Did you lot simply endeavor to access your WordPress site but to be striking past some message telling you lot something is "Forbidden" or that you don't have permission to access something on your site? If then, you've probable run across the 403 Forbidden error on WordPress.

Seeing an error on your WordPress site can be frustrating and deflating, which is why we've created this detailed guide to help you fix the 403 Forbidden Error on WordPress and become your site functioning again every bit quickly as possible.

Let's get started without any farther introduction because we're sure you just want to fix your site!

  • What is the 403 Forbidden error
  • How to fix the 403 Forbidden mistake

Prefer the video version?

What is the 403 Forbidden Error?

The Internet Applied science Task Force (IETF) defines the error 403 Forbidden as:

The 403 (Forbidden) status code indicates that the server understood the request but refuses to authorize information technology. A server that wishes to make public why the request has been forbidden can describe that reason in the response payload (if whatever).

Like many other common WordPress errors, the 403 Forbidden fault is an HTTP status code that a spider web server uses to communicate with your spider web browser.

403 forbidden error in Chrome
403 forbidden mistake in Chrome

Quick background on HTTP status codes – whenever you connect to a website with your browser, the web server responds with something called an HTTP header. Usually, this all happens backside the scenes because everything is working commonly (that's a 200 status code, in case yous were wondering).

However, if something goes wrong, the server will respond dorsum with a dissimilar numbered HTTP condition code. While these numbers are frustrating to run across, they're actually quite of import because they aid you lot diagnose exactly what'southward going wrong on your site.

The 403 Forbidden error means that your web server understands the request that the client (i.e. your browser) is making, only the server will not fulfill it.

In more human being-friendly terms, information technology basically means that your server knows exactly what y'all desire to exercise, it just won't let you do it because yous don't have the proper permissions for some reason. It'southward kind of like you're trying to become into a private event, but your name got accidentally removed from the guestlist for some reason.

Other HTTP condition codes mean dissimilar things. We've written guides on fixing issues with 404 not plant errors, 500 internal server errors, 502 bad gateway errors, and 504 gateway timeout errors.

What Causes the 403 Forbidden Error on WordPress?

The two most likely causes of the 403 Forbidden Fault on WordPress are:

  1. Corrupt .htaccess file
  2. Incorrect file permissions

It's also possible that you're seeing the error because of an upshot with a plugin that you're using at your site. In this article, we'll show you how to troubleshoot all of these potential issues.

403 Forbidden Error Variations

Similar many other HTTP status codes, there are a lot of different variations for how this error lawmaking presents itself.

Here are some common variations that you lot might come up across:

  • "Forbidden – You don't take permission to access / on this server"
  • "403 – Forbidden: Access is denied"
  • "Mistake 403 – Forbidden"
  • "403 – Forbidden Error – Y'all are not immune to access this address"
  • "403 Forbidden – nginx"
  • "HTTP Error 403 – Forbidden – You do not have permission to access the certificate or program you requested"
  • "403 Forbidden – Admission to this resource on the server is denied"
  • "403. That'due south an mistake. Your client does not have permission to become URL / from this server"
  • "You lot are non authorized to view this folio"
  • "It appears you don't accept permission to admission this page."

If you're on an Nginx server, information technology volition expect like this below. Basically, if you run into whatsoever mention of "forbidden" or "not immune to access", you're probably dealing with a 403 Forbidden error.

What the 403 Forbidden Error looks like at Kinsta
What the 403 Forbidden Fault looks like at Kinsta

How to Set 403 Forbidden Mistake on WordPress

To assist you lot fix the 403 Forbidden Error on your WordPress site, we'll encompass v separate troubleshooting steps in detail:

  • File permissions
  • .htaccess file
  • Plugin issues
  • CDN bug
  • Hotlink protection

1. File Permissions

Each binder and file on your WordPress site'due south server has its own unique file permissions that control who can:

  • Read – encounter the data in the file/view the contents of a folder.
  • Write – modify the file/add together or delete files inside a folder
  • Execute – run the file and/or execute information technology every bit a script/access a folder and perform functions and commands.

