WordPress 403 error is a very common error that is caused due to the webserver denying access to the WordPress page users are trying to access.

The error messages that are commonly shown are – ‘403 Access Denied’, ‘403 Forbidden’, ‘You don’t have authorization to view this page’ etc.

WordPress 403 error can happen in different scenarios:

1. When trying to access WordPress Admin dashboard at https://domain.com/wp-admin/ .
2. Upon trying to login to WordPress website as a user.
3. While installing a new WordPress website and trying to run http://www.domain.com/wp-admin/install.php during the process.
4. During situations when you try randomly accessing any page in the WordPress website.

The page that gives WordPress 403 error may usually display the complete message – You don’t have permission to access ‘/’ on this server.

What causes WordPress 403 Error?

While 403 errors usually happen due to permission related issues, there are other causes such as certain plugin settings or security settings that cause this error.

In WordPress, 403 Error can happen due to various reasons, which we’ll discuss here.

1. Incorrect file permissions for the user

Every file and folder in the website requires proper access privilege for read, write and execution, for the site to work fine.

By default, the permissions for WordPress folders should be 755 and files should be 644. If the permissions are wrong, the site would end up giving 403 error.

2. Wrong entries in the .htaccess file

The .htaccess file inside a WordPress folder contains the rewrite rules that are required for the WordPress site and related links to work fine.

But, it may happen that the .htaccess file gets corrupted, and these rules no longer work fine. As a result, the website and related URLs may return 403 error.

3. Incompatible plugins

WordPress has a wide range of plugins available. Website owners have a tendency to install many plugins into their WordPress site without verifying its compatibility.

If the plugin you install in your website is incompatible with the WordPress installation, it may mess up the site and end up showing 403 error in the site.

4. Directory index settings

The ‘Directory Index’ directive of a webserver is used to set the list of files to look for, when the client requests an index of the directory in a website.

But if the webserver where the WordPress site is hosted doesn’t support ‘index.php’ in ‘Directory Index’, this 403 error would show up instead of the index page.

In addition to these reasons, some WordPress security plugins or server wide security policies can restrict valid users from connecting to the site and throw 403 errors.

How to fix WordPress 403 Error

In most cases, the error message will not explicitly state the reason for the 403 error. As a result, it is a bit difficult to debug and fix the error.

But with a systematic debugging method, it is possible to pinpoint the issue and fix it. Today, we’ll see how to check and fix each of these reasons to avoid 403 error.

1. Correct the folder and file permissions

The permissions for WordPress folders should be set to 744 or 755 and files should be set to 644 or 640. This can be done as follows:

Access the WordPress directory via FTP or File Manager and select the folder or file permissions settings. The folders are wp-includes and wp-admin.

Update permissions for WordPress folders and files

These permissions should be set recursively for all the folders inside the WordPress site. Similarly, all files should have 644 permissions set.

But manually updating the permissions may be time-consuming. At Bobcares, we use commands to quickly update the permissions of files and folders via the shell.

After updating the permissions, reload the website after clearing the browser cache and see if the site is loading fine without any 403 errors.

2. Fix the .htaccess file

If correcting the permissions did not fix the 403 error, next point to check is the .htaccess file. Here’s how to fix a corrupt .htaccess file.

First, take a backup of the existing ‘.htaccess’ file using the ‘Download’ option in File Manager. Then delete the existing .htaccess file.

Delete existing .htaccess file

To recreate the .htaccess file fresh, go to WordPress Admin Dashboard and select “Settings” -> “Permalinks”.

Generate new .htaccess file in WordPress

You can update the settings and click on ‘Save Changes‘. A new .htaccess file would be generated and now the website should load without the 403 error.

A proper .htaccess file for WordPress website would be like this:

Options +FollowSymLinks
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress

3. Deactivate the problematic plugins

If the .htaccess and file permissions are fine, but the WordPress 403 error persists, the next step is to check for any incompatible plugins.

Many WordPress websites contain a multitude of plugins. As a result, it may be difficult to pin-point the exact plugin that is causing the issue.

The first step is to Deactivate all the plugins from the Admin Dashboard -> Plugins setting.

Deactivate all WordPress plugins

After disabling all plugins, try reloading the WordPress site and see if it shows 403 error. If the error has gone, we can confirm that it is due to some plugin.

Now enable each plugin one by one by clicking on ‘Activate‘ button near the plugin and then reload the website after each activation.

Activate each WordPress plugin one by one

With this exercise, it is possible to identify the problematic plugin and keep it disabled. This will help to fix the 403 error in the WordPress site.

4. Directory index configuration

If the Directory index is not properly set for a WordPress site, you will see ‘You are not authorized to view this page (403 error)’ while trying to login to admin section.

403 error gets displayed instead of the WordPress admin dashboard, after successful authentication using the admin login credentials.

In our previous post on ‘How to fix ‘You are not authorized to view this page (403 error)’ in WordPress sites, we have discussed the fix for this error in detail.

In short..

Today we saw how to resolve the 4 major causes for WordPress 403 error. There is no instant fix for 403 errors, but a systematic debugging method helps in quick resolution.

Before making any changes or updates, it is always advisable to take a backup of the WordPress files and folders and to have experts perform the changes.

If you’d like to know how to manage your WordPress websites with zero downtime, we’d be happy to talk to you.