How to Fix the 403 Forbidden Error in 2024 (10 Effective Methods)
The 403 Forbidden error is one of the many issues website owners face. This error typically occurs when a site tries to prevent unauthorized access to sensitive files due to an empty website directory or permission issues.
Encountering the 403 Forbidden error can be frustrating. To help you troubleshoot this issue, this guide will explain the 403 error, its causes, and ten effective ways to resolve it. You’ll be able to fix the error and regain access to the website in no time.
Download Comprehensive HTTP Status Codes Cheat Sheet
| Error code | 403 Forbidden Error |
| Error type | Client-side error |
| Error variations | Forbidden: You don’t have permission to access [directory] on this server HTTP Error 403 – Forbidden Error 403 – Forbidden 403 Forbidden request forbidden by administrative rules 403 Forbidden Access Denied – You don’t have permission to access Error 403 HTTP 403 Forbidden |
| Error causes | Access misconfiguration Corrupt .htaccess file Missing index page Broken WordPress plugin Wrong IP address Malware infection New web page link |
What Is the 403 Forbidden Error?
The 403 Forbidden error is an issue that occurs when a web server receives a request but refuses to provide access to the resource. It’s a standardized HTTP status code that means the web server understands the request but cannot grant access due to authorization issues.
What Causes the 403 Forbidden Error?
The HTTP 403 Forbidden error is often caused by access misconfigurations on the client side, so users can usually resolve the issue on their own.
A common cause of this HTTP status code is an issue with file and folder permission settings, which dictate who can read, write, and execute files and folders.
In such cases, there are typically two possibilities: either the website owner modified the settings to prevent directory browsing, or they failed to set the correct permissions.
Another common cause for this HTTP response code is a corrupt or misconfigured .htaccess file. If this is the case, the 403 Forbidden error usually appears after making changes to .htaccess. Usually, users can resolve this by creating a new .htaccess file or correcting its settings.
Beyond the common causes, here are other possible triggers for the 403 Forbidden error:
- Missing index page – the website’s homepage isn’t named index.html or index.php.
- Problematic WordPress plugin – if a WordPress plugin isn’t configured correctly or is incompatible with another plugin, it may trigger 403 errors.
- Incorrect IP address – the domain name may be pointing to an incorrect or outdated IP address that now hosts a website that blocks your access.
- Malware infection – malware can continuously corrupt the .htaccess file. Removing the malware is necessary before restoring the file.
- New web page link – the site owner may have updated the page’s link, causing it to differ from the cached version.
Learn How to Fix the 403 Forbidden Error With Hostinger Academy
Watch this video to quickly learn about how to fix the 403 Forbidden error and its most common causes.
How to Fix the 403 Forbidden Error
In this section, we’ll guide you through eight effective methods to fix the 403 Forbidden error and regain access to your website.
Since file permissions and ownership issues commonly cause HTTP 403 Forbidden, it will be our primary focus when troubleshooting this error. However, we will first explore some quick possible fixes, such as clearing the browser cache or scanning for malware.
Note that while the following methods primarily address WordPress websites, they also apply to other platforms.
1. Use Hostinger AI Troubleshooter
Hostinger has a built-in AI Troubleshooter on hPanel that can help you find the root cause of the 403 Forbidden error. This tool works for WordPress websites and will suggest actions to resolve the error. Here are the steps to use the AI Troubleshooter:
- Open your hPanel and navigate to WordPress → AI Troubleshooter (beta).
- If the tool identifies the error on your WordPress site, it will automatically analyze your site. You can also see the details of when is the issue first detected.
- After the check, the tool will provide you with the suggested action. For example, if the wrong file permissions cause the 403 error, it will suggest you reset the permissions.
- Click the Fix my website button to initiate the corrective action.
- The tool will give you a confirmation message when it has fixed the website. Visit your site to check if the error is resolved. If not, you can click the Try another solution button to let the AI work out another solution.
