Did you simply endeavor to access your WordPress site only to be hit by some message telling yous something is "Forbidden" or that you don't have permission to admission something on your site? If so, you've likely run into the 403 Forbidden error on WordPress.

Seeing an error on your WordPress site can be frustrating and deflating, which is why we've created this detailed guide to help you set up the 403 Forbidden Mistake on WordPress and get your site functioning again equally quickly as possible.

Let'southward get started without whatever farther introduction because we're sure you but desire to fix your site!

  • What is the 403 Forbidden fault
  • How to gear up the 403 Forbidden error

Prefer the video version?

What is the 403 Forbidden Error?

The Net Engineering Chore Strength (IETF) defines the error 403 Forbidden as:

The 403 (Forbidden) status lawmaking indicates that the server understood the request merely refuses to authorize it. A server that wishes to make public why the asking has been forbidden can draw that reason in the response payload (if any).

Like many other common WordPress errors, the 403 Forbidden mistake is an HTTP status lawmaking that a web server uses to communicate with your web browser.

403 forbidden error in Chrome
403 forbidden error in Chrome

Quick background on HTTP status codes – whenever yous connect to a website with your browser, the web server responds with something called an HTTP header. Ordinarily, this all happens behind the scenes because everything is working ordinarily (that's a 200 status code, in case you were wondering).

However, if something goes wrong, the server will respond back with a dissimilar numbered HTTP status code. While these numbers are frustrating to run into, they're actually quite important because they assistance you diagnose exactly what'southward going wrong on your site.

The 403 Forbidden error means that your web server understands the asking that the customer (i.due east. your browser) is making, merely the server will not fulfill it.

In more human-friendly terms, it basically means that your server knows exactly what you desire to do, information technology but won't let you do it considering you don't have the proper permissions for some reason. Information technology'south kind of like yous're trying to get into a private effect, but your proper name got accidentally removed from the guestlist for some reason.

Other HTTP condition codes mean unlike things. We've written guides on fixing bug with 404 not found errors, 500 internal server errors, 502 bad gateway errors, and 504 gateway timeout errors.

What Causes the 403 Forbidden Mistake on WordPress?

The ii most likely causes of the 403 Forbidden Error on WordPress are:

  1. Corrupt .htaccess file
  2. Incorrect file permissions

Information technology's also possible that you're seeing the mistake because of an issue with a plugin that yous're using at your site. In this commodity, we'll testify you how to troubleshoot all of these potential issues.

403 Forbidden Error Variations

Like many other HTTP condition codes, there are a lot of different variations for how this error code presents itself.

Here are some common variations that you lot might come beyond:

  • "Forbidden – Y'all don't accept permission to access / on this server"
  • "403 – Forbidden: Admission is denied"
  • "Error 403 – Forbidden"
  • "403 – Forbidden Error – You are non allowed to access this address"
  • "403 Forbidden – nginx"
  • "HTTP Mistake 403 – Forbidden – You practise not have permission to access the document or program you requested"
  • "403 Forbidden – Access to this resource on the server is denied"
  • "403. That's an error. Your customer does non have permission to become URL / from this server"
  • "You are not authorized to view this page"
  • "It appears you don't accept permission to access this page."

If y'all're on an Nginx server, it will look similar this below. Basically, if y'all meet any mention of "forbidden" or "not allowed to access", you're probably dealing with a 403 Forbidden mistake.

What the 403 Forbidden Error looks like at Kinsta
What the 403 Forbidden Error looks similar at Kinsta

How to Gear up 403 Forbidden Error on WordPress

To help y'all set the 403 Forbidden Fault on your WordPress site, we'll cover v dissever troubleshooting steps in detail:

  • File permissions
  • .htaccess file
  • Plugin issues
  • CDN bug
  • Hotlink protection

1. File Permissions

Each folder and file on your WordPress site'southward server has its ain unique file permissions that control who tin can:

  • Read – see the data in the file/view the contents of a binder.
  • Write – alter the file/add or delete files within a folder
  • Execute – run the file and/or execute information technology as a script/access a folder and perform functions and commands.

