Have you just tried to enter your WordPress site, only to be faced with a warning informing you that you don’t have the authorization to access something on your site or that something is labeled “Forbidden”?
If this is the case, you have probably experienced the WordPress error code 403 Forbidden at some point.
The experience of realizing that an error has occurred on your WordPress website can be upsetting and disheartening.
Because of this, we have compiled this comprehensive guide to assist you in resolving the 403 Forbidden Error on WordPress and restoring normal function to your website as quickly as is humanly possible.
We are confident that all you want is for us to improve your website, so let’s jump right into it without any extra introduction!
What is the 403 Forbidden Error?
According to the definition provided by the Internet Engineering Task Force (IETF), the error code 403 Forbidden is as follows:
The status code 403, sometimes known as “Forbidden,” indicates that the server has recognized the request but is refusing to grant authorization for it.
If a server intends for the reason that the request was denied to be made public, it is able to do so by describing the
reason in the response payload (if any).
The 403 Forbidden error, like many other common WordPress problems, is an HTTP status code. This status code is used by a web server to communicate with a web browser like yours.
A little introduction to HTTP status codes is in order.
Whenever your web browser establishes a connection to a website, the web server will respond with something that is known as an HTTP header.
This is something that happens behind the scenes the majority of the time because everything is functioning normally (that’s a status code of 200, in case you were curious).
On the other hand, if something goes wrong, the server will come back with a new HTTP status code that has a different number.
In spite of the fact that seeing these figures is infuriating, it is actually rather vital to take note of them because they provide insight into precisely what issues are occurring on your website.
The 403 Forbidden error indicates that the request that the client (in this case, your browser) is making to the web server is understood by the web server; but, the server will not complete the request.
What Causes the 403 Forbidden Error on WordPress?
WordPress users are most likely to experience the 403 Forbidden Error as a result of the following two factors:
- .htaccess file was corrupted.
- Incorrect file permissions
It is also possible that the error you are experiencing is the result of a problem with a plugin that you are employing at the site you are visiting.
In this article, we will walk you through the process of diagnosing and fixing each of these potential problems.
What Are The Variations Of 403 Forbidden Error?
This error code, much like many other HTTP status codes, can manifest itself in a wide variety of various ways depending on the context.
The following are some examples of common variants that you might come across:
- You do not have authorization to access / on this server and hence it is “Forbidden.”
- “403 – Forbidden: Access is denied”
- “Error 403 – Forbidden”
- “403 – Forbidden Error – You are not authorized to access this Internet protocol address.
- “403 Forbidden – Nginx”
- You do not have the authorization to view the document or application that you have requested, as shown by the message “HTTP Error 403: Forbidden.”
- Access to the specified resource on the server has been prohibited with the error message “403 Forbidden.”
- “403. There is a mistake there. Your client is not authorized to retrieve URL/from this server”
- “You are not permitted to visit this website,” the message read.
- “It would appear that you do not have permission to visit this website,” the message said.
If you are using an Nginx server, the configuration will appear as shown below. In a nutshell, you are most likely dealing with a 403 Forbidden error if you come across the words “forbidden” or “not authorized to access” anywhere on the page.
How to Fix 403 Forbidden Errors on WordPress?
In this section, we will go through five individual troubleshooting procedures in depth in order to assist you in fixing the 403 Forbidden Error that has appeared on your WordPress website:
- Permissions for the file and the .htaccess file
- Plugin troubles
- CDN concerns
- Protection against hotlinks
1. File Permissions
On the server that hosts your WordPress website, each folder and file has its own distinct set of file permissions that determine who can:
- To read a file or folder means to view its contents or the data contained within it.
- Write means to make changes to the file, as well as to add or remove files from within a folder.
- Execute means to run the file or to execute it as a script, as well as to access a folder in order to carry out various operations and commands.
These permissions are represented by a three-digit number, with each digit denoting the amount of permission for one of the three categories described earlier in this paragraph.
These permissions should “operate” without any additional configuration for your WordPress site. On the other hand, the 403 Forbidden error could appear on your WordPress website if the file permissions on that site get corrupted for some reason.
You will need to connect to your site using FTP or SFTP so that you can view and alter the file permissions. If you are hosting your website with Kinsta, here is how to use SFTP.
2. .htaccess File
Because the NGINX web server is what is used by Kinsta to host websites, there is no need for you to worry about this potential problem if you have your site hosted by Kinsta. Websites hosted by Kinsta do not have a.htaccess file.
However, if you are hosting your website somewhere else and the Apache web server is being used by your host, a fault in the .htaccess file of your website is one of the most typical causes of the 403 Forbidden error.
The fact that it is so powerful means that even a minor inaccuracy can result in a significant problem, such as the 403 Forbidden error.
Instead of trying to debug the .htaccess file itself, an easier approach is to just force WordPress to build a new, clean .htaccess file. This can be done by clicking the “Force WordPress to Generate a New .htaccess File” button.
To accomplish this:
- Establish a connection to your server via FTP.
- Locate the .htaccess file in the root folder of your computer.
- You should save a copy of the file on your computer just in case something goes wrong, thus right now you should download a copy of it.
- After you have made a secure backup copy on your local computer, remove the .htaccess file from your server and delete it there.
If the problem was with the .htaccess file, you should now be able to access your WordPress site.
To coerce WordPress into producing a fresh .htaccess file, you can do the following:
In the administration area of your WordPress site, select Settings > Permalinks.
At the bottom of the page, you will see a button labeled “Save Changes.” You do not need to make any adjustments; simply click this button.