Jan 21, 2022
401 Error: 5 Ways to Troubleshoot and Fix It
HTTP 401: Unauthorized Error indicates that the request has not been processed because of lack of valid authentication credentials for the target resource. If the request already includes the correct authentication credentials, the error 401 HTTP status code indicates that authorization has been refused for those credentials.
Fortunately, in most cases, this error can be quickly resolved. In this tutorial, you will learn more about the 401 error code in more detail – including its possible causes and five methods to troubleshoot it.
|Error code||HTTP 401 Unauthorized Error|
|Error type||Commonly a client-side error|
|Error variations||HTTP Error 401 Unauthorized|
401 Unauthorized Error
Error 401 Unauthorized
401 Authorization Required
|Error causes||Incorrect URL|
Plugin or theme incompatibility
Incorrect login attempts
Outdated browser cache and cookies
Server configuration errors
In simple terms, the 401 Unauthorized is an HTTP status error, which occurs when your browser fails to gain access to a particular web page because the server received an unauthenticated request.
This may be caused by several client-side reasons, including:
- Inputting the wrong URL
- Incorrect username or password
- Outdated browser cache and cookies
For instance, this error may appear when you’re trying to gain access to restricted resources like a password-protected web page without logging in first or entering the correct authentication credentials.
Although client-side issues seem to be the most common causes of this error, sometimes it can be caused by the web server. The server might be blocking the client from accessing the requested resource on purpose, or the server’s authentication process is broken.
When the 401 Error occurs, the browser will show an error code or message instead of taking you to the actual web page.
You may see one of the following error messages indicating the same error:
- HTTP Error 401
- 401 Authorization Required
- 401 Unauthorized Error
- Access Denied
Here is a list of the different variations of the 401 error and their descriptions:
- 401.1 – the login attempt has failed.
- 401.2 – the login attempt has failed due to the server configuration.
- 401.3 – the login attempt has failed due to the ACL (Access Control List).
- 401.501 – too many requests have been generated by the client or the client has reached the maximum request limit.
- 401.502 – This error occurs when a particular client (same IP) sends multiple requests to a single web server, reaching the dynamic IP Restriction Concurrent request rate limit.
- 401.503 – the IP address of the client is included in the deny list on the server.
- 401.504 – the client’s hostname is included in the deny list on the server.
5 Methods to Troubleshoot 401 Unauthorized Error
In this section, we will go over five methods to solve the 401 Unauthorized Error.
Before you proceed with any of the methods, check if the website is down for everyone or just you. This will help determine whether the issue is local or server-side.
1. Confirm the URL Is Correct
This might sound obvious, but the 401 error code might appear if the user entered the wrong URL in the browser’s address bar.
Before you attempt the other methods, check the URL you’ve typed in. Verify whether there are any special characters or numbers you may have missed.
If you’re following a hyperlink from another website or web application, double-check if it contains typos. Sometimes, the hyperlink may be mistyped or outdated, triggering the 401 error.
To get the correct URL, try accessing the restricted resources by going to the website’s homepage and manually navigating to the problematic page. Another option is to try searching for the page on Google.
2. Clear User End Issues
We will now go over some common user end issues that may cause the 401 error and how to solve them.
The following troubleshooting steps are for users who can’t access a specific webpage when others can. However, if you are convinced that the 401 error also appears to everyone else who is trying to access the page, scroll down to method three.
Before you try the following troubleshooting steps, try reloading the page and see if that fixes the issue. Sometimes, a misloaded page can cause the 401 error code.
Clearing Browser Cache and Cookies
The browser’s cache and cookies improve the online experience, specifically with regards to loading speeds and personalization. However, in some cases, they may cause the 401 error.
Both browser’s cookies and cache are saved in your device’s internal storage. The cache saves a website’s “static assets” – data that usually doesn’t change during repeat visits. This lets the browser preload some assets of the live version of the website, shortening loading time.
For example, staying logged in on a specific website is possible thanks to cookies.
Unfortunately, the browser’s cache and cookies may become corrupted, leading to a web server authentication failure. It’s also possible that the current cache and cookies are outdated and in need of manual refreshing.
To clear your browser’s cache and cookies, simply go to your browser’s settings and find the option to clear them. If you use Google Chrome, follow these steps:
- Click the three-dotted menu icon on the top-right corner.
- Go to Settings -> Privacy and security -> Clear browsing data.
- In the Time range drop-down menu, select All time. Then, check Cookies and other site data and Cached images and files.
- Select Clear data.
Flushing DNS Cache
In addition to the browser’s cache and cookies, DNS records are also stored locally on your device.
The data in the DNS cache lets your device match URLs to their IP addresses faster for shorter loading times. However, unlike the browser’s cache and cookies, the DNS cache operates on the system level.
Although rare, a DNS error may result in the 401 HTTP status code. The DNS cache may be outdated, containing incorrect URL and IP address details.
Flushing your DNS will clear the existing DNS records of your device, forcing it to make a completely new request and re-authenticate the URLs.
Here’s how to flush your DNS cache on Windows:
- On your desktop, navigate to the search bar and type in “Command Prompt.”
- Open Command Prompt.
- Type in the command “ipconfig/flushdns” and press Enter. If successful, you will see the message “Successfully flushed the DNS Resolver Cache”.