These permissions are indicated by a 3-digit number, with each digit indicating the level of permission for each of the iii categories to a higher place.

Subscribe Now

Ordinarily, these permissions just "piece of work" for your WordPress site. Yet, if something gets messed up with the file permissions at your WordPress site, it can cause the 403 Forbidden error.

To view and modify your site's file permissions, you'll need to connect via FTP/SFTP. Here's how to employ SFTP if you're hosting at Kinsta.

For the screenshots in the tutorial below, we'll be using the free FileZilla FTP programme. The basic principles volition apply to whatsoever FTP program, though – you'll just need to apply them to a different interface.

Once y'all're connected to your server, you lot can view a file or folder's permissions by right-clicking on it:

View file permissions in FileZilla
View file permissions in FileZilla

Of grade, manually checking the permissions for each file or folder isn't actually an option. Instead, you can automatically apply file permissions to all the files or folders inside of a folder.

Co-ordinate to the WordPress Codex, the ideal file permissions for WordPress are:

  • Files– 644 or 640
  • Directories – 755 or 750

One exception is that your wp-config.php file should be 440 or 400.

To set these permissions, right-click on the folder that contains your WordPress site (the folder name is public at Kinsta). Then, cull File Attributes:

Bulk edit file permissions in FileZilla
Bulk edit file permissions in FileZilla

Enter 755 or 750 in the Numeric value box. Then, cull Recurse into subdirectories and Employ to directories but:

File permissions for WordPress directories
File permissions for WordPress directories

Once y'all've applied the correct permissions for directories, you'll repeat the procedure for files. Only this fourth dimension:

  • Enter 644 or 640 in the Numeric value box
  • Choose Recurse into subdirectories
  • Cull Apply to files merely
File permissions for WordPress files
File permissions for WordPress files

To finish the process, y'all just need to manually adjust the permissions for your wp-config.php file to make them 440 or 400:

File permissions for wp-config.php file
File permissions for wp-config.php file

If file permissions issues were causing the 403 Forbidden Error, your site should at present commencement working again.

2. .htaccess File

Kinsta uses the NGINX web server, so this potential consequence doesn't utilise if y'all're hosting your site at Kinsta because Kinsta sites practise not accept a .htaccess file.

Nonetheless, if you're hosting elsewhere and your host uses the Apache web server, one common cause of the 403 Forbidden error is a problem in your site's .htaccess file.

The .htaccess file is a basic configuration file used past the Apache web server. Yous can use information technology to set up redirects, restrict access to all or some of your site, etc.

Because information technology's so powerful, even if a lilliputian mistake can cause a large issue, similar the 403 Forbidden error.

Rather than trying to troubleshoot the .htaccess file itself, a simpler solution is to just forcefulness WordPress to generate a new, clean .htaccess file.

To do that:

  • Connect to your server via FTP
  • Find the .htaccess file in your root binder
  • Download a copy of the file to your computer (information technology's always a adept idea to have a fill-in just in case)
  • Delete the .htaccess file from your server after you have a prophylactic backup copy on your local computer
Delete the .htaccess file
Delete the .htaccess file

At present, yous should be able to access your WordPress site if your .htaccess file was the event.

To strength WordPress to generate a new, clean .htaccess file:

  • Go to Settings → Permalinks in your WordPress dashboard
  • Click Salve Changes at the bottom of the page (you lot do not need to make any changes – simply click the button)
How to generate a new, clean .htaccess file
How to generate a new, make clean .htaccess file

And that's it – WordPress will now generate a new .htaccess file for you.

3. Conciliate and and then Reactivate Your Plugins

If neither your site's file permissions nor .htaccess file are the problems, the next place to await is your plugins. It could be a issues in a plugin or a compatibility event betwixt different plugins.

