Sep 23, 2021
How to Fix an HTTP 401 Unauthorized Error in WordPress
If you run a WordPress site, chances are you have already encountered the 401 error at least once.
The 401 error code, also known as the 401 Unauthorized error, is an HTTP response code triggered by unauthenticated requests made to a WordPress web server.
This HTTP error code appears when the client-side web browser cannot provide valid authentication credentials required for accessing a particular website or a password-protected page. Connectivity and server configuration errors may also cause this issue.
Since there’s no standard 401 error message, many sites create a custom web page for it. However, the majority of 401 error messages are generally variations of the following:
- HTTP Error 401 Unauthorized
- Access Denied
- 401 Authorization Required
Depending on the website, the error message may recommend you make another login attempt or contact the site owner to request access to that particular page.
This article will explore different ways to fix the HTTP 401 Unauthorized error in WordPress. We will also cover the difference between the 401 error and the 403 error.
Causes of the 401 Error
Now that you know the 401 error code in WordPress let’s look at what may be causing the issue. The most common causes of the 401 authorization error are:
- Invalid URL ‒ there’s a typo in the URL, or the link is outdated.
- Plugin incompatibility ‒ often happens with security plugins that have a firewall feature.
- Theme incompatibility ‒ custom WordPress themes may contain errors that jeopardize the site’s security.
- Incorrect login credentials ‒ you entered wrong or outdated login information.
- Outdated browser cache and cookies ‒ the client-side browser lacks valid authentication credentials, prompting the server to reject web content requests.
- Server issues ‒ include, but aren’t limited to, server configuration error, access control list (ACL) encryption settings, and security measures taken by the hosting provider to prevent cyberattacks.
- IP restrictions ‒ your IP address or host may be recorded in the “deny list”. Some websites may also revoke access after reaching the request limit.
How to Fix the HTTP Error 401 Unauthorized: 9 Definitive Methods
In some cases, refreshing the web page solves this HTTP error. However, if the issue persists, refer to the following methods to fix it.
1. Check Any Errors in the URL
Mistyping or using an outdated URL can lead you to a page that no longer exists, triggering the 401 error code.
Make sure to type in the correct URL and then reload the page. If the URL comes from a link, try to find the correct version directly on the website or using a search engine.
Using an encoder and decoder tool to turn gibberish URLs into readable texts helps to improve their readability, reducing the probability of misspelled words.
Alternatively, consider using a URL shortening tool to create a custom short URL.
2. Clear Browser Cache and Cookies
Another possible cause of the HTTP 401 error code in WordPress is invalid cookies and cached files.
Whenever you visit a website, the browser stores bits of data locally to decrease page loading times. Both cookies and cached files may be corrupted or expired, clashing with the live version of the web application. This causes an error during the server’s authentication process.
In this case, clearing your web browser cache and cookies will fix the 401 error. However, keep in mind that doing so will delete part of the settings on certain websites. Also, some may load slower because the browser will need to get each page’s resource from its server.
3. Temporarily Disable WordPress Themes and Plugins
In some cases, a misconfigured or incompatible WordPress theme or plugin may cause the HTTP 401 error code. For example, security plugins generally show error codes when detecting a suspicious login activity.
Here’s how to check whether one of your plugins triggered the 401 error code:
- Go to Plugins -> Installed Plugins from your WordPress dashboard.
- Check the box at the very top to select all plugins. Choose Deactivate from the Bulk Action dropdown menu, then click Apply.
- Refresh the problematic page. If the 401 error code disappeared, it means you have a faulty plugin. Re-activate the plugins one by one, then remove the one causing the issue from your plugin directory.
If you cannot afford to replace the faulty plugin, try reaching out to its developer for assistance.
Follow these steps to verify whether it’s the theme causing the authentication error:
- Navigate to Appearance -> Themes from the WordPress dashboard.
- Activate a default WordPress theme. If you don’t have one, install the theme first.
- If doing so solves the 401 error, switch to a different theme. Your current theme may have a faulty function causing the error.
4. Flush DNS
A Domain Name System (DNS) cache contains resource records about visited websites. Your operating system stores DNS cache when visiting a site for the first time, streamlining the DNS lookup process for faster load times.
Like browsers’ cookies, corrupted or outdated DNS cached files can trigger the 401 error code. In this case, flushing the DNS cache will solve the problem.
Follow these steps to flush DNS on Windows XP and higher versions:
- Press Windows+R or right-click Start -> Run, and enter cms to open the command prompt.
- Type ipconfig /flushdns on your command prompt, then press Enter.
- If the process is successful, you will see a confirmation message like so:
Our flush DNS article specifically addresses this topic. It covers the benefits of flushing DNS cache regularly and how to do it in Microsoft Windows, Linux, and Mac OS X operating systems as well as Google Chrome.
