message means something is preventing access to a certain portion of your website. This could be due to file permissions on the page or an .htaccess rule that blocks access or password protection for certain directories. If you’re running a WordPress website, it could be due to several things specific to WordPress.
What causes a 403 Forbidden Error?
Several things are usually the culprit if you’re seeing a 403 Forbidden error on your WordPress website. We’ll cover them one by one:
- WordPress security plugins
- File/folder permissions
- Deny orders in your .htaccess file
- Password protected directories
1. WordPress Security Plugins
Certain rules within your .htaccess file are one thing that can cause you to run into a 403 forbidden error. Typically, these rules are going to be put into place by a WordPress security plugin like iThemes Security that you may have installed. The first place to look when you come across a 403 forbidden error is your security plugin (whether that is iThemes Security or another plugin).
If you aren’t sure what settings of the plugin would handle writing rules to .htaccess, you can easily test by simply temporarily disabling the security plugin and then trying to access the section of the site that previously was not working.
Once the security plugin has been disabled, if you are able to access without a 403 error, then you will want to begin looking through your security plugin documentation for what could be causing the issue.
2. File/Folder Permissions
Another common cause of the 403 Forbidden error is incorrect file or folder permissions. Typically, with a website, you want all files and folders to be set with certain permissions. These are 775 for folders and 664 for files.
Now there are some files and other extenuating circumstances that can result in those needing to be different, but if you want your files or folders to be viewed via a web browser, you’re typically going to need those permissions.
3. Deny orders in .htaccess file
Sections of code can be added to your .htaccess file to prevent access to parts of your website based on certain parameters and thus could result in a 403 forbidden error. As mentioned before, many WordPress security plugins make use of this technique, so it is highly recommended that any security plugins you are using be tested and ruled out as the culprit first.
Once you’ve done that and if you are still having issues, disable the security plugin once more and review the .htaccess file for these Deny orders.
Follow these instructions for attempting to clear out rules in your .htaccess file:
- 1. Disable all of your security plugins.
- 2. Access your site via SFTP.
- 3. Navigate to the /web/content folder and download the .htaccess file. You may need to navigate to the specific folder where you are getting the error and check for a .htaccess file there as well.
- 4. Open the .htaccess file in your favorite text editor.
- 5. Look through this file for any code that looks like this:
order deny,allow Deny from All Allow from 188.8.131.52
- 6. If you find a section with a Deny from rule, comment it out in order to test if that was the issue. (You can comment out a line in the .htaccess file by adding a #> in front of the line. So if we use the example above, it would look like this:
order deny,allow #Deny from All Allow from 184.108.40.206
- 7. Once you comment out the line and find no others within the .htaccess file, upload it back to the directory.
- 8. After the .htaccess file has been uploaded, test the site and see if you are still receiving the 403 error.
4. Password Protected Directories
Finally, you could also see a WordPress 403 error if you are currently attempting to use password protected directories on your website. If you are aware of password protected directories, ensure that you are using the proper username and password.
If your credentials are correct, remove the information you added when setting up the password protected directories and try again.
Fixing a 403 Forbidden Error
Hopefully, these techniques helped you track down and solve your 403 Forbidden Error. Most likely, if you’re seeing a 403 Error on your WordPress site, you can solve it quickly and easily by following these quick steps.