How to Fix the 403 Forbidden WordPress Error

To boil it down further, the server knows the browser, and understands what it wants, but the browser doesn’t have the right permissions. How the server displays this depends on the browser your use. While WordPress is a stable platform that runs on state of the art technology, there will still be errors to resolve. This is true for all web apps and platforms. The 403 Forbidden WordPress error is a permissions-based issue that will need you to work within your core files. Once you’ve done this and determined that the file is fine, you can re-add the content from your backup file.

What the 403 Forbidden WordPress Error Is

If you have scant knowledge of file permissions and what the numbers mean, we have an article about it. Though, you don’t need that information for this task. The official WordPress guidelines state that folders should have the permission 755. This means that an administrator (or owner) can do everything with a file, but others can’t. Your task here is to activate plugins one at a time until you find the culprit. When you do, there are a few options to take: From here, select the folders within and right-click. This should bring up a context menu. Depending on your SFTP client, you may see a few different options. Regardless, there will be an option here to view the information on the file, or an explicit option to check the file permissions: Will this article help you fix the 403 Forbidden WordPress error, and do you have any questions? Let us know your thoughts in the comments section below!

How the 403 Forbidden WordPress Error Could Look In Your Browser

To fix it, first download the file as a backup. Next, delete the file from the server. From here, head into your WordPress dashboard to the Settings > Permalinks page:

An Nginx 403 Forbidden WordPress error message.

In a nutshell, if you see a 403 Forbidden WordPress error where you don’t expect, check in with your host and see if they can help you with the issue. It could be that your CDN or hotlinking protection needs a reconfigure.

A 403 Forbidden WordPress error message, complete with payload information.

First off, the 403 Forbidden WordPress error is often a permissions-based issue. As such, this is the first place to start.

What You’ll Need to Fix the 403 Forbidden WordPress Error

…or some further clue as to why the error exists:

  • Access to your server as an administrator. In other words, permission to view the root level of your server.
  • The knowledge and the skills to use Secure File Transfer Protocol (SFTP).
  • Your SFTP credentials, which will be within your hosting dashboard or in an email from your provider.
  • A suitable SFTP client. Transmit is a good premium option, but Cyberduck and FileZilla are go-to open-source solutions.
  • A current, clean backup of your site. You may need to roll back changes, and this will be a lifesaver.
  • There might be a need for a text editor, but it’s not necessary. You can achieve the same results using your default editor such as Notepad or TextEdit.

Though, you will have to single out your wp-config.php file, as this often uses a different set of permissions – 440 or 400. You’ll see from the checkboxes, this locks down the file to read-only privileges:

How to Fix the 403 Forbidden WordPress Error Using 4 Methods

First, rename your plugins folder back to the original. This may deactivate all of your plugins within WordPress. You can find this out from your Plugins > Installed Plugins page within WordPress:

  1. The main cause of the error is a file permissions issue, so you should check this first.
  2. You may want to deactivate your plugins and reactivate them to check whether one is the cause of the issue.
  3. Your .htaccess file could require a fix, as it could be corrupt.
  4. The error could be down to an issue with your Content Delivery Network (CDN) or your hotlinking strategy.

If you see no change to your site, revert the name of your plugins folder and continue with other solutions. Though, if your site is back to normal, you have more work to do.

1. Make Sure Your File Permissions Are Correct

Here, you’ll follow the same path as before, but this time use the 644 permission. This is similar to 755, but doesn’t give anybody Execute privileges. In this article, we’ve given you four ways to solve the 403 Forbidden WordPress error. Here are the methods:

The WordPress root direction using SFTP.

The solutions here go from most to least likely. Though, you’re free to jump around the article and investigate the methods that appear most suited to your unique situation. With this in mind, let’s begin!

Selecting folders using SFTP.

At this point, you may have tried all four methods in the article, and come up short. Our advice here is not to give up just yet. It’s likely that your host will have some insight into why your issue exists.

Changing file permissions on a group of folders.

Sometimes, it can seem as though there are no shortage of WordPress errors to overcome, although the platform is stable and secure. Though, while this means the built-in error reporting is doing its job, you still need to fix issues that arise. The 403 Forbidden WordPress error is a common issue, with a straightforward solution. Though, take note that if there is a deeper reason for the error, you may need to reinstall your site. Your backup from earlier will come in handy, and if you have a clean backup just prior to the error, even better.

Changing file permissions using SFTP.

Before we wrap up, it could be that the 403 Forbidden WordPress error affects your assets (such as media, CSS, and JavaScript) and nothing else. If this is the case, there are two avenues to try:

Changing the file permissions for the wp-config.php page.