3. Check Authentication Credentials
The 401 Unauthorized Error code may appear when you’re trying to gain access to a locked resource, such as a password-protected page, with invalid authentication credentials. As a consequence, you won’t be able to open the page.
Double-check whether you’re logged in with a valid user ID and password. If you’re sure that you have entered the details correctly, try changing the password.
If you’re having trouble accessing a password-protected WordPress site, attempt resetting your WordPress password.
4. Disable Password Protection
If you’re a webmaster trying to solve the 401 error, it’s worth temporarily disabling password protection for the problematic section of your website.
If you have enabled password protection using .htaccess and .htpasswd files, follow these steps to disable it:
- Go to your hosting account’s File Manager.
- Open the password-protected website directory.
- Find the .htaccess file that you created when you enabled the password protection in the first place. Its content should look similar to this:
AuthType Basic AuthName "Your authorization required message." AuthUserFile /path/to/.htpasswd require valid-user
- Back up the content of the .htaccess file in case you want to re-enable password protection in the future.
- Delete the .htaccess file from the directory.
- Find the secret location of the .htpasswd file, back it up, and delete it as well.
5. Troubleshoot the Code
Sometimes, the 401 error is not caused by a client-side issue – there could be a problem with the web server.
Use the following methods to verify if the issue is caused by a server error, especially if you are the website administrator of the problematic page.
Begin by checking the site’s WWW-Authenticate header for errors.
According to the IETF, a server generating a 401 (Unauthorized) response has to send a WWW-Authenticate header field containing at least one challenge applicable to the target resource.
This response header determines the authentication method the web browser should follow to access a specific page. Knowing what response the header sends and which authentication method is used will help determine the problem.
To check a WWW-Authenticate header for the cause of the 401 Unauthorized Error, follow these steps:
- Access the page that generates the 401 error code. If you’re using Chrome, right-click it and select Inspect or press Ctrl+Shift+J to open the developer console.
- Open the Network tab, then reload the page. Click on the entry with the 401 error status.
- Open the Headers tab. Find the WWW-Authenticate entry under the Response Headers section. It will show the authentication method the server enforces to provide access to the content.
- Refer to the HTTP Authentication Scheme Registry to find out the page’s authentication method. In this case, the page uses the basic authentication method, which means that it only requires standard login credentials.
Disable Plugins, Modules, and Themes
If you encounter the 401 error code as the website’s administrator, you can identify its cause by disabling the plugins, modules, and themes you have installed on your website.
Unfortunately, no matter which CMS you use – be it WordPress, Prestashop, or Magento – these additional pieces of code can cause issues on your website, including the 401 Unauthorized Error.
We’ll use WordPress as an example. If you have a WordPress site and still can access its admin dashboard, changing your theme to the default one and disabling all your plugins at the same time will be easy.
To reinstate the default theme, simply go to Appearance -> Themes and Activate the default theme.
To disable all WordPress plugins at the same time, go to Plugins -> Installed Plugins. Bulk select all the plugins, choose Deactivate from the drop-down menu and click Apply.
The process to change your design template and disable the modules should be similar with any other CMS dashboard.
However, if you don’t have access to your WordPress admin dashboard, you can disable your WordPress plugins by opening the File Manager on your hosting account and renaming the Plugins folder. Hostinger users can manage their plugins straight from hPanel.
Similarly, you can change your WordPress theme without opening the admin dashboard by making changes to files through File Manager and phpMyAdmin.
Error 401 vs. Error 403 Comparison
The 401 error code appears when the client’s web browser fails to receive resources from a web server due to a lack of or invalid authentication information.
On the other hand, the 403 Forbidden Error indicates that the server has received the request but won’t provide access to a specific part of the website.
Incorrect login details are the most common cause of the 401 error, while insufficient access levels trigger the 403 client error. An example would be a WordPress site with a membership feature preventing users with a “visitor role” from accessing the members-only content.
Geo-blocking may also result in the 403 client error status response. The web server might be restricting access to IP addresses originating from specific countries or regions.
Here are other variations of the 403 HTTP status code you may encounter:
- 403 Forbidden
- Forbidden: You don’t have permission to access [directory] on this server
- Access Denied ‒ You don’t have permission to access
Other 4xx Errors
Other than the 401 error, you may run into other 4xx status codes. If that happens, take a look at the following guides where we explain their causes and how to fix them:
The HTTP error 401 occurs when the browser’s request to the server lacks valid authentication credentials. While it’s most commonly caused by a client-side issue that is easy to fix, it can also stem from a server error.
In this guide, we’ve gone over five methods to solve the 401 Unauthorized Error code:
- Confirm the URL is correct – double-check the URL in case it’s misspelled or outdated.
- Clear user end issues – clear the browser’s cache and cookies for a possible solution. If that fails, try flushing your DNS cache.
- Check authentication credentials – make sure you’ve entered the valid username and password. If the issue persists, try resetting the password.
- Disable password protection – if you experience this issue as the website administrator, try temporarily disabling the problematic section’s password protection by deleting the .htaccess and .htpasswd files.
- Troubleshoot the code – check the WWW-Authenticate header and try disabling problematic plugins, modules, or themes.
We hope that the information in this article has helped you fix the 401 error. If you have any questions or tips, feel free to leave us a comment in the section below.