Trusted WordPress tutorials, when you need them most.
Beginner’s Guide to WordPress
WPB Cup
25 Million+
Websites using our plugins
16+
Years of WordPress experience
3000+
WordPress tutorials
by experts

How to Fix the 403 Forbidden Error in WordPress

Editorial Note: We earn a commission from partner links on WPBeginner. Commissions do not affect our editors' opinions or evaluations. Learn more about Editorial Process.

Are you dealing with the 403 Forbidden error on your WordPress site?

403 Forbidden error is one of the most annoying errors that a WordPress website owner can encounter. It may stop you from accessing your WordPress admin area and/or specific pages on your website.

In this article, we will show you how to easily fix the 403 Forbidden error in WordPress.

Fixing 403 Forbidden error in WordPress

What Is the 403 Forbidden Error in WordPress?

The 403 Forbidden error code is shown when your server permissions don’t allow access to a specific page on your WordPress website.

This error is usually accompanied by the text:

403 Forbidden – You don’t have permission to access ‘/’ on this server.

Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request.

Here’s an example of what it looks like:

403 Forbidden status code shown on a WordPress site

There are different scenarios when you might see this error. For example:

You may also see ‘Access Denied’ instead of the full 403 Forbidden status. Alternatively, the message might say, ‘Access to yourdomain.com was denied. You don’t have authorization to view this page.’

For more explanation about WordPress error codes, you can see our list of the most common WordPress errors and how to fix them.

Now that you know about the different types of 403 errors, let’s talk about their causes.

What Causes the 403 Forbidden Error in WordPress?

The 403 Forbidden error code appears when your server doesn’t permit access to a specific page. There are several causes that can make this happen.

One common cause for the 403 Forbidden error in WordPress is poorly configured security plugins. Many WordPress security plugins can block an IP address (or a whole range of IP addresses) if they believe them to be malicious.

Another possible cause could be a corrupt .htaccess file or incorrect file permissions on your server.

Your WordPress hosting company can sometimes make accidental changes to their server settings. This may result in a 403 Forbidden error on your site.

Having said that, let’s take a look at how to fix the 403 forbidden error in WordPress.

Note: Before you do anything, we recommend creating a complete WordPress backup of your website. You can check out our guide on how to back up your WordPress site.

If you are using an automatic WordPress backup plugin, then make sure that you have access to the latest backup before moving forward.

You can use these quick links if you want to skip to a specific method:

Video Tutorial

Subscribe to WPBeginner

If you prefer written instructions, then just continue reading.

Method 1: Deactivate Your Plugins Temporarily

The first thing you need to do is see if one of your WordPress plugins is causing the 403 forbidden error. To do this, you need to temporarily deactivate all WordPress plugins. This includes any security plugins that you may have installed on your site.

Bulk deactivate all WordPress plugins

If this resolves your problem, then this means one of the plugins on your website was causing this error.

You can figure out which plugin was causing the error by activating all your plugins one at a time until you reproduce the 403 Forbidden error. Then, you will need to delete the problem plugin and look for an alternative or contact the developers for support.

If this method doesn’t work, then just continue reading.

Method 2: Regenerate Your .htaccess File

Often, the 403 forbidden error is caused by a corrupt .htaccess file in your WordPress site. The good news is that fixing this file is quite easy.

First, you need to connect to your website using an FTP client like FileZilla or the File Manager app in cPanel.

Next, find the .htaccess file in the root folder of your WordPress site. See this guide if you can’t find the .htaccess file in Your WordPress folder.

You will need to download the .htaccess file to your computer so that you have a fresh backup of it. After that, simply delete the file from your server. Don’t worry, your WordPress will still be able to work.

Delete .htaccess file from your WordPress site

Now, try accessing your website. If the 403 forbidden error is resolved, then this means that your .htaccess file was corrupt.

You can generate a fresh .htaccess file by logging in to your WordPress admin area and going to the Settings » Permalinks page.

Regenerating .htaccess file in WordPress

Simply click on the ‘Save Changes’ button at the bottom of the page, and WordPress will generate a new .htaccess file.

