Fixing 403 Forbidden Errors on WordPress


Are you experiencing 403 forbidden errors on your site? Fixing 403 forbidden errors on WordPress requires some level of technicality, especially for a WordPress beginner.

It is, however, one of the common errors that you are likely to get while browsing the internet.

If you are reading this article, chances are you are currently experiencing this error, and you are looking for a solution. If you are, then look no further as I will teach you everything you need to know about this error.

Can it be fixed? Yes. I will guide you through every step that you need to troubleshoot and also, the steps to fixing these 403 forbidden errors on your WordPress site.

Let’s dive in.

What Is 403 Forbidden Error on WordPress?

403 forbidden error is one of the numerous HTTP status error codes. that shows on your browser signifying that your server permissions did not allow you to access a particular page on a website.


In this error type, the web server understands the request but is unable to provide further access.

This error does not occur only on specific pages on a website; it can occur on an entire website.

The 403 forbidden error can occur for basically 2 reasons:

  1. It could be that the web servers have improperly set up their permissions, which in turn is denying you access to the resources you are looking for on the site when you are not supposed to be denied access.
  2. It could also be that the web servers have properly set up their permissions, and you are not granted access to the site’s resources.

The 403 error status code is an indication that something is wrong with the server and requires immediate attention.

In other words, you need to fix the minor error from your WordPress installation. You will spend most time searching for the cause of this error. Fixing the error after you have found the cause is usually easy.

Read also: How to fix 404 error on WordPress

What Are the Causes of the 403 Forbidden Error on WordPress?

Before tackling any error from your website it is important to Identify the cause of that error.

403 forbidden error shows that something is denying you access to the resources of the site. It is important to know what that thing is.

Knowing the cause of a problem is the first step to solving that problem. Below are some potential causes of 403 errors that you need to look out for before fixing the error.

  • A corrupt .htaccess file.
  • If the website’s directory is empty.
  • One of the causes could be a poorly configured or faulty plugin.
  • Infection caused by malware.
  • The absence of your site’s index page.
  • Incorrect IP address.
  • Error from your WordPress hosting company which is a result of changes to their settings.

We have successfully identified some causes of the 403 forbidden error. The next step focuses on fixing these errors.

Steps to Fixing 403 Forbidden Errors on WordPress

Before you carry out any fixes to your website, I recommend you back up your website. You can back it up manually or using a plugin.

To back it manually, click here and follow the steps.

For automatic backup using a plugin, I recommend updraftsplus because it is free to use and allows you to store your backup in the cloud or download it to your computer.

Although you can choose to go for the premium offer to get more out of the plugin.

Note: before you start fixing any HTTP status error on your website, clear your browser’s cache and cookies and reload the website again. This step can also fix these errors

1. Check Your Site’s .htaccess File.

One of the ways of fixing 403 forbidden errors on WordPress is by checking your site’s .htaccess file for corrupt files.

If there’s any corrupt file in your .htaccess files, it can lead to a 403 error.

What you will do to fix this error is to delete the corrupt file and upload a new one.

To fix this 403 error on your WordPress site, follow the steps below.

Access your site’s file manager from your Cpanel or using an FTP client.


From your file manager locate your public_HTML folder and click on it.


From the public_HTML folder locate the .htaccess file which should look like this:

how-to-fix 403-error

NOTE: In most cases, the .htaccess file is hidden. If that is how it looks from your end, do not be alarmed.

The file is probably hidden. To unhide it, left-click once on the .htaccess file to highlight it then right-click to show the available options.

From the options, click on settings and under preferences, click on the show hidden files check box to enable it.

what to do when 403 forbidden

Once you have access to .htaccess file, the next thing is to fix the corrupt file. The way to go about this is pretty straightforward.

You will first of all download a copy of the .htaccess file to your computer as a backup.

Secondly, you will delete the file. (Right-click and delete).


After deleting the file, go back to your browser and reload the website or the web page. If the error is fixed, you will know that the .htaccess file was corrupt.

You will need to generate a new .htaccess file to replace the corrupted one. How will you go about this? Don’t worry I’ll show you in a moment.

Log in to your admin dashboard.

Navigate to settings and then to permalinks.

how-to-solve 403 forbidden error in wordpress

NOTE: Do not make changes to the default settings; just click on the save button.

403 forbidden error-wordpress wp-admin

By clicking on the save changes button WordPress will automatically create a new .htaccess file for you.

2. Resetting Your Files and Directory Permissions.

If the step above did not fix the 403 error on your WordPress website, then you should consider resetting your files and directory permissions.

It is worth noting that all the files stored on your website come with permissions and also these permissions determine who can actually interact with the resources of the website.

You can do this in 2 ways:

  • Contact your WordPress host provider as they can also be supportive.
  • Do it yourself manually by using an FTP client.

If you are using an FTP client, you should know that changing permissions on your website has its own consequences.

If you are not confident as to how you will change the permission settings, then you should hire a professional to do it for you.

But if you are, please follow me as I guide you through the steps involved.

You will need to connect to your WordPress-powered site using an FTP client to access your site’s folder.

Once you have gained access to the back end of your website using the FTP client, navigate to the public_HTML folder and click on it to expose its contents.

Left-click to highlight it and then right-click to expose options.