These permissions are indicated by a 3-digit number, with each digit indicating the level of permission for each of the iii categories in a higher place.

Subscribe Now

Normally, these permissions just "work" for your WordPress site. Yet, if something gets messed up with the file permissions at your WordPress site, it can cause the 403 Forbidden error.

To view and modify your site'due south file permissions, you'll demand to connect via FTP/SFTP. Here's how to utilize SFTP if you're hosting at Kinsta.

For the screenshots in the tutorial below, we'll be using the costless FileZilla FTP program. The basic principles will apply to any FTP program, though – you'll but demand to apply them to a different interface.

In one case you're connected to your server, you can view a file or folder'south permissions past right-clicking on it:

View file permissions in FileZilla
View file permissions in FileZilla

Of grade, manually checking the permissions for each file or folder isn't actually an pick. Instead, you tin can automatically use file permissions to all the files or folders inside of a folder.

According to the WordPress Codex, the ideal file permissions for WordPress are:

  • Files– 644 or 640
  • Directories – 755 or 750

One exception is that your wp-config.php file should be 440 or 400.

To set up these permissions, right-click on the folder that contains your WordPress site (the folder proper name is public at Kinsta). Then, choose File Attributes:

Bulk edit file permissions in FileZilla
Bulk edit file permissions in FileZilla

Enter 755 or 750 in the Numeric value box. Then, choose Recurse into subdirectories and Apply to directories only:

File permissions for WordPress directories
File permissions for WordPress directories

In one case you lot've practical the right permissions for directories, you'll repeat the procedure for files. Merely this fourth dimension:

  • Enter 644 or 640 in the Numeric value box
  • Choose Recurse into subdirectories
  • Choose Utilize to files simply
File permissions for WordPress files
File permissions for WordPress files

To finish the procedure, you lot only need to manually adapt the permissions for your wp-config.php file to make them 440 or 400:

File permissions for wp-config.php file
File permissions for wp-config.php file

If file permissions issues were causing the 403 Forbidden Error, your site should now first working over again.

two. .htaccess File

Kinsta uses the NGINX web server, and then this potential issue doesn't apply if you're hosting your site at Kinsta because Kinsta sites practise not have a .htaccess file.

All the same, if you're hosting elsewhere and your host uses the Apache spider web server, one mutual crusade of the 403 Forbidden mistake is a problem in your site'due south .htaccess file.

The .htaccess file is a basic configuration file used past the Apache spider web server. You can use it to set up redirects, restrict access to all or some of your site, etc.

Because it'south so powerful, fifty-fifty if a trivial error can crusade a big upshot, like the 403 Forbidden error.

Rather than trying to troubleshoot the .htaccess file itself, a simpler solution is to simply strength WordPress to generate a new, clean .htaccess file.

To do that:

  • Connect to your server via FTP
  • Discover the .htaccess file in your root folder
  • Download a copy of the file to your computer (it'south always a skilful idea to have a backup just in case)
  • Delete the .htaccess file from your server after you have a condom backup copy on your local estimator
Delete the .htaccess file
Delete the .htaccess file

Now, yous should be able to access your WordPress site if your .htaccess file was the issue.

To force WordPress to generate a new, clean .htaccess file:

  • Go to Settings → Permalinks in your WordPress dashboard
  • Click Save Changes at the lesser of the page (you do not need to make any changes – simply click the button)
How to generate a new, clean .htaccess file
How to generate a new, clean .htaccess file

And that's it – WordPress will now generate a new .htaccess file for you.

3. Deactivate and then Reactivate Your Plugins

If neither your site's file permissions nor .htaccess file are the problems, the adjacent place to look is your plugins. It could exist a bug in a plugin or a compatibility issue between dissimilar plugins.

