Everyone who spends time online has come across an HTTP status error at one point or another. Few of them, however, are as frustrating as getting a 403 Forbidden error on your own WordPress website. Considering you pay for a hosting service and probably set up that WordPress install on your own, it’s downright obnoxious when you’re denied access. It’s like being locked out of your own house.
Fortunately, this error is not a byproduct of your servers suddenly becoming sentient and deciding to take over your website (at least, not to the best of our knowledge). They are simply refusing a request due to a lack of necessary permissions. Often, this is due to something minor breaking down in your WordPress installation. In fact, you’ll probably spend more time figuring exactly what the error is than actually fixing it.
Before we jump into the meat of the article, let us take up a brief moment of your time in order to spread the gospel of performing regular backups. In case you haven’t taken the time to set up a backup solution for your WordPress website, you definitely should. Even though the 403 Forbidden error can be pretty simple to fix, having a recent backup can (and probably will) save you a giant headache at some point when you do run into a site breaking error.
If you’re sure where to start, we’ve got you covered. We’ve written extensively about multiple backup solutions in the past, and all of that advice remains relevant, so take a moment to check out the following articles:
Now that you’ve successfully converted to the Church of Regular Maintenance and Backups (t-shirts and other merchandise pending), let’s move on to the most common causes of the 403 Forbidden error.
Option 1: Check Your File Permissions
As we mentioned at the beginning of this article, the 403 Forbidden error is the consequence of a server refusing a request due to a lack of proper permissions. Therefore, it makes sense to start your troubleshooting by checking whether your WordPress files have the correct permissions.
First of all, in order to check this out, you’ll need to use an FTP manager, your host’s cPanel file manager, or even the WP File Manager Plugin. For the purposes of this guide, we’ll be working with FileZilla, and if you need any help setting it up or learning the basics, take a look at this recent article where we covered everything you need to know.
Once you’re set on that front, you’ll want to access your FTP server using your login credentials, then go over to your WordPress installation folder. If you haven’t done this before, they’re located inside the public_html folder – all you have to do is double-click on it:
Inside public_html, you’ll find a lot of folders and files that represent the backbone of your WordPress website. Each of these will have its own permission settings, with a numeric value that tells you exactly which interactions are enabled for which group of users. For example, every WordPress folder should have a setting of 755 by default, which can be easily seen on FileZilla:
The permission column should appear by default, but if it isn’t there, right-click on a column title to activate it. Additionally, you can simply right-click each file or folder and choose the File Permissions option. You’ll then be able to modify the numerical value of the permissions or manually change the settings for each group of users, which will automatically update the permission value.
Warning: This isn’t the kind of thing that you want to tweak just for kicks. Setting the wrong permissions could easily cripple your site and lead to a 403 Forbidden error situation. That’s what we are trying to avoid.
Handling Changed Permissions
But these permissions do get changed. And if you see that they are not 0755 for the folders, you’ll have to restore them manually so the 403 Forbidden error goes away.
Bear in mind that changing your permission settings won’t necessarily cause a 403 Forbidden (or any other error), but it could make your site more vulnerable to attack. A bit later on, we’ll look at why these specific values should be chosen.
But first, let’s fix them so you can get into your site. Look at your WordPress folders. You can highlight all of the folders at once to batch change permissions. Right-click and choose File Permissions. You will see the following window:
Once inside, if the numerical value of their permissions is anything other than 755, change it and click on OK.
Congrats, you fixed it! It’s as simple as that! Repeat the same process for the individual files lying around. Individual files should be set to 644.
Simple and easy. But we’re not done yet.
Just a bit. Nothing to worry about. Now you have to check whether the files inside the folders whose permissions you fixed all have their values set properly. We recommend that you pay extra special attention to your wp-admin and wp-content folders (specifically themes and plugins), since they contain some of the most crucial WordPress files.
The Numeric Values: What Do They Mean?
Now, you might be wondering exactly why these 755 and 644 are chosen by default. These codes represent which groups have which specific permissions. The 755 code enables every user to read and execute the files included therein, but only the owner can write to them.
Executing the files just means who can access the folders. Who can open them. That’s it. If you wanted everyone to be able to write to them (put files in), that would be a 777 code — and that’s a big no no. Because it means everyone. When it comes to individual files’ 644, it’s the same as the folder 755: readable by all users, but can only be modified or written by their owners.
Now that we’ve successfully restored the correct file and folder permissions, it’s time to check whether the 403 Forbidden error has disappeared. If yes, hooray! You’re done. If not…this isn’t your only option.
Option 2: Inspect Your .htaccess File
It is possible for your .htaccess file to become corrupted, which in turn can cause a 403 Forbidden error. The good news is that fixing a corrupted .htaccess file will only take you a couple of minutes via FTP.
Make your way back to your WordPress root directory. You will find the .htaccess file there. It is likely the first individual file you will see. First, make a backup. Right-click on the file and choose the Download option. It will then be downloaded to the folder that’s set in your Local File directory:
Once you have a copy stored securely on your computer, proceed to delete the .htaccess file in the FTP client.
When you have successfully deleted the file, try to access your site again in order to see if the error persists. If it does, we can discard the .htaccess file as the source of the problem – in which case simply proceed to re-upload the copy you made to your WordPress root directory via FTP.
However, if deleting the file does solve your issue, it was most likely corrupted – in which case we’ll have to generate a new .htaccess. But that’s easy: log into your WP dashboard, jump to Settings, and select the Permalinks option.
If you recently changed your permalink settings, that might have been what caused the 403. Sometimes that can happen because when you hit save, your changes are written into the .htaccess file. And when you don’t have one, hitting save generates a brand new .htaccess file.
Again, if that removes the error, yay! If not, keep reading.
Option 3: Deactivate/Reactivate Your Plugins
We already covered this in detail in a previous guide, but let’s do a quick recap in case you missed it. It’s quite easy to find out whether the 403 Forbidden error is being caused by a faulty plugin without having to deactivate each one individually.
All you have to do is deactivate them all at once, and if the error disappears, you can proceed to go through the boring task of pinpointing exactly which plugin was causing the error in the first place. There are two ways to do this. Using the Plugins menu in your WP dashboard, or you can use FTP.
FTP is typically faster, so we suggest that. All you have to do is rename your plugins folder. Anything works, but something along the lines of plugins.deactivated or plugins.old is generally used.
Doing so will make it so WordPress can’t find your plugins. Thus…deactivated. Once that’s done, proceed to check once more whether the error is gone – if that’s the case, restore the folder’s name. Now it’s time to change the name of each folder inside until you find the culprit responsible for your 403.
As you can see, the 403 Forbidden error is really more of a nuisance than something to be scared of. Chances are that if you ever run across this issue, you’ll be able to fix it in a matter of minutes with a little tinkering.
Let’s run through a quick recap. If your server does rise up against you, and you’re faced with a 403 Forbidden error on your WordPress site, just take a deep breath and count to three…
- Check your file permissions.
- Inspect your .htaccess file.
- Deactivate/reactivate your plugins.
Have you ever run into the 403 Forbidden error in one of your sites? If so, what did it take to fix it?
Article thumbnail image by johavel / shutterstock.com