Method 3: Correct Your File Permissions

If the other solutions have not fixed the 403 forbidden error on your site, then incorrect file permissions are the most likely cause.

All files stored on your website have file permissions. These file permissions control who can access the files and folders on your WordPress website.

Incorrect file permissions can cause the 403 forbidden error. They make your web server think that you do not have permission to access those files.

You can ask your WordPress hosting provider to check your website for correct file permissions. Some hosts are very supportive, so they won’t mind and will probably fix that for you.

Changing file permissions yourself can have serious consequences. If you do not feel confident doing it yourself, it’s best to ask a fellow WordPress website owner for help or hire a professional.

However, if you want to do it yourself, then here is how to check your file permissions.

Simply connect to your WordPress site using an FTP client. Navigate to the root folder containing all your WordPress files.

Checking file permissions

Click to select a folder, right-click it, and then select ‘File permissions’ from the menu.

Your FTP client will show you a file permissions dialog box like this:

Changing file permissions using FTP

All folders on your WordPress site should have a file permission of 744 or 755.

Meanwhile, all files on your WordPress site should have a file permission of 644 or 640.

You can set the file permission for the root folder to 744 or 755. You also need to check the box next to ‘Recurse into subdirectories’ and then check the option that says ‘apply to directories only’.

Simply click on the ‘OK’ button. Your FTP client will now start setting permissions for all subdirectories in that folder.

Once it is done, you need to repeat the process for all the files. This time, you will use file permission of 644 or 640, and don’t forget to select the ‘Recurse into subdirectories’ and Apply to files only’ options.

Click on the ‘OK’ button, and your FTP client will start setting file permissions for all the selected files.

Try accessing your website now and see if the 403 forbidden error has gone.

Method 4: Clear Your Cache and Cookies

Sometimes a simple fix can be the most effective. Clearing your browser cache and cookies, as well as your WordPress cache if you’re using a caching plugin, can resolve the 403 forbidden error.

Just like how your computer stores temporary files to speed up loading times, your browser also caches website data. If this data becomes corrupted, it might cause compatibility issues and lead to the 403 error.

Similarly, a corrupted cache generated by a plugin can also lead to the server misinterpreting requests.

Some caching plugins also offer advanced settings that allow you to restrict access to specific pages or user roles. If these settings are accidentally misconfigured, they could unintentionally block access to certain parts of your website.

To clear your browser cache, you can follow the instructions in our article on how to clear cache in major browsers.

If you’re using a WordPress caching plugin, you can read our guide on how to clear WordPress cache and consult the plugin’s documentation.

Method 5: Temporarily Disable CDN (Content Delivery Network)

If you’re using a Content Delivery Network (CDN) to improve website performance, it’s possible that it might be interfering and causing the 403 forbidden error.

A CDN acts as a middleman between your website’s server and visitors, serving cached content from geographically distributed locations for faster loading times.

To see if your CDN is the culprit, you can disable your CDN temporarily. Then, test your website to see if the error disappears.

If disabling the CDN resolves the error, you’ll need to contact your CDN provider’s support team for further troubleshooting.

Method 6: Check for Malware

Malicious software can cause a variety of issues including the 403 forbidden error. It can interfere with file permissions, inject malicious code, or disrupt communication between your website and server.

To see if there’s malware on your website, we recommend scanning your website using a security plugin or a service offered by your WordPress hosting provider.

Many reputable security plugins offer malware-scanning features, and you can usually remove these malicious files in one click.

Learn More Ways to Solve Common WordPress Errors

Having other problems with WordPress? Perhaps one of these guides can help you solve the issue:

We hope this article helped you fix the 403 forbidden error in WordPress. You may also want to see our list of the most common block editor problems and must-have WordPress plugins to grow your website.

If you liked this article, then please subscribe to our YouTube Channel for WordPress video tutorials. You can also find us on Twitter and Facebook.

Disclosure: Our content is reader-supported. This means if you click on some of our links, then we may earn a commission. See how WPBeginner is funded, why it matters, and how you can support us. Here's our editorial process.