No matter what the issue is, the easiest way to find the problematic plugin is with a little trial and error. Specifically, yous'll need to deactivate all of your plugins and then reactivate them one past i until you detect the culprit.

If you can yet admission your WordPress dashboard, you can perform this procedure from the normal Plugins area.

If you cannot access your WordPress dashboard, you'll instead need to connect to your WordPress site'due south server via FTP/SFTP (here'southward how to connect via SFTP at Kinsta).

Once you're continued to your server via FTP:

  1. Scan to the wp-content binder
  2. Find the plugins folder inside of the wp-content folder
  3. Right-click on the plugins folder and choose Rename
  4. Modify the proper noun of the folder. You lot tin name it anything different, merely we recommend something like plugins-disabled to make it piece of cake to remember.
Rename the plugins folder
Rename the plugins binder

Past renaming the folder, you've finer disabled all the plugins at your site.

At present, effort accessing your site again. If your site is working, you know that ane of your plugins is causing the 403 Forbidden fault.

To find the culprit, reactivate your plugins i-by-one until yous notice which plugin is causing the upshot.

Afterward changing the file name of the plugins folder, you should meet a number of errors that say plugin file does not exist when yous go to the Plugins area on your site:

What happens after renaming the plugins folder
What happens subsequently renaming the plugins binder

To fix this issue and regain the ability to manage your plugins, employ your FTP plan to change the name of the binder back to plugins. And so, if y'all renamed it to plugins-disabled, just change it back to plugins.

Once you do that, yous'll see the full listing of all your plugins once again. Only now, they'll all be deactivated:

Reactivate your plugins one by one
Reactivate your plugins one by one

Use the Activate button to reactivate them one-by-one.

Once you lot find the plugin that'south causing the issue, y'all can either achieve out to the plugin's developer for help or cull an alternating plugin that accomplishes the same matter (nosotros've collected the best WordPress plugins here).

four. Conciliate CDN Temporarily

If you're getting 403 forbidden errors on your assets (images, JavaScript, CSS), it could be a problem with your content delivery network (CDN). In this case, we recommend temporarily disabling your CDN and then checking your site to come across if it works. If you're a Kinsta client, click into your site and then on the "Kinsta CDN" tab. Once there, toggle the "Kinsta CDN" button off.

Disable Kinsta's CDN
Disable Kinsta'due south CDN

Hotlinking is when someone adds an image to their site, but the hosted link is withal pointed to someone else's site. To prevent this, some will gear up what is chosen "hotlink protection" with their WordPress host or CDN provider.

When hotlink protection is enabled, it will typically return a 403 forbidden error. This is normal. Nonetheless, if yous're seeing a 403 forbidden error on something y'all shouldn't exist, check to brand sure hotlink protection is configured properly.

Still Having Issues? Reach Out to Your Hosting Provider

If none of the to a higher place solutions worked for you, then we recommend reaching out to your hosting provider. They can most probable assistance you lot pinpoint the issue and get you support and running. If you're a Kinsta client, open up a back up ticket with our team. We are bachelor 24/7.

Summary

The 403 Forbidden error means that your server is working, but you no longer have permission to view all or some of your site for some reason.

The ii most likely causes of this error are issues with your WordPress site's file permissions or .htaccess file. Across that, some plugin issues might also cause the 403 Forbidden error. Or information technology could be that something is misconfigured with hotlink protection or your CDN.

By following the troubleshooting steps in this guide, you should exist able to get your site back to working in no time.

Save time, costs and maximize site performance with:

  • Instant help from WordPress hosting experts, 24/7.
  • Cloudflare Enterprise integration.
  • Global audience achieve with 29 information centers worldwide.
  • Optimization with our born Application Performance Monitoring.

All of that and much more, in one plan with no long-term contracts, assisted migrations, and a 30-twenty-four hour period-coin-back-guarantee. Check out our plans or talk to sales to find the plan that's right for yous.