How to Fix WordPress 403 Forbidden Error [15 Easy Fixes]

A 403 Forbidden error on WordPress sites causes problems for both you and your website visitors. For site owners, it prevents access to your WP admin dashboard for managing updates and plugins.

For your visitors, it blocks them from viewing your site or certain pages.

If this error is left unchecked, it can hurt your site’s reputation, reduce traffic, and affect your SEO rankings.

Fixing it quickly ensures your site stays accessible, reliable, and professional.

A 403 forbidden error looks critical enough to cause panic. However, WordPress errors aren’t as scary as they might appear.

In this blog, I’ll explain many easy ways to fix the 403 forbidden error. We’ll also explain what causes this error so you can understand the underlying causes and fix them ahead of time.

Let’s get started…

What Is 403 Forbidden Error in WordPress?

When server permissions prevent access to certain areas of your WordPress site, the 403 Forbidden error occurs and blocks entry. It usually displays messages such as:

• 403 Forbidden – You don’t have permission to access this resource.
• Access denied.

This error can happen when you try to log into your admin panel, install WordPress, or view certain pages. This can prevent people from seeing your website.

What Causes the 403 Forbidden Error?

Several factors can trigger a 403 error, including:

• Security plugins blocking access: Some plugins may restrict certain IP addresses if flagged as threats.
• A corrupted .htaccess file: Damage or misconfigurations in this file can cause access issues.
• Incorrect file permissions: Files and folders need correct permissions for users to access them.
• Hosting provider changes: Unexpected server adjustments by your hosting provider can sometimes lead to this error.
• Malware issues: Malware can repeatedly corrupt essential files, causing persistent errors until fully removed.
• No index file: Your homepage must be named ‘index.php’ or ‘index.html’ for proper access.
• Plugin problems: Conflicts or incorrect settings in plugins can interfere with permissions.

Understanding these causes helps in pinpointing the problem and applying the right fix.

What Are the Different Variations of 403 Forbidden Errors?

You may encounter 403 forbidden errors in different variations. Some of these are:

• 403 Forbidden
• HTTP Error 403 – Forbidden
• Forbidden: You don’t have permission to access [directory] on this server
• A 403 forbidden error occurred while using an ErrorDocument to handle the request
• Forbidden
• Error 403
• 403 Forbidden: Access Denied
• 403 Forbidden: Forbidden by Rule
• 403 Forbidden: IP Address Blocked
• 403 Forbidden: Too Many Requests
• 403 Forbidden: User Not Authorized
• 403 Forbidden: You do not have permission to view this page

These variations can differ depending on the server setup, the platform you’re using, or any security rules in place.

Fix 403 Forbidden Errors with our WP Rescue Kit: Ultimate Error-Fixing Checklist!

403 Forbidden Errors can confuse visitors and potentially expose security vulnerabilities. Get our FREE guide and learn how to fix these errors quickly to ensure a smooth user experience and maintain a secure website.

I agree to the Cloudways Terms of Service & Privacy Policy

Get It Now

Thank You

Your list is on it’s Way to Your Inbox.

How to Fix WordPress 403 Forbidden Error (15 Easy Fixes)

The 403 error can be a bit tricky to resolve because the server doesn’t allow your browser to load the scripts.

Nonetheless, fixing it is possible if you know what you’re doing.

Several easy ways exist to resolve the 403 forbidden error on WordPress sites.

Below I’ll share 15 easy fixes that can help you chronologically detect and fix the error.

Note: Before trying any troubleshooting method, it is highly recommended to back up your entire website. Because if something goes wrong while troubleshooting, it will help you recover your website without any hassle.

1. Clear Your Browsing Cache

Clearing your browser’s cache is the simplest solution to the 403 error, and a hard refresh is always recommended whenever you encounter a WordPress error.

The 403 error might simply be down to the browser cache. So, clearing your browser cache and cookies or visiting your website in incognito mode might fix your issue.

While there are many web browsers out there, if you use Google Chrome, here’s how you can clear your browser cache.

• To clear your cache in Google Chrome, click the three dots icon in the top right of your browser window, then go to More Tools > Clear browsing data. Alternatively, use the hotkey combination: CTRL + SHIFT + DEL. Select “Cached images and files” and choose the time frame (e.g., last 24 hours) from the Time Range field. Click “Clear data” to empty the cache.

• For more advanced data removal, go to the Advanced tab in the Clear browsing data window. You can choose to clear passwords, autofill form data, site settings, and hosted app data. Click “Clear Data” when done.

• Google Chrome also offers different paths to access the Clear Browsing Data window. You can find it in Chrome Settings > Privacy and Security or directly by clicking the Clear Browsing Data button. Additionally, you can manage cookies by going to Cookies and Other Site Data settings.

