Bobcares

WeSupport

Call Us! 1-800-383-5193
Call Us! 1-800-383-5193
Call Us! 1-800-383-5193

Need Help?

Emergency Response Time custom

Our experts have had an average response time of 11.06 minutes in March 2021 to fix urgent issues.

We will keep your servers stable, secure and fast at all times for one fixed price.

4 reasons for WordPress 403 error and how to fix them

by | Oct 19, 2016

WordPress 403 error is a very common error that is caused due to the webserver denying access to the WordPress page users are trying to access.

The error messages that are commonly shown are – ‘403 Access Denied’, ‘403 Forbidden’, ‘You don’t have authorization to view this page’ etc.

WordPress 403 error can happen in different scenarios:

  1. When trying to access WordPress Admin dashboard at https://domain.com/wp-admin/ .
  2. Upon trying to login to WordPress website as a user.
  3. While installing a new WordPress website and trying to run http://www.domain.com/wp-admin/install.php during the process.
  4. During situations when you try randomly accessing any page in the WordPress website.

The page that gives WordPress 403 error may usually display the complete message – You don’t have permission to access ‘/’ on this server.

What causes WordPress 403 Error?

While 403 errors usually happen due to permission related issues, there are other causes such as certain plugin settings or security settings that cause this error.

In WordPress, 403 Error can happen due to various reasons, which we’ll discuss here.

1. Incorrect file permissions for the user

Every file and folder in the website requires proper access privilege for read, write and execution, for the site to work fine.

By default, the permissions for WordPress folders should be 755 and files should be 644. If the permissions are wrong, the site would end up giving 403 error.

2. Wrong entries in the .htaccess file

The .htaccess file inside a WordPress folder contains the rewrite rules that are required for the WordPress site and related links to work fine.

But, it may happen that the .htaccess file gets corrupted, and these rules no longer work fine. As a result, the website and related URLs may return 403 error.

3. Incompatible plugins

WordPress has a wide range of plugins available. Website owners have a tendency to install many plugins into their WordPress site without verifying its compatibility.

If the plugin you install in your website is incompatible with the WordPress installation, it may mess up the site and end up showing 403 error in the site.

4. Directory index settings

The ‘Directory Index’ directive of a webserver is used to set the list of files to look for, when the client requests an index of the directory in a website.

But if the webserver where the WordPress site is hosted doesn’t support ‘index.php’ in ‘Directory Index’, this 403 error would show up instead of the index page.

In addition to these reasons, some WordPress security plugins or server wide security policies can restrict valid users from connecting to the site and throw 403 errors.

How to fix WordPress 403 Error

In most cases, the error message will not explicitly state the reason for the 403 error. As a result, it is a bit difficult to debug and fix the error.

But with a systematic debugging method, it is possible to pinpoint the issue and fix it. Today, we’ll see how to check and fix each of these reasons to avoid 403 error.

1. Correct the folder and file permissions

The permissions for WordPress folders should be set to 744 or 755 and files should be set to 644 or 640. This can be done as follows:

Access the WordPress directory via FTP or File Manager and select the folder or file permissions settings. The folders are wp-includes and wp-admin.

Update permissions for WordPress folders and files

Update permissions for WordPress folders and files

 

These permissions should be set recursively for all the folders inside the WordPress site. Similarly, all files should have 644 permissions set.

But manually updating the permissions may be time-consuming. At Bobcares, we use commands to quickly update the permissions of files and folders via the shell.

After updating the permissions, reload the website after clearing the browser cache and see if the site is loading fine without any 403 errors.

2. Fix the .htaccess file

If correcting the permissions did not fix the 403 error, next point to check is the .htaccess file. Here’s how to fix a corrupt .htaccess file.

First, take a backup of the existing ‘.htaccess’ file using the ‘Download’ option in File Manager. Then delete the existing .htaccess file.

Delete existing .htaccess file

Delete existing .htaccess file

 

To recreate the .htaccess file fresh, go to WordPress Admin Dashboard and select “Settings” -> “Permalinks”.

 

Generate new .htaccess file in WordPress

Generate new .htaccess file in WordPress

 

You can update the settings and click on ‘Save Changes. A new .htaccess file would be generated and now the website should load without the 403 error.

