When your WordPress website starts displaying an HTTP 403 forbidden error, it usually means that your request was sent and understood by the server, but the server itself was unable to respond to it. The problem is quite common on the internet and has therefore happened to almost everyone running a website.
403 forbidden errors display their codes when access to particular pages is banned by the server. Consequently, such errors include text:
403 Forbidden – You don’t have permission to access ‘/’ on this server.
Furthermore, 403 Forbidden errors are usually met when the server is trying to handle the request using an error document.
The good thing is that the error is not a consequence of improper serving, and it doesn’t have to mean that the server wants to take over the website (not to our knowledge, at least). What it means is that necessary permissions to access a request are absent, most of the time because there was a minor breakdown in the installation. The truth is that figuring out the problem takes much more time than fixing it.
Now that you know there is nothing to worry about, let’s check why 403 errors happen, and what can be done to fix them.
Regular backup
A complete WordPress is always a good idea, especially if you remember to do it before problems actually start appearing.
Certain WordPress users have automatic plugins for the purpose, but even if you’re one of them, make sure the backup is updated to the latest versions.
Sneak-peak into file permissions
As it became clear at the beginning of this article, 403 forbidden errors happen because the server doesn’t have the necessary permissions to handle your requests. That’s why troubleshooting should always start by looking at WordPress files – open them, and check whether you have the appropriate permissions.
The essential mean for performing this action is an FTP manager (we’ve chosen to work with FileZilla for the purposes of this article).
Before you start, use your login information to access the FTP server, and navigate to the WordPress installation folder. In case you don’t know where it is, you can find it inside of your public_html folder. Open the folder and it will be there.
Public_html contains a variety of files and folders, each of them standing for a backbone functionality of your WordPress website. Consequently, each folder comes with different permission settings, each indicating the interaction values for different groups of users.
The file permission of each WordPress folder should be either 744 or 755.
The permissions of separate WordPress files should be either 640 or 644.
Once you’ve adjusted the file permission of the root folder (either 744 or 755), check the ‘Recurse into subdirectories’ box, and the ‘apply to directories only’ box afterward.
Confirm with OK, and your FTP client will set the permissions for all subdirectories to be found in that folder.
Once the operation is completed, do the same with all files. The permission will either be 640 or 644 and both ‘Recurse into subdirectories’ and ‘apply to files only’ should be checked.
By confirming once again, you’ll allow your FTP client to set the permissions, this time for the files.
Afterward, reload the site to see whether the 403 error is still there. Hopefully, it should be gone.
Changing WordPress permissions using the Shell over SSH
With an SSH host, it takes as much as a single-line command to adjust permissions.
In order to do it, start by logging to the SSH host, using putty (or other) SSH clients. For the purpose, you will need the hosting username, the password, and the so-called SSH port number which connects your account to SSH.
Change the permissions to 755 for all directives, using this simple command:
The files’ permissions can be adjusted to 644 with the following command:
As it is already clear, changing permissions in WordPress is not difficult, neither for files nor directories.
Check the .htaccess file
The reason for 403 errors may be a corrupted .htaccess file. Sounds scary, but fixing it shouldn’t take more than few minutes.
Initially, use the FTP client or cPanel’s file manager to connect to the website.
Then, find the .htaccess file located in your site’s root folder.
You will be requested to download the file (.htaccess) on the device so that it will be immediately backed up. Once done, you’ll have to delete it permanently from the server.
Reload the website now, and you will see that the 403 forbidden error is not there, which automatically indicates that the .htaccess file was corrupted.
Since you removed the .htaccess file, you will have to replace it with a fresh one, and you can do that by logging into the admin area of your website, clicking on Settings, and navigating to the permalinks page.
The only operation here is to Save the Changes you’ve made, using a simple button for the purpose, and a fresh .htaccess file will appear almost instantly. The buttons can be found on the bottom of the page.
403s caused by WordPress plugins, and how to fix them
Corrupted files are not such common 403 reasons as poorly configured plugins. There are many security plugins on WordPress which can block entire IP addresses (plenty of them!), based on a simple assumption that those addresses are somehow malicious.
In this case, you should start by temporarily deactivating every WordPress plugin that has to do with security. This should be enough to solve the problem, assuming that it was rooted in some of those plugins.
The next step is a fairly boring one: you will need to check plugins one by one, in order to pinpoint the exact one that caused the error to happen.
Doing it will require relocating the plugin directory using FTP, and renaming it afterward.
Note that this process will end up with all plugins being deactivated, because WordPress won’t be able to find them. Once you’ve made absolutely sure that the error has disappeared, restore the previous name of the folder, the same as the names of smaller folders contained inside in order to keep them deactivated until the root cause appears.
403s caused by the WordPress directory, and how to fix them
This problem should become somehow obvious even while you’re installing WordPress, and you should check whether every file/directory (index.php included) are to be found in your web host’s root folder. Check again all of the files and directories, and remember to move WordPress files from the /public_html/wordpress directory into the root of /public_html/.
Final thoughts
At this point, you probably realized that worrying about 403 forbidden errors doesn’t make sense. To start with, there is no guarantee that you’ll ever come across an issue like them, but as you saw, facing it won’t be that difficult. With all that has been said, fixing 403s requires just a bit of tinkering and few minutes to be solved. Then, you also have this guide to help you deal with the issue yourself, instead of hiring professionals that will charge a fortune for this simple task.
Let’s do a fast recap of what we’ve said. When your server becomes irresponsive for certain requests and starts reporting 403 forbidden errors on your screen, there are few steps that can fix the problem:
Checking user privileges
Checking the .htaccess file
Check the plugins
Try all of them, and there is no chance that you won’t find the problem. In case 403 errors continue appearing, consider errors in the server log, and contact a specialist to estimate what went wrong with your server.