If you’re using Google Chrome as your main browser, we recommend doing the same precautionary step. Since the web browser stores a separated DNS cache from your operating system, flushing DNS cache in Chrome will bring the same benefits ‒ including solving the 401 error.
5. Deactivate Additional Password Protection
If you implement password protection on parts of the website, disabling it can solve the HTTP 401 error code.
Most hosting providers also let users secure their website’s directory with a passcode. Hostinger users can find a tool labeled Password Protect Directories under the Other section of the hPanel dashboard. To disable the protection, delete the login credential.
6. Check Authentication Credentials
If the page that shows the HTTP 401 error code is protected by password authentication, you may have entered the wrong login information. In this case, try logging in again with the correct user ID and passcode.
Creating a new account is the only way of getting access to the page if you don’t have the required login details in the first place. Make sure to create the account using a valid email address.
7. Reset Password
Making too many failed login attempts can lead to WordPress temporarily blocking your account, therefore triggering the 401 status code. The following example is a 401 error message caused by a failed login attempt.
If you have the valid login information, try logging in again after 15-20 minutes.
Otherwise, use the Forgot Password feature at the bottom of the login form to reset the password. WordPress will send a reset link to the email address registered when creating the site. Make sure to check your spam folder as well.
Another way to reset the password is by changing it in your website database using phpMyAdmin. Most hosting providers give access to the database via the control panel.
Here’s how to change your WordPress password through phpMyAdmin in hPanel:
- Go to Databases -> phpMyAdmin from the hPanel dashboard.
- Access your WordPress database. Check our guide on how to find your WordPress database’s name in case you need assistance.
- Open the wp_users table. Click on the Edit button next to the user details you want to alter.
- Replace the value on the user_pass field with your new password, then pick the MD5 function option from the dropdown menu to encrypt it. Click Go to save the changes.
This method also works for changing the passwords of other accounts within the website as long as you have website operator privileges.
8. Inspect the WWW-Authenticate Header
While a client-side issue generally causes the HTTP 401 error, there are occasions when the problem originates from the server-side. In this case, you have to check the site’s WWW-Authenticate header for errors.
This response header determines the type of authentication method a web browser should follow to access a page’s target resource. Knowing what response the header sent and which authentication method is used will help determine the problem.
To check a WWW-Authenticate header for the cause of a 401 error, follow these steps:
- Access the page that shows the 401 status code. If you’re using Chrome, right-click and select Inspect or press Ctrl+Shift+J to open the developer console.
- Select the Network tab, then reload the page. Click on the entry with a 401 error status.
- Open the Headers tab. Find the WWW-Authenticate entry under the Response Headers section. It will show the authentication method the server enforces to provide access to the content.
- Refer to the HTTP Authentication Scheme Registry to know the page’s authentication method. In this case, the page uses the basic authentication method, meaning that it only requires standard login credentials.
9. Contact Hosting Provider
Try contacting your hosting provider if you cannot access the login area, the WordPress database, or all of the site pages that display the 401 authentication error. It may have detected suspicious activities within your site, prompting the site to disable access temporarily.
Hostinger users can contact our Customer Success team by clicking on the purple icon at the bottom right of their hosting account. Alternatively, open the Help tab to access the FAQ section or navigate to our Knowledge Base for information.
401 Error vs. 403 Error: Main Differences
The 401 error code appears when the client-side web browser fails to get resources from web servers due to a lack of or invalid authentication information.
On the other hand, the 403 Forbidden error indicates that the server receives the request but doesn’t authorize a specific part of a website.
Incorrect login details are the most common cause of the 401 error, while insufficient access levels trigger the 403 client error. For example, a membership website application will prevent users with a “visitor role” from accessing the members-only forum.
Geo-blocking is another cause of the 403 client error status response. The site server might block access from IP addresses originating from specific countries or regions.
Here are other variations of the 403 status code you may encounter on the site:
- 403 Forbidden
- Forbidden: You don’t have permission to access [directory] on this server
- Access Denied ‒ You don’t have permission to access
The HTTP 401 Unauthorized error is a response code commonly caused by invalid verification details. Invalid URL, plugin incompatibility, and outdated browser cookies and cache are the most common causes of this issue.
There are several ways to solve the Error 401 Unauthorized code:
- Check for errors in the URL.
- Clear browser cookies and cache.
- Disable WordPress plugins and themes temporarily.
- Flush DNS.
- Deactivate the extra passcode protection.
- Check verification credentials.
- Reset the WordPress password.
- Inspect the WWW-Authenticate header.
- Contact the hosting company.
We hope this article helps solve the 401 error in your WordPress website. If you have any questions about the topic, leave us a comment.