Everyone who spends time online has come across an HTTP status error at one point or another. However, few of them are as frustrating as getting a 403 Forbidden error on your WordPress website. Considering you pay for a hosting service and probably set up that WordPress install on your own. So, it’s pretty obnoxious when you’re denied access. Learn how to fix the 403 forbidden error in WordPress.
Fortunately, this error is not a byproduct of your servers suddenly becoming sentient. In addition, deciding to take over your website (at least, not to the best of our knowledge). It’s just refusing a request due to a lack of necessary permissions. Most often due to something minor breaking down in your WordPress installation. You’ll probably spend more time figuring out where the error lies than fixing it.
Now that your fears are out let’s review the potential causes (and fixes) for this error.
How to Fix 403 Forbidden Error?
Step 1: Check Your File Permissions
As we mentioned at the beginning of this article, the 403 Forbidden error is the consequence of a server refusing a request due to a lack of proper permissions. Therefore, it makes sense to start your troubleshooting by checking whether your WordPress files have the correct permissions.
First, to check this out, you’ll need to use an FTP manager. For this guide, we’ll be working with FileZilla, and if you need any help setting it up or learning the basics, take a look at this recent article, where we covered everything you need to know.
Once you’re up on that front, you’ll want to access your FTP server using your login credentials. Then go over to your WordPress installation folder. If you haven’t done this before, they’re present inside the public_html folder. Finally, all you have to do is double-click on it:
Inside public_html, you’ll find a lot of folders and files that represent the backbone of your WordPress website. Each of these will have its permission settings. A numeric value tells you exactly which interactions are up for which group of users. For example, every WordPress folder should have a setting of 755 by default, which we can find easily on FileZilla:
Locate Files To Fix 403 Forbidden Error in WordPress
The permission column should appear to you by default. But if for some reason it doesn’t. All you have to do is right-click on the titles of the columns to activate it. Additionally, you can simply right-click each file or folder and choose the File Permissions option. You’ll then be able to modify the numerical value of the permissions. Or manually change the settings for each group of users, which will automatically update the permission value.
Warning: This isn’t the thing you want to tweak just for kicks. Setting the wrong permissions could easily cripple your site and lead to a 403 Forbidden error.
Now, if the default permission values of your WordPress installation are different. So, you’ll have to restore them manually to make the 403 Forbidden error go away. Remember that changing your permission settings won’t necessarily cause this specific error. Or any mistake in particular, but it still could leave your site vulnerable from a security standpoint. Once we’ve restored the default permission values, we’ll discuss why those specific values are desirable.
Review WordPress Folders
Now, let’s look at your WordPress folders. For efficiency’s sake, we recommend you select all of them at once to change their permissions in a single stroke. Once you’ve chosen them, right-click and pick the File Permissions option.
Once inside, if the numerical value of their permissions is anything other than 755, change it to that value and click on OK.
It’s as simple as that! Now let’s repeat the same process for the individual files lying around public_html, which should all be set to 644. Select them all, go to File Permissions, and if the value isn’t already set at 644, correct that.
Pretty simple, but we’re not really yet. Now you have to check whether the files inside the folders whose permissions you fixed all have their values set correctly. We recommend that you pay extra special attention to your wp-admin, themes, and plugin folders since they contain some of the most crucial WordPress files.
You might wonder why these two specific values, 755 and 644, are present by default. To make a long story short, these codes represent which group has which permissions, as you may have surmised while tinkering with FileZilla’s File Permissions tab. The 755 code enables every user to read and execute the files included, but only the file’s owner retains writing privileges.
Execution Privileges
Now, as far as permissions go, when we say that all users have execution privileges, we’re only using the official lingo to indicate that the server can access these folders. Your site should be alright if all users don’t have writing privileges (which would be a 777 code – a big no-no). Regarding individual files and 644, this code means that files are readable by all users but can only receive editions or new content by their owners.
Now that we’ve successfully restored the correct file and folder permissions, it’s time to check whether the 403 Forbidden error has disappeared. If that isn’t the case, it’s time to try a couple of other things.
Step 2: Check Your .htaccess File
Your .htaccess file can become corrupted, which in turn can cause a 403 Forbidden access error to appear on your WordPress site. The good news is that fixing a corrupted .htaccess file will only take you a couple of minutes with the aid of your trusty FTP manager.
If you’re following our guide step-by-step, your FTP manager should still be open – otherwise, get it started again and go to your WordPress root folder. Therein you’ll find the .htaccess file we’re looking for, and we’ll make a backup of it just to play it safe. Right-click on the file and choose the Download option. It will then be downloaded to the folder that’s set in your Local File directory:
Once you have a copy stored securely on your computer, proceed to delete the .htaccess file on your WordPress installation. Don’t worry. We will be restoring it shortly, and you should still be able to access your dashboard.
Test Again To Fix 403 Forbidden Error in WordPress
When you have successfully deleted the file, try to reaccess your site to see if the error persists. If it does, we can discard the .htaccess file as the source of the problem. In this case, simply proceed to re-upload the copy you made to your WordPress root directory via FTP.
However, if deleting the file does solve your issue, it was most likely corrupted – in which case we’ll have to generate a new copy. To do so, access your dashboard, jump to Settings, and select the Permalinks option.
Inside, you may proceed to update your settings if there is anything you wish to change. As an aside, it’s important to note that updating your permalink structure can sometimes result in a 403 Forbidden error, since the rules you set are inserted into the .htaccess file.
Once you’re satisfied, simply click on Save Changes, and this will automatically generate a brand new .htaccess file:
Step 3: Check Your Plugins
We already covered this in detail in a previous guide, but let’s do a quick recap in case you missed it. It’s pretty easy to find out whether a faulty plugin is causing the 403 Forbidden error without having to deactivate each one individually.
All you have to do is deactivate them all at once, and if the error disappears, you can proceed to go through the tedious task of pinpointing exactly which plugin was causing the error in the first place.
To achieve this feat, all you need to do is relocate to your plugin directory via FTP and change its name to something different, as in the example below.
This will render WordPress unable to find your plugins, resulting in their deactivation. Once that’s ready, proceed to check once more whether the error is out – if that’s the case, restore the folder’s name, then change the name of each folder inside to deactivate them until you find the culprit.
Conclusion
As you can see, the 403 Forbidden error is more of a nuisance than something to be scared of. Chances are that if you ever run across this issue, you’ll be able to fix it in a matter of minutes with a bit of tinkering – and the help of our guide.
Let’s run through a quick recap. If your server does rise against you and you note a 403 Forbidden error on your WordPress site, all you need to do is follow these steps:
- Check your user privileges.
- Check your .htaccess file.
- Check your plugins.
Have you ever run into the 403 Forbidden error in one of your sites, and what did it take to fix it in your case? Share your story with us and subscribe to the comments section below!