403 forbidden error fix

Locate the file permissions or attributes option and click on it.

A file permission dialogue box will be opened for you.


From the already open dialogue box, you will be required to do 2 things.

  • Set up the permissions for folders and
  • Set up the permissions for files.

For the folder permissions,

  • Check the recurse into subdirectories and
  • Apply to all directories only as you can see above.
  • Set the numeric value to 755 and
  • Click on OK.

For the permissions of the files,

You will repeat the steps above only that this time you will check the recurse into directories and check the Apply to files only.

Also, you will change the numeric value to 644. Once you are done, click on the OK button to set the permission.

When this is done, reload your web page to ensure that the error has been fixed.

3. Disabling and Enabling Your Plugins.

If the error persists even after you have tried the 2 steps above, perhaps it is time you try disabling your plugins.

NOTE: Some security plugins can also cause this error. Some WordPress security plugins tend to block IP addresses if they suspect them to be malicious. This tends to cause a 403 error on a website.

Although there are some safe security plugins that you can install on your site, e.g. SUCURI.

Corrupt or poorly coded plugins can also lead to the 403 forbidden error on your WordPress site.

If after installing a plugin you start noticing this error, the best thing to do is to deactivate and uninstall it immediately.

However, if you find it difficult to access your WordPress dashboard then you will need to disable your plugins manually.

This can be done using the FTP client which is connected to your WordPress site.

You will need to locate your WordPress main directory, which is the public_HTML folder that contains your WordPress files.

To deactivate all the plugins installed on your site, you will simply rename the plugin folder. You can rename it to whatever name you choose provided you don’t forget it.


After you have renamed the plugin folder, WordPress won’t be able to read the plugins. Head back to your browser and reload the webpage to check if the error has been fixed.

If the error has been fixed, then you have a faulty plugin.

Rename the folder to its initial name.

Open the folder and just as you did with the parent folder, begin to rename all your plugins to disable them.

With each one, you rename and reload your webpage to check if the error has been fixed.

You will do this for all your plugins until you find the faulty plugin.

Once you find the faulty plugin, delete and reactivate the ones you disabled initially by renaming them to their original names.

If the error persists at this point, then you should consider the next step.

4. Scan Your Site for Malware.

The presence of malware on a site can lead to 403 errors on your WordPress site. This malware has the ability to constantly inject unwanted codes into your site’s .htaccess file.

With the presence of malware on your site even if you apply the steps above the error will keep popping up each time you try to access your WordPress site.

You can solve this by installing trusted security plugins on your WordPress site. WordPress has so many security plugins that can help you scan your site for malware.

Wordfence and sucuri are popular security plugins that you can install on your website.


Wordfence, like most WordPress security plugins, has the tendency to detect and remove malware and other infected files from a website.

But these options are totally customizable. You can choose to delete the files or restore them.

So I recommend you install either of the 2 on your website.

5. Uploading an Index Page.

Normally your website’s homepage should be in index.html or index.php form. But there are cases where they are not and this also can lead to a 403 forbidden error.

When you find yourself in such a situation, there are basically 2 things that you can do:

  • Simply rename the changed homepage back to index.html or index.php.
  • If you prefer the current homepage name, then you will need to upload an index.html file to your public_HTML directory.

And from the public_HTML directory, create a redirect to your preferred homepage.

Note: you will be doing this from your cPanel or via an FTP client that is connected to your website backend, not from your admin dashboard.

Follow the steps below to do this:

  • From your cPanel or FTP client upload an index.html or index.php file to your site public_HTML directory.
  • You will open the .htaccess folder and
  • Insert this code snippet Redirect /index.html /current homepage.html to redirect the index.html or index.php file to the current homepage.

Note: the current homepage.html should be replaced with the actual name of your current homepage, and it must have the .html format behind it.

6. Contact Your Host Provider.

Contacting your host providers for help when all the above steps fail can be a very beneficial solution. It is possible that you have an expired SSL certificate.

An expired SSL certificate can lead to a 403 error on your WordPress site.

Contacting them will also help them to detect the source of any error on your website from their end and in turn, they will help you fix it.

7. Disconnecting Your VPN.

Connecting to a VPN can cause 403 forbidden errors on some websites. Some websites tend to block VPN users, denying them access to the site’s resources.

How do you fix this 403 error on that website? It’s easy simply disconnect your VPN.

If you are the owner of the site, and you are being denied access to your site if you have a VPN on, disable and reload the site.

If you are visiting someone else’s website you should do the same.

Most sites with security plugins installed tend to block users with active VPNs from accessing the resources of the site because security plugins see these VPN connections as malware.

Hence, they refuse to grant them access to the resources of the website.



403 errors can be quite annoying as they tend to hinder you from accessing a site’s resources. You can fix these errors as you would every other WordPress error.

Fixing 403 forbidden errors on WordPress can be quite tricky, but if you follow the steps listed above you will be able to troubleshoot and fix these errors.

However, there may be other steps that were not covered in this article, so if you find any useful step that was not captured in this article.   You can connect with us through the comment section as we take feedback seriously.

If you found this article helpful, please share it with your friends.

1 thought on “Fixing 403 Forbidden Errors on WordPress”

  1. Pingback: WordPress Revisions. What are they?

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Scroll to Top
Verified by MonsterInsights