• To automate cache clearing, explore the option to clear cookies and site data when you close all windows. You can also manually manage cache items by accessing “See All Cookies and Site Data.” There, you can allow, block, or clear cookies for specific sites.

Fastest WordPress Hosting For Developers & Agencies at just $11/Month*

Experience blazing fast server speeds with Cloudways LAMP + NGINX hybrid stack. Improve your Core Web Vitals and supercharge your WordPress with Cloudways Hosting.

Try For Free

2.  Rollback to a Running Version From Your Hosting Backup

If your hosting provider offers an application or server-level backup, you can revert the changes and roll back to the previous running version. Reverting to the last working version can help you bypass the 403 error.

For example, your website worked fine on  August 2nd but stopped on September 1st. In that case, you can return to the previous working version with a few clicks.

If you are a Cloudways user, rolling back to a previous version is incredibly simple. Follow the steps below:

• Log in to the Cloudways platform

• Select your application

• Go to Backup and Restore

• Roll back to the previous version by selecting the date from the drop-down menu

• And that’s it. Following the steps above will help you roll back to previous versions on the Cloudways platforms in minutes.

3. Check .htaccess File

Another reason why a 403 forbidden WordPress error may occur is a corrupted .htaccess file. You can fix a bad .htaccess file in a few seconds with any FTP manager.

• First, log in to your server using an FTP client
• Go to the .htaccess file located in the public_html

• Right-click on the .htaccess file and download the file to remain safe

• Once you’ve downloaded the file, delete the .htaccess file

• Now go to your browser and refresh your website to check if the 403 error has been resolved

Note: Don’t forget to upload the .htaccess file you previously downloaded to your server.

If the issue is resolved by deleting the .htaccess file, it confirms that the error was due to a corrupted .htaccess file.

To generate a clean .htaccess file, follow these steps:

• Log in to your WordPress dashboard
• Go to Settings > Permalinks

• You’ll be redirected to the permalink settings page

• Click the Save Changes button at the bottom of the page to generate a new .htaccess file.

• Open your FTP client to verify if the .htaccess file has been regenerated.

If the error still persists, move to the next troubleshooting method outlined below:

4. Check File Permissions

Many files in WordPress require access permissions. And if those permissions are incorrect, the server will give a 403 permission denied error, indicating you don’t have the requested file.

• Connect to your WordPress website using an FTP client
• Navigate to the root
• Right-click public_html and click the file permissions

• Ensure that the numeric value in the Permission box is set to 744 or 775
• Check the box next to ‘Recurse into subdirectories‘
• Check the option that says ‘Apply to directories only‘
• Click OK

• Repeat the same process for all the files
• Set the file permission to 644 or 640
• Don’t forget to select Recurse into subdirectories > Apply to files only
• Click OK

• Check again to see if the 403 forbidden WordPress error is resolved. If it still appears, then perform the next step, i.e., deactivating the plugins

5. Check Server Configuration Files

Another critical check is your server configuration files. Incorrect rules in files like .htaccess (for Apache servers) or nginx.conf (for Nginx servers) can cause 403 errors by restricting access.

If you’re using an Apache server, here’s how you can modify your .htaccess file to allow all traffic on your site:

• Access your server files via FTP or SFTP. I’ll use FileZilla.
• Navigate to the public_html directory.
• Locate the .htaccess file (make sure hidden files are visible).

• Open the .htaccess file and check for restrictive rules such as: deny from all.
• Modify this rule to allow traffic: allow from all.

# Example of a restrictive rule

<Limit GET POST>

Order deny,allow

Deny from all

</Limit>

# To allow access, change "Deny from all" to "Allow from all"

<Limit GET POST>

Order allow,deny

Allow from all

</Limit>

• Save the file and refresh your site.

If you’re using Cloudways, I’ve already shared where you can find and access the .htaccess file earlier in this guide.

Performance-Focused WordPress Hosting from $11/Month!

Get the best performance results with the fastest WordPress hosting, where you leave all management worries on us and focus solely on your growth.

Start Today

6. Deactivate All Plugins

Sometimes poorly coded plugins can cause a 403 forbidden error on WordPress sites. Therefore, we can deactivate all our plugins and check whether the issue is resolved or not.

To deactivate your plugins:

• You must again access your WordPress files using an FTP client like FileZilla
• Go to public_html > wp-content
• Change the plugins folder name (I’ve changed it to plugins-old)

• Go back to your browser and refresh
• If the website starts working fine, then the plugins were causing the error
• Change your plugins-old folder name to plugins

• Once you’ve changed the folder name, go to the WordPress Dashboard > Plugins > Installed Plugins

• You will see that all plugins are deactivated by default
• Activate each plugin and check if your website works after activation, and you’ll find the problematic plugin

If you don’t want to mess with any files, you can also deactivate all plugins at once from the WordPress dashboard too. Just select all the plugins and then from the dropdown, select Deactivate. Finally, click on Apply.