Editorial Staff

Editorial Staff at WPBeginner is a team of WordPress experts led by Syed Balkhi with over 16 years of experience in WordPress, Web Hosting, eCommerce, SEO, and Marketing. Started in 2009, WPBeginner is now the largest free WordPress resource site in the industry and is often referred to as the Wikipedia for WordPress.

The Ultimate WordPress Toolkit

Get FREE access to our toolkit - a collection of WordPress related products and resources that every professional should have!

Reader Interactions

163 CommentsLeave a Reply

  1. Syed Balkhi says

    Hey WPBeginner readers,
    Did you know you can win exciting prizes by commenting on WPBeginner?
    Every month, our top blog commenters will win HUGE rewards, including premium WordPress plugin licenses and cash prizes.
    You can get more details about the contest from here.
    Start sharing your thoughts below to stand a chance to win!

  2. Gary Parker says

    None of these fix my problem as it is one page and the only way i could fix it was to rename the permalink, The page in trouble is https://example.com/blog/ and the only way i could fix it was to change it to /blog2/, any ideas?

  3. Michael says

    Please somebody help me. I have two websites on the same host. I just added a third addon domain recently and installed wordpress to it through the softaculous installer.

    The problem is not from wordpress, and other websites on the same host is accessible.

    Please help.

  4. Andreas Johansson says

    I hade one page Forbiden 403 and tryied all the steps. And now i dont have permission to login wp-admin on my site? :-(

  5. Juliet Julius says

    Thank you so much for this article. My problem was a corrupted htaccess file. My website is now working fine.

  6. Aleli Sanchez Mendez says

    I still having this problem. I tried all the steps. The problem began when I installed the WooCommerce plugin in my WordPress Site. Now in my wordpress y receive a 403 Forbidden and in my other site, without wordpress i recieived a 502 Bad Gateway error.

    Please someone can help me?

  7. Scott Munson says

    I discovered – after all else failed and many hours spent, that at one time (but no longer) I used Bullet Proof security. It left a stray .htaccess file in my wp-admin folder – THAT, was causing the 403 error for me. ARGH!

  8. JU says

    There has to be a fourth step. None of these steps applied. The plugins weren’t the cause. The .htaccess file wasn’t the cause. All the permissions in all files and folders are set to the correct numerical values. :(

  9. Sendhil Kumar S K says

    Hi Friends, One Easy step will make You free from the existing problem.

    1. Go to CPanel of Your Domain

    2. Click to Expand public_html folder present at the extreme left of the screen.

    3. Double click on wp folder present on the write side of the screen

    4. Copy All files & Folders inside the wp folder

    5. Move all the files & folders inside the wp folder to UP ONE LEVEL

    6. Now All files & Folders are out of WP folder, hence WP folder is empty, come one level up & delete the empty WP folder

    7. Now go to browser & type your domain_name.com, PERFEFETLY it will be WORKING

    All the Best…if you have doubts regarding this mail me to

    Also if time permits visit my site
    Thank You All

  10. Sergio Casabona says

    Hi, there! Thanks for this article!
    I got this error, so I access with my ftp and deleted .htaccess file. I’m now able to access my dashboard. But when I go to settings and save again as you say, the error 403 comes back. What can I do?
    Thank you, guys!

  11. Josh Allen says

    What if I had a dedicated server, and its happening to all 43 of my sites…I just did some kind of WHM update on Bluehost, then it happened….Ive been waiting for an hour to talk to bluehost.

    • Ronald says

      Josh –

      I had a similar thing happening to me here. “All of a sudden” none of my sites worked anymore.

      I am hosting the sites on my own MacMini, running OS-X Server. After a night of trouble-shooting, I eventually found out that the root cause was me enabling the FTP server in OS-X Server. In there, I set folder permissions for the website root folder for “Everyone Else” to “None” (seemed a bit tricky to give everyone Read access to my sites!). Apparently one is also blocking the _www user access to the websites then…

      After I changed this back to “Read Only”, my sites started working again… Pffff.

      I’m now looking for a permanent solution, which is not: “Close my firewall for FTP traffic.

