Did you just attempt to access your WordPress site just to be hit by some message telling y'all something is "Forbidden" or that y'all don't accept permission to access something on your site? If and so, you've likely see the 403 Forbidden error on WordPress.

Seeing an mistake on your WordPress site can be frustrating and deflating, which is why we've created this detailed guide to aid you set the 403 Forbidden Error on WordPress and become your site functioning again as quickly as possible.

Allow's get started without whatever further introduction considering nosotros're sure y'all only want to ready your site!

  • What is the 403 Forbidden error
  • How to set the 403 Forbidden error

Prefer the video version?

What is the 403 Forbidden Error?

The Internet Engineering Task Forcefulness (IETF) defines the error 403 Forbidden as:

The 403 (Forbidden) status code indicates that the server understood the request but refuses to authorize it. A server that wishes to brand public why the asking has been forbidden tin can depict that reason in the response payload (if any).

Like many other common WordPress errors, the 403 Forbidden error is an HTTP status code that a web server uses to communicate with your web browser.

403 forbidden error in Chrome
403 forbidden error in Chrome

Quick background on HTTP condition codes – whenever you connect to a website with your browser, the web server responds with something called an HTTP header. Commonly, this all happens behind the scenes because everything is working unremarkably (that's a 200 status code, in case you were wondering).

However, if something goes wrong, the server will respond back with a unlike numbered HTTP status code. While these numbers are frustrating to meet, they're actually quite important because they help yous diagnose exactly what's going wrong on your site.

The 403 Forbidden error means that your web server understands the request that the client (i.e. your browser) is making, merely the server will non fulfill it.

In more than human-friendly terms, it basically means that your server knows exactly what you desire to do, it only won't let you do it because you don't have the proper permissions for some reason. Information technology'south kind of like yous're trying to get into a private consequence, but your name got accidentally removed from the guestlist for some reason.

Other HTTP status codes mean different things. We've written guides on fixing issues with 404 not found errors, 500 internal server errors, 502 bad gateway errors, and 504 gateway timeout errors.

What Causes the 403 Forbidden Mistake on WordPress?

The 2 most likely causes of the 403 Forbidden Error on WordPress are:

  1. Decadent .htaccess file
  2. Incorrect file permissions

It's also possible that you're seeing the error because of an outcome with a plugin that you're using at your site. In this article, we'll show you lot how to troubleshoot all of these potential problems.

403 Forbidden Error Variations

Like many other HTTP status codes, at that place are a lot of dissimilar variations for how this fault lawmaking presents itself.

Here are some common variations that you might come beyond:

  • "Forbidden – You don't have permission to access / on this server"
  • "403 – Forbidden: Access is denied"
  • "Error 403 – Forbidden"
  • "403 – Forbidden Fault – You are not immune to access this address"
  • "403 Forbidden – nginx"
  • "HTTP Error 403 – Forbidden – You practice non have permission to access the certificate or program you lot requested"
  • "403 Forbidden – Access to this resources on the server is denied"
  • "403. That'southward an error. Your client does not have permission to get URL / from this server"
  • "Y'all are non authorized to view this folio"
  • "It appears you don't have permission to access this folio."

If yous're on an Nginx server, it will wait like this below. Basically, if you run across any mention of "forbidden" or "not immune to access", yous're probably dealing with a 403 Forbidden mistake.

What the 403 Forbidden Error looks like at Kinsta
What the 403 Forbidden Fault looks similar at Kinsta

How to Fix 403 Forbidden Error on WordPress

To help y'all gear up the 403 Forbidden Error on your WordPress site, we'll cover five split troubleshooting steps in particular:

  • File permissions
  • .htaccess file
  • Plugin issues
  • CDN issues
  • Hotlink protection

i. File Permissions

Each folder and file on your WordPress site's server has its own unique file permissions that control who can:

  • Read – see the information in the file/view the contents of a folder.
  • Write – modify the file/add or delete files within a folder
  • Execute – run the file and/or execute it equally a script/admission a folder and perform functions and commands.

