What is a 403 Forbidden Error (and How Can I Fix It)?

Error 403 forbidden message on a website

Running a website, whether it's a blog, an e-commerce store, an information landing site, or anything in between, is critical to your online presence. As with all things technology, hiccups can happen on your site, making the user experience anything but smooth.

Error messages are common problems for anyone running a site. While some of these messages are more prevalent than others and are easy to decipher, others are not. If you recently encountered a message that says "403 Forbidden: You are not authorized to access this server" and you don't know what to do, this article will provide you with easy ways to resolve it.

A 403 Forbidden error occurs when you do not have permission to access a web page or something else on a web server. The issues causing the "403 Forbidden" error are quite different and require different approaches to resolve. Some of the solutions can be implemented by both visitors and website owners, assuming the problem is with their device or local network. However, issues caused by a website configuration can be examined only by the website administrators as they require access to the backend settings.

We will start with the general solutions that anyone can try and narrow down to more specific solutions that require administrator privileges to the Website.

If you are just a visitor, be sure to try these steps:

  • Refresh the Page
  • Double Check the Address
  • Clear your browser’s cache and cookies
  • Check if you have Permission to Access the URL
  • Try Again Later
  • Contact your ISP
  • Disconnect from your VPN

If you are the website owner, most likely it's incorrect file permission on your server. This error can be triggered by a faulty plugin or a corrupt .htaccess file. As a website owner, you can check the error logs from your hosting panel as they may indicate the source of the problem. However, you may also need to contact your hosting provider to access or change certain settings on your site In most cases, you should be able to resolve the issue on your own. We recommend backing up your site in case something goes wrong and you need to restore it to an older version.

Below are the steps to fix the 403 forbidden error.

Faulty WordPress Plugins

The 403 Forbidden error can also be caused by a faulty plugin, you will have to deactivate your plugins and then reactivate them one by one.

  • Log into your cPanel
  • Scroll down to the files section and then click on File Manager.
  • Click public_html, go to the wp-content folder and locate the plugins folder.
  • Click the plugins folder and select Rename.
  • Give the folder a new name, for example, “plugins.bk”. your plugins will be automatically deactivated
    After deactivating the WordPress plugins go back to your website and reload the page if your website opens fine, it means that you have a problem with WordPress plugins.
    Your next step is to figure out which one it is.
  • Go back to your cPanel and rename the plugins folder back to “plugins”.
  • Go to the Plugins page in the WordPress dashboard and activate the plugins one by one.. Keep doing this until you can reproduce the error.
  • Once you have identified the faulty plugin, you can either replace the plugin with an alternative one or contact its developer for support.

Corrupt .htaccess File

if the user makes changes to the .htaccess file and for this reason the .htaccess file is corrupted and may affect the website. So to resolve this incorrect .htaccess file to need to edit the .htaccess file in edit mode and replace the corrupted file with the original file.

Steps to edit the .htaccess file:

  • First, you need to login to your cPanel
  • Go to the files section and then click on File Manager.
  • Select the .htaccess file and edit it(If you can't find it, go to the settings and enable the "show hidden files" option.)
  • Now you need to replace the content of your htaccess file with the content of the original htaccess and then click on the “Save Changes” button
  • You can check the WordPress code here if you do not know the content of the original .htaccess file
  • Replace the content of the .htaccess file

Wrong File Permissions

If the above two solutions failed to resolve the 403 Forbidden error, then it is very likely that the incorrect file permission is causing the 403 Forbidden error. Also, keep in mind the files and folders stored on your website have different file permissions and these file permission allows those who can access the webpage.

Note: 1. All files stored on your website have 644 file permission.
2. All folders stored on your website have 755 file permission.

If the file permissions are incorrect, the web server does not allow the user to access the Webpage then change the file permission that is defined above.
After changing all file permissions of files and folders then click on the “Ok” button to save the file permission.

Content Delivery Network (CDN)

If you continue to receive the 403 Forbidden error after following the steps above, you may have a problem with your Content Delivery Network (CDN).
It is a network of servers located in different parts of the world, with each server hosting a copy of your website. Many hosting plans come with a CDN to boost your site's performance. To see if your CDN is the cause of the error, you will need to temporarily disable it.

Verify the A Record

if your domain name points to the wrong IP address, where you are not authorized to view content, the 403 forbidden error can also occur. If you have recently transferred your site from one host to another and did not change the nameservers, your domain may still be pointing to your old web host. Once the old host deletes your account, it will cause a 403 error status code. Therefore, check that your domain name points to the correct IP address, if not, point your domain’s nameservers or A record to the correct servers.

Malware Scan

Another cause of the 403 error is malware. If your WordPress site becomes infected with malware, it may continue to inject unwanted code into the .htaccess file. This way, even if you continue to fix the file using the first method provided, the error will still persist. Scan your website for malware. There are many WordPress security plugins like Sucuri or Wordfence to do this.

Rolling Back to Recent Updates

If you recently updated the CMS itself just before the 403 Forbidden Error appeared, you might want to consider rolling back to the previous version you installed when everything was working properly. Likewise, any extensions or modules you've recently updated can also cause server-side issues, so downgrading to older versions of those can also help.

Unexpected Database Changes

Uninstalling a CMS extension does not guarantee full recovery of changes. This is especially true for WordPress extensions. These extensions have carte blanche status within an application, which gives them full access rights to the database. With this access, an extension can modify database records that do not "belong" to the extension itself. This means that it can modify records created and managed by other extensions of the same CMS.

In these scenarios, the extension may not know how to undo changes made to database records, so it will ignore those items when uninstalling. Your best course of action, assuming you're reasonably convinced that an extension is the likely culprit of the 403 forbidden error, is to open the database and manually look at the tables and records that have likely been modified by the extension.

Application Code or Scripts

If all else fails, manually debug the application by analyzing the application and server logs. Ideally, make a copy of the entire application on a local machine and perform a step-by-step debugging process. This will allow you to recreate the exact scenario where the Forbidden 403 error occurred and visualize the application code at the moment something went wrong.

You will need to contact support if none of the listed steps worked for you. Understanding the problems causing the error is crucial for fixing them in a timely manner – before the website suffers from traffic loss.