      Hope this helps,
      Ronald

  12. Krishna Patel says

    This post saved my life! I can’t thank you enough for this helpful information but.. thanks a million :)

  13. shah faisal says

    You don’t have permission to access /loading.php on this server.
    Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request

  14. gab says

    I am getting the 403 error for my page and cannot even login into WordPress because of it… I don’t know how to fix it and don’t see anyone with the same issue.

  15. Reshan says

    Hi. My WordPress is handled by the hosting company itself. So I dont have root access. How can I solve this problem?

  16. Yves says

    Same problem here, and ftp same result… checked in Cpanel and noticed my maindir permissions was 0000 , changed to 0755 and was fixed

  17. Mimi says

    In my case, I had my website for 4 years and all of a sudden today I got this error although I did not touch the files or change any permissions. I logged into the control panel and noticed that for some reason the index.php file was missing from the WordPress root folder. I downloaded a new copy of WordPress and copied the index.php file on to the root folder of my WordPress website and the website came back!
    So perhaps if anyone is getting the same error, please double check that you have an index.php or index.html file. I hope that helps.

    • justin says

      Ditto…no idea why/how but the index.php disappeared while I was working on a project…I was saved a load of hassle by an automatic backup where the index still existed.

    • Nick says

      Thanks Mimi! This worked for me while the solutions in the article didn’t. In my case, the index.php file wasn’t actually missing but when I replaced the one that was there with a fresh one the site started working again so I guess it was corrupted or had some kind of other problem.

      My specific error message did also mention the index.php file so that also makes sense:

      Forbidden
      You don’t have permission to access /index.php on this server.

      Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request.

    • Edgar says

      Nothing worked for me until I added “Options +FollowSymLinks” (without the quotes) above “RewriteEngine On”.

  18. Doni says

    I did all three possible causing 403 error fixing that you informed but it still produced the error. By the way i wanted to edit footer template but when i saved / updated file it produced “403 Forbidden Access to this resource on the server is denied!”

    • Mimi says

      This is a reply to your comment on wpbegginer.com (comment quoted below)
      I am not sure if you were able to resolve your problem but I would like to let you know that I got the same error today and I found that the problem was a missing index.php file from the root folder of my website.

      ———————————————————————–
      “I did all three possible causing 403 error fixing that you informed but it still produced the error. By the way i wanted to edit footer template but when i saved / updated file it produced “403 Forbidden Access to this resource on the server is denied!””

  19. Alexandra says

    Hello,

    I need help, while trying install wordpress with mamp, after i did everything what i supposed to do, it showed me this error :
    ‘Forbidden

    You don’t have permission to access /mysite on this server.
    Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request.’

    Please help me!

  20. Vasil says

    Hello guys.

    Forbidden

    You don’t have permission to access /shop/ on this server.

    I’ve tried everything and doesn’t work.
    if someone can help would be great thank you.

  21. KimD says

    Thanks. Great article. To fix my problem I had to do a slight variant on what was written. When I looked I found that I had two htaccess files, one in the root directory and another in the wp-admin directory. I regained access to my site by renaming the htaccess file in the wp-admin directory.

  22. Kingsley Felix says

    Hello;

    Mine happens when i want to save changes of an article by a deleted admin user

  23. Steve says

    I have a user who is getting the following 403 when he tries to leave a comment:

    403 Forbidden Error Page

    If you arrived here due to a search or clicking on a link click your Browser’s back button to return to the previous page. Thank you.

    IP Address: xxx.xx.xx.xx” (his actual IP address shows up here)

    What could be wrong?

  24. Omotayo Adeoye says

    Hi,
    I get a ‘Forbidden’ on the wp-admin page of my website. It doesn’t say error 403 – forbidden; it just says forbidden”.

    I have re-installed wordpress, checked file permissions, checked htpaccess, deactivated all plugins etc. yet it doesn’t work.

    Pls what can i do!

    Thanks a lot.

  25. Ricardo says

    Hi! When I share my website link to facebook, the title is 403 Forbidden. Directly on my website I didn’t saw any kind of 403 forbidden message. I tried a lot of advises I found, as removing .htaccess file, desactivating all the plugins and also checked permissions. I tried to debug at facebook debugger, but the informations doesn’t change. Anyone can help me to fix this problem?