These permissions are indicated by a 3-digit number, with each digit indicating the level of permission for each of the 3 categories above.

Subscribe Now

Usually, these permissions just "piece of work" for your WordPress site. Even so, if something gets messed upward with the file permissions at your WordPress site, information technology can crusade the 403 Forbidden error.

To view and alter your site's file permissions, you'll demand to connect via FTP/SFTP. Here'southward how to utilise SFTP if you lot're hosting at Kinsta.

For the screenshots in the tutorial below, we'll be using the free FileZilla FTP plan. The basic principles volition apply to any FTP program, though – you'll just need to apply them to a different interface.

One time yous're connected to your server, you can view a file or folder'due south permissions by right-clicking on it:

View file permissions in FileZilla
View file permissions in FileZilla

Of grade, manually checking the permissions for each file or binder isn't actually an option. Instead, you lot can automatically apply file permissions to all the files or folders inside of a folder.

Co-ordinate to the WordPress Codex, the ideal file permissions for WordPress are:

  • Files– 644 or 640
  • Directories – 755 or 750

One exception is that your wp-config.php file should be 440 or 400.

To ready these permissions, right-click on the folder that contains your WordPress site (the binder name is public at Kinsta). Then, choose File Attributes:

Bulk edit file permissions in FileZilla
Bulk edit file permissions in FileZilla

Enter 755 or 750 in the Numeric value box. Then, choose Recurse into subdirectories and Utilize to directories only:

File permissions for WordPress directories
File permissions for WordPress directories

Once you've applied the right permissions for directories, you'll repeat the process for files. Just this fourth dimension:

  • Enter 644 or 640 in the Numeric value box
  • Choose Recurse into subdirectories
  • Choose Apply to files only
File permissions for WordPress files
File permissions for WordPress files

To cease the process, you but need to manually adjust the permissions for your wp-config.php file to make them 440 or 400:

File permissions for wp-config.php file
File permissions for wp-config.php file

If file permissions issues were causing the 403 Forbidden Error, your site should at present start working once more.

2. .htaccess File

Kinsta uses the NGINX spider web server, so this potential result doesn't utilise if you lot're hosting your site at Kinsta because Kinsta sites do not have a .htaccess file.

Notwithstanding, if y'all're hosting elsewhere and your host uses the Apache spider web server, 1 mutual cause of the 403 Forbidden error is a problem in your site'southward .htaccess file.

The .htaccess file is a basic configuration file used by the Apache web server. Y'all can use it to set up redirects, restrict access to all or some of your site, etc.

Considering it's then powerful, even if a little error can cause a big consequence, similar the 403 Forbidden mistake.

Rather than trying to troubleshoot the .htaccess file itself, a simpler solution is to just force WordPress to generate a new, clean .htaccess file.

To do that:

  • Connect to your server via FTP
  • Find the .htaccess file in your root binder
  • Download a re-create of the file to your calculator (it's ever a proficient idea to have a backup merely in case)
  • Delete the .htaccess file from your server after you take a prophylactic backup copy on your local reckoner
Delete the .htaccess file
Delete the .htaccess file

Now, you should be able to access your WordPress site if your .htaccess file was the issue.

To force WordPress to generate a new, clean .htaccess file:

  • Go to Settings → Permalinks in your WordPress dashboard
  • Click Save Changes at the lesser of the page (you lot exercise not need to make any changes – just click the push button)
How to generate a new, clean .htaccess file
How to generate a new, clean .htaccess file

And that's it – WordPress volition at present generate a new .htaccess file for you.

3. Deactivate and so Reactivate Your Plugins

If neither your site's file permissions nor .htaccess file are the issues, the next place to look is your plugins. It could be a bug in a plugin or a compatibility issue between unlike plugins.