A proper .htaccess file for WordPress website would be like this:

Options +FollowSymLinks
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress

3. Deactivate the problematic plugins

If the .htaccess and file permissions are fine, but the WordPress 403 error persists, the next step is to check for any incompatible plugins.

Many WordPress websites contain a multitude of plugins. As a result, it may be difficult to pin-point the exact plugin that is causing the issue.

The first step is to Deactivate all the plugins from the Admin Dashboard -> Plugins setting.

 

Deactivate all WordPress plugins

Deactivate all WordPress plugins

 

After disabling all plugins, try reloading the WordPress site and see if it shows 403 error. If the error has gone, we can confirm that it is due to some plugin.

Now enable each plugin one by one by clicking on ‘Activate‘ button near the plugin and then reload the website after each activation.

 

Activate each WordPress plugin one by one

Activate each WordPress plugin one by one

 

With this exercise, it is possible to identify the problematic plugin and keep it disabled. This will help to fix the 403 error in the WordPress site.

4. Directory index configuration

If the Directory index is not properly set for a WordPress site, you will see ‘You are not authorized to view this page (403 error)’ while trying to login to admin section.

403 error gets displayed instead of the WordPress admin dashboard, after successful authentication using the admin login credentials.

In our previous post on ‘How to fix ‘You are not authorized to view this page (403 error)’ in WordPress sites, we have discussed the fix for this error in detail.

In short..

Today we saw how to resolve the 4 major causes for WordPress 403 error. There is no instant fix for 403 errors, but a systematic debugging method helps in quick resolution.

Before making any changes or updates, it is always advisable to take a backup of the WordPress files and folders and to have experts perform the changes.

If you’d like to know how to manage your WordPress websites with zero downtime, we’d be happy to talk to you.

 

 

Get a FREE consultation

Do you spend all day answering technical support queries?

Wish you had more time to focus on your business? Let us help you.

We free up your time by taking care of your customers and servers. Our engineers monitor your servers 24/7, and support your customers over help desk, live chat and phone.

Talk to our technical support specialist today to know how we can keep your service top notch!

TALK TO AN EXPERT NOW!

var google_conversion_label = "Blp0CLCojHIQ0aD71QM";


Bobcares provides Outsourced Hosting Support and Outsourced Server Management for online businesses. Our services include Hosting Support Services, server support, help desk support, live chat support and phone support.

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *

Privacy Preference Center

Necessary

Necessary cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies.

PHPSESSID - Preserves user session state across page requests.

gdpr[consent_types] - Used to store user consents.

gdpr[allowed_cookies] - Used to store user allowed cookies.

PHPSESSID, gdpr[consent_types], gdpr[allowed_cookies]
PHPSESSID
WHMCSpKDlPzh2chML

Statistics

Statistic cookies help website owners to understand how visitors interact with websites by collecting and reporting information anonymously.

_ga - Preserves user session state across page requests.

_gat - Used by Google Analytics to throttle request rate

_gid - Registers a unique ID that is used to generate statistical data on how you use the website.

smartlookCookie - Used to collect user device and location information of the site visitors to improve the websites User Experience.

_ga, _gat, _gid
_ga, _gat, _gid
smartlookCookie

Marketing

Marketing cookies are used to track visitors across websites. The intention is to display ads that are relevant and engaging for the individual user and thereby more valuable for publishers and third party advertisers.

IDE - Used by Google DoubleClick to register and report the website user's actions after viewing or clicking one of the advertiser's ads with the purpose of measuring the efficacy of an ad and to present targeted ads to the user.

test_cookie - Used to check if the user's browser supports cookies.

1P_JAR - Google cookie. These cookies are used to collect website statistics and track conversion rates.

NID - Registers a unique ID that identifies a returning user's device. The ID is used for serving ads that are most relevant to the user.

DV - Google ad personalisation

IDE, test_cookie, 1P_JAR, NID, DV, NID
IDE, test_cookie
1P_JAR, NID, DV
NID
hblid

Security

These are essential site cookies, used by the google reCAPTCHA. These cookies use an unique identifier to verify if a visitor is human or a bot.

SID, APISID, HSID, NID, PREF
SID, APISID, HSID, NID, PREF