  26. Javier Gomez says

    I have many errors 403 with my images, I will take your advice thanks for the information

    An apology for my bad english

  27. Christopher Sowerby says

    Hi. my problem is that i can logout from the backend dashboard but i cant logout from the front end (using the bar at the top).

    It seems that the nonce in the logout url is different when on the backend. Do you know why this could be? i have cleared everything out of my functions.php but it still happens.

  28. Rameez Ramzan says

    Hi,

    I am newbie in WordPress and Currently I am facing some problem while login WordPress Dashboard.
    It’s showing 403 forbidden errors while login but on the other side my friend open similar site on their internet then its working correctly. Kindly let me know

    Thanks,

  29. Erik Kubica says

    I have similar issue, as a company on our dev server we are running much wordpress sites where to only 1 WP site i started to get 403 and only on wp-admin. 2 Days before i have lived elsewhere when it worked.

    foo.bar/somewebsite/* -> 200 OK
    foo.bar/somewebsite/wp-admin -> rediret to wp-login.php -> 403 err

    foo.bar/somewebsite2/* -> 200 OK
    foo.bar/somewebsite2/wp-admin -> rediret -> 200 OK

    Ftp to foo.bar is ok, ssh to foo.bar is ok.

    On “somewebsite” the WP admin is blocked only for me (all browsers, all existing incognito modes, all cache cleared incl. cookies….). For all people i have asked to try it worked without any problems.

    There is nothing wrong with htaccess, wordfence was disabled from ftp (also checked the DB if there is any ban to my IP). checked the main apache2 access log over ssh where i see the 403 record.

    Any idea what can be wrong?

  30. Vinish Chaudhary says

    Forbidden

    You don’t have permission to access / on this server.

    Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request.

    and none of above method work on this error my cpanel not showing. I read the whole article
    plz, help me solve this.
    thanks

  31. Dewlance says

    Uhh! WordPress wp-admin 403 error is really time killing.

    I try your all tricks but still getting a error. Going to change wp-admin folder with fresh files of wp-admin files.

    Maybe it will help me or other option is apache configuration or poorly mod_security configuration.

  32. Greg says

    We work with WordPress everyday and recently encountered the 403 error. It was the file permissions and htaccess file that was reconfigured due to one of the security plugins. Your post on the matter was very helpful. Thanks for taking the time to post it.

  33. zulfiqar ali says

    dear sir my site name is my site give me error like

    Forbidden

    You don’t have permission to access / on this server.

    Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request.

    and non of above method work on this error my cpane not showing any files in file explorer and also not connecting via FTP client.. i read whole article
    plz help me solve this..
    thanks

  34. Oliver says

    Hi, we have also been experiencing a 403 error. It first started happening when I tried to update the wp-core to 4.5. Ever since we get a 403 about once a day. I have done everything that I can think of to rectify the issue; reverted to a back-up of the site previous to the update; deactivated all plugins; checked file permissions; contacted hosts to see if our IP addresses were blacklisted; deleted .htaccess; changed theme to default 2016 the only thing that works when getting a 403 is to turn off the router wait for the IP to change and then we can access again. So it would seem to be an IP issue but I cannot find where this is IP blockage is.

    Does anybody know of any other place where an IP blacklist maybe?

    Thanks.

  35. Barbara Puchala says

    We just had this error. A outside web designer was creating a WordPress site for us and kept getting the 403 error.
    Turns out our hosting company, as part of its security measures, has its servers block any attempt to sign in with the user name ‘Admin’. I know, you would think he would know better. A change to the user name was all that was needed.

  36. george says

    your typo
    [due to a poorly configured security plugins]
    due to a poorly configured security plugin

Leave a Reply to Christopher Sowerby Cancel reply

Thanks for choosing to leave a comment. Please keep in mind that all comments are moderated according to our comment policy, and your email address will NOT be published. Please Do NOT use keywords in the name field. Let's have a personal and meaningful conversation.