No thing what the issue is, the easiest mode to find the problematic plugin is with a little trial and mistake. Specifically, you'll need to deactivate all of your plugins and and so reactivate them one by i until y'all find the culprit.

If y'all can still access your WordPress dashboard, you can perform this process from the normal Plugins area.

If you cannot access your WordPress dashboard, you'll instead demand to connect to your WordPress site's server via FTP/SFTP (hither's how to connect via SFTP at Kinsta).

One time y'all're continued to your server via FTP:

  1. Browse to the wp-content binder
  2. Find the plugins folder inside of the wp-content binder
  3. Right-click on the plugins folder and choose Rename
  4. Change the name of the binder. You lot tin can name it anything different, but we recommend something similar plugins-disabled to make it easy to remember.
Rename the plugins folder
Rename the plugins folder

By renaming the folder, you've effectively disabled all the plugins at your site.

At present, endeavor accessing your site again. If your site is working, you lot know that i of your plugins is causing the 403 Forbidden fault.

To observe the culprit, reactivate your plugins ane-past-one until y'all find which plugin is causing the effect.

Later changing the file name of the plugins folder, you lot should see a number of errors that say plugin file does not exist when y'all go to the Plugins area on your site:

What happens after renaming the plugins folder
What happens later renaming the plugins folder

To fix this event and regain the ability to manage your plugins, utilize your FTP program to change the name of the binder back to plugins. So, if you lot renamed it to plugins-disabled, just modify it dorsum to plugins.

In one case you do that, yous'll see the total list of all your plugins once again. Only now, they'll all be deactivated:

Reactivate your plugins one by one
Reactivate your plugins ane by i

Utilise the Activate button to reactivate them 1-by-i.

One time yous notice the plugin that'due south causing the consequence, yous tin either attain out to the plugin's developer for help or choose an alternate plugin that accomplishes the same thing (we've collected the all-time WordPress plugins here).

4. Deactivate CDN Temporarily

If you're getting 403 forbidden errors on your assets (images, JavaScript, CSS), it could be a problem with your content delivery network (CDN). In this instance, we recommend temporarily disabling your CDN and then checking your site to see if it works. If yous're a Kinsta client, click into your site and then on the "Kinsta CDN" tab. One time there, toggle the "Kinsta CDN" button off.

Disable Kinsta's CDN
Disable Kinsta's CDN

Hotlinking is when someone adds an image to their site, simply the hosted link is still pointed to someone else's site. To prevent this, some volition set what is chosen "hotlink protection" with their WordPress host or CDN provider.

When hotlink protection is enabled, information technology will typically render a 403 forbidden mistake. This is normal. Nonetheless, if you're seeing a 403 forbidden mistake on something yous shouldn't be, bank check to make sure hotlink protection is configured properly.

Still Having Issues? Reach Out to Your Hosting Provider

If none of the above solutions worked for you, then we recommend reaching out to your hosting provider. They can almost likely help you pinpoint the upshot and get you back upwardly and running. If you're a Kinsta client, open up a support ticket with our squad. Nosotros are available 24/7.

Summary

The 403 Forbidden error ways that your server is working, but yous no longer accept permission to view all or some of your site for some reason.

The two well-nigh likely causes of this error are problems with your WordPress site'south file permissions or .htaccess file. Beyond that, some plugin bug might as well cause the 403 Forbidden fault. Or it could be that something is misconfigured with hotlink protection or your CDN.

Past following the troubleshooting steps in this guide, yous should be able to get your site back to working in no time.

Relieve time, costs and maximize site performance with:

  • Instant assistance from WordPress hosting experts, 24/7.
  • Cloudflare Enterprise integration.
  • Global audience attain with 29 data centers worldwide.
  • Optimization with our built-in Application Performance Monitoring.

All of that and much more, in ane plan with no long-term contracts, assisted migrations, and a 30-day-money-back-guarantee. Check out our plans or talk to sales to observe the program that's correct for y'all.