7. Check Your Security Plugin Settings

Although I mentioned deactivating all plugins earlier and checking if the issue resolves itself, it can be a good idea also to check the settings of any security-related plugin that may be installed on your WordPress site.

For example, plugins like Wordfence or Sucuri can trigger 403 errors. If you’re using Wordfence, it can often block legitimate traffic if it detects unusual behavior.

Here’s how to check and adjust your security plugin settings:

• Log into your WordPress Admin Dashboard.

• Navigate to Wordfence > Firewall in the left sidebar.

• Click on the Blocking tab and look for any IP addresses that are listed as blocked. If your IP is listed here, click Unblock to remove it from the list.

• In the Advanced Firewall Options, add your own IP address to the allowlist. This ensures you (as an admin) are never blocked.

• If Wordfence blocks legitimate actions (such as editing content), temporarily use Learning Mode. Go to Wordfence > Firewall, set it to Learning Mode, perform the blocked actions, and then switch back to Enabled and Protecting. This helps Wordfence learn what’s safe without permanently reducing security.

• If visitors face 403 errors after multiple attempts, adjust the Brute Force Protection settings under Wordfence > Firewall. This reduces the chance of accidental blocks. By default, the lockout duration is set to 5 minutes, and the “If anyone’s requests exceed” option is set to unlimited. Consider adjusting them to reasonable values (e.g., lockout after 120 attempts per minute, with a short lockout time like 30 minutes).

Refresh your website to see if the issue is resolved. Keep in mind that this solution only applies to Wordfence. If you have some other security plugin, try adjusting different settings or contact their support if the issue is being caused from their end.

8. HotLink Protection

Hotlink protection prevents other websites from using your site images. You can use hotlink protection if you don’t want to allow Google Images, Pinterest, or any other site to display your images. Also, it helps you with site bandwidth and server resource consumption.

Sometimes, enabling hotlink protection on your CDN/hosting can trigger a 403 error if it is not set up properly. Therefore, it’s highly recommended to configure it carefully and then check the site’s status.

9. Contact Your Hosting Support

If you have performed all the above steps and are still seeing the 403 error, the last resort is to contact your hosting provider. Many managed hosting providers offer prompt help with these issues.

Cloudways has 24/7 live chat & ticket support assistance and offers cloud-based WordPress hosting starting from $11/month. So, with a host like Cloudways, you’re in good hands, even in the world of scary errors like 403.

Note: you can also check our guides to fix other errors such as the 404 error, 500 internal server error, the white screen of death, or our guide on common WordPress errors.

10. Reconfigure Ownership of the File for Proper Access

An incorrect file ownership on a Linux or VPS web hosting can trigger the 403 Forbidden error. In these environments, files, and folders can be assigned to an Owner, a Group, or both. To modify ownership, you’ll need SSH access and an SSH terminal to connect to the VPS.

To check ownership, use the SSH command:

ls -1 [file name]

The correct ownership should match your hosting account’s username. If it’s different, use the chown Linux command to modify file ownership with this syntax:

chown [owner][:group] [file name]

If you’re not comfortable using SSH, you can seek assistance from your hosting provider’s support team.

Here’s an example of how you’d change the Owner or a Group of a file:

Example — Change the Owner of a File

# chown Rehman myfile
# ls -l myfile
-rw-r--r-- 1 Rehman users 112640 Aug 2 07:10 myfile

In this example, the ownership of the file “myfile” is changed to the user “Rehman” using the chown command. After executing the command, the file’s permissions and ownership are updated, and the new ownership is displayed as “Rehman”.

The file now belongs to the user “Rehman” and the group “users”. The modification date of the file is shown as August 2 at 07:10.

Example — Change the Group Ownership of a File

$ chgrp cloudways myfile
$ ls -l myfile
-rwxrw-- 1 Rehman cloudways 12225 Aug Aug 2 07:10 myfile

In this example, the group ownership of the file “myfile” is changed to the group “cloudways” using the chgrp command.

After executing the command, the file’s permissions and group ownership are updated, and the new group ownership is displayed as “cloudways”. The file still belongs to the user “Rehman” but now belongs to the group “cloudways”. The modification date of the file is shown as August 2 at 07:10.

11. Check Your A Record for DNS Configuration

Another potential cause of the 403 Forbidden error is an incorrect domain name pointing to the wrong IP address. If your domain is not pointing to the right IP address, you may not have permission to access the site’s content.

This issue can occur if you have migrated to a new web host but forgot to update your nameservers, resulting in your domain still pointing to the previous host. In such cases, the previous host may terminate your account, triggering the 403 error status code.

To verify and resolve this, you can check the DNS records of your domain using the nslookup command in the terminal. The nslookup command is compatible with various operating systems, including Windows, Linux, and macOS.