To do this, go back to your server using SFTP, and find the wp-content folder. Inside will be the plugins folder:

2. Check that Your Plugins Aren’t Causing the Error

Next, create a copy and store it on your computer. This is because you need to make changes, and should have a way to roll back any other site-breaking issues you encounter. Fixing the 403 Forbidden WordPress error requires you to poke around in your server’s core files and settings. As such, you’ll need the following to fix the task at hand:

The plugins folder within a WordPress directory.

Though, if you still have the 403 Forbidden WordPress error, and this step hasn’t worked, you could also look to your .htaccess file. From here, rename the plugins folder to something else. The exact filename doesn’t matter, as the effect will be the same – this will disable all of the plugins on your site. At this point, check for the 403 Forbidden WordPress error. In a nutshell, if you see a mention of permissions or an explicit “forbidden” message, you’re often dealing with the 403 Forbidden WordPress error. First off, the 403 Forbidden WordPress error is one of the many ‘HTTP status codes’. You’ll know this at least through a 404 error, but there are lots more – almost 600, in fact. There are blocks of numbers that relate to similar issues, such as success messages, redirects, and more.

The Plugins page on the WordPress back end.

Lots of times, you’ll see a direct reason for the error within its ‘payload information’. In other words, the text you’ll see on the 403 Forbidden page itself.

  • If the plugin is vital to your workflow, you’ll want to contact the developer for a fix. In fact, this is a good idea to do regardless, as they can fix the issue within the plugin itself.
  • You’ll want to disable the plugin and remove it from your system, for now at least.
  • You might also want to hunt for an alternative plugin. Of course, the WordPress Plugin Directory is the first place to look.

The simple approach here is to check your server’s root site directory. If there’s no file, you can skip this method. Though, if you can see a .htaccess file here, you run an Apache server and the file could be corrupt.

3. Fix a Corrupt .htaccess File

There’s one more aspect you can look at within your server in order to fix the 403 Forbidden WordPress error – your .htaccess file. This is a configuration file for your server. Though, there are some caveats here:

  • If your server runs on Nginx, you won’t have a .htaccess file. As such, you won’t be able to carry out these steps. If you’re unsure of the server your site runs on, you may want to check your hosting control panel, and
    • The file will be present for Apache servers, and this may be something you tackle earlier than disabling your plugins. Of course, if you have changed the file in any way, this step should be a first port of call.

As such, you’ll want to contact your host’s support to get to the bottom of the 403 Forbidden WordPress error. They should have the expertise to dig into your installation and help you get back to normal.

The .htaccess file highlighted in the WordPress root folder.

There are four methods we suggest for fixing the 403 Forbidden WordPress error. Here they are:

The Permalinks link within WordPress.

Most often, the problem relates to permissions. Though, in some cases, you ran run into faulty plugins, corrupt files, and a few other triggers. With a few quick tweaks to your core files, you’ll be able to get back up and running in a flash.

The Save Changes button.

There will be a dedicated entry field for your file permissions, and once you enter and save you can turn your attention to your files.

4. Investigate Problems With Your Content Delivery Network (CDN)

The 400 range of numbers relates to ‘client errors’. In other words, this means the client (in this case the browser) requests information from the server, but it won’t give it over. In most cases, the server understands what the request is, but won’t authorize it.

  • First, disable your CDN if you use one. How you do this will be individual to your own provider and service. Though, you can often disable it at the flick of a switch.
  • Your host or CDN may set up ‘hotlinking protection’. This stops sites from linking direct to your images while displaying them on your site. In most cases, you’ll see a 403 Forbidden WordPress error, and this is normal behavior. Though, you may want to turn this off to check for the error.

From here, check your site for the 403 Forbidden WordPress error. If it’s still present, you can continue onto the next method.

What to Do If You Can’t Fix the 403 Forbidden WordPress Error

The final step here is simple: Click the Save Changes button to generate a new .htaccess file: Before we fix the 403 Forbidden WordPress error, it’s worth noting that it could look different depending on the server the site uses, and your browser. For example, there could be some information on the server and error, yet nothing else… A classic way of fixing a WordPress error is to deactivate all of your plugins, then reactivate them. This can rule out a rogue line of code inside one of those plugins as a cause for the error.

Wrapping Up

Once you have these to hand, you can start deciding how to fix the error. For this post, we’re going to look at the 403 Forbidden WordPress error, and show you a few methods to pinpoint the cause and fix the problem. First, let’s explain more about the error itself.

  1. Check your core file permissions are correct.
  2. Disable and re-enable your plugins to see if this is a factor.
  3. Figure out whether your .htaccess file is corrupt, and replace it if necessary.
  4. See whether your CDN or hotlinking strategy might be causing the error.

The first step is log into your server through SFTP, and get to your root folder. You may also see public_html, www, the name of your site, or something similar:

Posted by WordPress Guru