No matter what the result is, the easiest manner to discover the problematic plugin is with a fiddling trial and error. Specifically, you'll need to conciliate all of your plugins and then reactivate them 1 by one until you lot find the culprit.

If y'all tin all the same access your WordPress dashboard, you can perform this process from the normal Plugins area.

If y'all cannot access your WordPress dashboard, you'll instead need to connect to your WordPress site's server via FTP/SFTP (here'due south how to connect via SFTP at Kinsta).

One time you lot're connected to your server via FTP:

  1. Scan to the wp-content binder
  2. Find the plugins folder inside of the wp-content folder
  3. Right-click on the plugins binder and cull Rename
  4. Change the name of the binder. You can name it anything unlike, but we recommend something similar plugins-disabled to brand it easy to retrieve.
Rename the plugins folder
Rename the plugins folder

By renaming the binder, you've effectively disabled all the plugins at your site.

Now, attempt accessing your site again. If your site is working, you know that 1 of your plugins is causing the 403 Forbidden error.

To find the culprit, reactivate your plugins one-past-one until y'all detect which plugin is causing the upshot.

After irresolute the file name of the plugins folder, you should run into a number of errors that say plugin file does not be when you go to the Plugins surface area on your site:

What happens after renaming the plugins folder
What happens later on renaming the plugins binder

To fix this issue and regain the ability to manage your plugins, use your FTP program to alter the name of the folder dorsum to plugins. So, if you renamed information technology to plugins-disabled, just modify it back to plugins.

In one case you practise that, y'all'll come across the full list of all your plugins again. Simply at present, they'll all exist deactivated:

Reactivate your plugins one by one
Reactivate your plugins one by 1

Use the Activate button to reactivate them i-past-one.

In one case you detect the plugin that's causing the issue, y'all can either accomplish out to the plugin'southward programmer for assist or choose an alternating plugin that accomplishes the same matter (we've collected the best WordPress plugins here).

4. Deactivate CDN Temporarily

If yous're getting 403 forbidden errors on your avails (images, JavaScript, CSS), it could be a problem with your content delivery network (CDN). In this case, nosotros recommend temporarily disabling your CDN and and so checking your site to encounter if it works. If you're a Kinsta customer, click into your site so on the "Kinsta CDN" tab. One time there, toggle the "Kinsta CDN" push off.

Disable Kinsta's CDN
Disable Kinsta'south CDN

Hotlinking is when someone adds an image to their site, simply the hosted link is yet pointed to someone else's site. To prevent this, some will ready what is called "hotlink protection" with their WordPress host or CDN provider.

When hotlink protection is enabled, it will typically render a 403 forbidden fault. This is normal. Even so, if you lot're seeing a 403 forbidden error on something you shouldn't exist, check to make certain hotlink protection is configured properly.

Still Having Issues? Reach Out to Your Hosting Provider

If none of the above solutions worked for you, so we recommend reaching out to your hosting provider. They tin almost likely help yous pinpoint the issue and get y'all support and running. If yous're a Kinsta client, open up upward a back up ticket with our squad. We are available 24/vii.

Summary

The 403 Forbidden error means that your server is working, but you no longer have permission to view all or some of your site for some reason.

The two almost likely causes of this error are issues with your WordPress site's file permissions or .htaccess file. Beyond that, some plugin issues might also cause the 403 Forbidden fault. Or it could exist that something is misconfigured with hotlink protection or your CDN.

By following the troubleshooting steps in this guide, you should be able to become your site back to working in no time.

Relieve time, costs and maximize site performance with:

  • Instant help from WordPress hosting experts, 24/vii.
  • Cloudflare Enterprise integration.
  • Global audience reach with 29 data centers worldwide.
  • Optimization with our built-in Application Functioning Monitoring.

All of that and much more than, in i plan with no long-term contracts, assisted migrations, and a 30-day-money-back-guarantee. Check out our plans or talk to sales to notice the programme that'south correct for you.