For example, to check the A record for the domain ‘cloudways.com’, open the terminal window and enter the following command (replace ‘cloudways.com’ with your domain name):

nslookup -type=A cloudways.com

This will show you the DNS records associated with your domain and help you identify any discrepancies or misconfigurations.

12. Temporarily Disable CDN

A CDN (like Cloudflare) caches your site’s static content on servers worldwide. If the CDN caches old or invalid data, you may encounter a 403 error. Temporarily disabling it can help confirm whether it’s the cause.

Here’s how you can do this:

• Log in to your Cloudflare account.

• Go to Overview for your domain and click Pause Cloudflare on Site (lower right corner).

• Wait ~5 minutes, then check your site. If it works, the CDN is likely the issue.

• Re-enable Cloudflare after testing.

If disabling the CDN fixes the error, clear the CDN cache (e.g., “Purge Cache” in Cloudflare).

Review security settings like firewall rules or IP blocking to ensure legitimate traffic isn’t blocked, and check for misconfigurations in your CDN dashboard. This helps resolve the issue while keeping the CDN active.

Fully Managed WordPress Hosting That Autoscales

Manage your WordPress site with ease on Cloudways Autonomous. Get fast, secure hosting that scales with your traffic—all without any setup headaches.

Try Today

13. Verify IP Whitelisting

Another issue worth checking is your IP address. If your IP is blocked, both you (the site owner) and your visitors might face the 403 Forbidden error. This usually happens when the server’s security settings deny access.

Here’s how to fix it:

If you use cPanel:

• Log in to your cPanel dashboard.
• Go to Security > IP Blocker.

• Review the list of blocked IP addresses.
• If your IP or a visitor’s IP is on the list, select it and click Delete to unblock it.

If you’re a Cloudways user:

• Log in to your Cloudways Dashboard.
• Go to Security > Firewall.
• Review IP addresses that should be whitelisted.

• Or…add your IP address under Custom Rules or select your current IP from the list and whitelist it.

This ensures both site owners and visitors can access your site smoothly.

14. Scan for Malware

Sometimes, a 403 error can be caused by malware. Malicious code can mess with your site’s permissions, block access to certain files, or even redirect traffic. Running a malware scan is a good way to rule out this possibility and ensure your site is clean.

To solve this problem, you can:

Use a trusted malware scanner. Tools like Sucuri, Wordfence (for WordPress), or MalCare can scan your site for harmful code. These tools will identify any infections and help you clean them up.

Some hosting providers also offer built-in malware scanning and removal tools. For example, if you’re using Cloudways, you can subscribe to our malware protection add-on.

• Go to Application Management > Application Security > Malware Protection.

• Enable the malware scanner to run a thorough check of your files and databases.
• If any issues are found, they’ll be listed under the “Malware Detected” tab, and you can take action to resolve them.

By keeping your site free of malware, you can avoid unexpected errors like the 403 and ensure everything runs smoothly. If you’re on Cloudways, our Malware Protection add-on costs just $4 per month per application (for 1-5 apps) and provides automatic scanning to keep your site secure.

15. Review Web Server Logs

Another effective way to troubleshoot a 403 error is by checking your web server logs. These logs provide detailed insights into what’s happening behind the scenes, such as blocked requests, permission issues, or misconfigurations.

Connect to Your Server via SSH:

Most hosting providers offer SSH access. To connect to your server, use your preferred SSH client (like Terminal on Mac or PuTTY on Windows). If you’re on Cloudways, you can use the built-in SSH access from the dashboard.

Check the Error Logs:

Once connected, navigate to the logs directory. For Apache servers, you can use the following command to view the error logs:

sudo cat /var/log/apache2/error.log

If you’re using Nginx, the logs are typically located at /var/log/nginx/error.log.

Search for 403 Errors:

To quickly find 403-related entries, use the grep command:

sudo grep '403' /var/log/apache2/error.log

This will filter the logs and show only the lines containing 403 errors.

Identify the Issue:

Look for patterns or specific errors in the logs. For instance, you might find entries related to blocked IPs, restricted directories, or misconfigured permissions. These clues will help you understand what’s causing the 403 error.

Summary

Dealing with a WordPress 403 Forbidden error can be frustrating, but with the right approach, you can usually get your site back online quickly. We’ve covered several potential fixes—from simple steps like clearing your browser and site cache to more technical solutions, such as resetting file permissions, reviewing your .htaccess file, or checking server configurations.

Sometimes, the issue comes down to a security plugin blocking access or a misconfiguration on your hosting provider’s end. If that’s the case, disabling plugins one by one or contacting your host for support can help narrow down the cause.

If you found a fix that worked, drop it in the comments—it might help someone else! And if you’re stuck, feel free to ask. You can also see Cloudways vs Donweb if you are looking for one.