2. Clear Your Browser Cache and Cookies
The purpose of the cache is to speed up website loading on future visits. However, if the link changes, it can cause a mismatch with the cached version and trigger an error.
Another potential cause is an issue with browser cookies. It’s possible to suddenly encounter the 403 Forbidden error on a website you log into regularly.
Clearing your browser’s cache and cookies can sometimes resolve this issue. This forces the browser to re-request all the site files and log you out from all websites.
Follow these steps to clear cache and cookies on Google Chrome:
- Click on the three-dot icon in the top right corner and select Settings.
- Locate Privacy and security → Clear browsing data.
- Use the drop-down menu to choose the time range. We recommend choosing All time. Then, select Cookies and other site data and Cached images and files.
- Click Clear data.
After completing these steps, try revisiting and logging into the website to see if the error is solved.
3. Scan for Malware
If your WordPress site is infected with malware, it can continuously inject unwanted code into the .htaccess file, causing the 403 Forbidden error. Therefore, the error will persist even if you try to fix the .htaccess file.
If you host your website with Hostinger, you can remove malware in WordPress using our malware scanner. This automated tool can scan your websites for harmful or compromised files.
To access it via hPanel, navigate to Security → Malware Scanner.
If no malware was found, this section will display your hosting plan’s name and the time since the last scan.
If suspicious files are found, the malware scanner will show a summary of detected and cleaned malware in the period of time.
Alternatively, use a WordPress malware scanner plugin to identify malicious software on your website. Numerous WordPress plugins offer this feature, such as Sucuri and Wordfence.
Wordfence can scan your website, identify all infected files, and give you actionable options such as deleting or restoring them.
If the 403 error persists yet your website is confirmed malware-free, proceed to the next method.
4. Check the .htaccess File
.htaccess is a server configuration file that primarily works by altering Apache Web Server settings. It is located in your website’s public_html directory.
For Hostinger customers, follow these steps to locate and create a new .htaccess file in hPanel. If you’re using cPanel, the steps should be similar:
- Find the File Manager on the hPanel dashboard.
- Open the public_html directory to find the .htaccess file
- Right-click on the .htaccess file and select Download to create a backup.
- After downloading the backup, delete the current .htaccess file in File Manager.
- Create a new server configuration file by clicking New file and naming it .htaccess without any extensions.
- Copy the following code to the fresh file, then save it.
# Enable URL Rewriting
RewriteEngine On
# Rewrite rule to redirect requests to index.php
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ index.php?/$1 [L]
Alternatively, follow these steps for WordPress websites:
- Log in to your WordPress dashboard and select Settings → Permalinks.
- Click the Save Changes button at the bottom of the page without making any changes. It will generate a new .htaccess file for WordPress sites.
Try to access your web address again. If the 403 Forbidden error disappears, it means the .htaccess server configuration file was corrupted.
5. Reset File and Directory Permissions
Websites come with unique file permissions that control how users can read, write, and execute data. If misconfigured, it can cause HTTP 403 errors.
If you use Hostinger, a helpful hPanel tool lets you fix file permission issues with a single click:
- Open hPanel and go to Websites → Manage.
- Enter “Fix File Ownership” in the search bar and select it.
- Select the checkbox and click Execute. The tool will automatically assign default permissions to all website files and folders.
Alternatively, configure an FTP client like FileZilla to manually reset file and folder permissions. Follow these steps:
- Make sure FileZilla is connected to your website.
- Right-click on the public_html directory and select File Attributes.
- In the Numeric value field, enter 755. Select Apply to directories only, and click OK.
- After changing directory permissions, repeat steps 2 and 3, but this time, enter 644 in the Numeric value field and select Apply to files only.
After fixing file permissions, try accessing your website to check if the error message persists.
6. Disable WordPress Plugins
If the previous methods don’t work, it’s time to check whether an incompatible or problematic WordPress plugin is causing the 403 Forbidden error.
We recommend disabling all plugins at once before deactivating them individually. This will help identify the problem and guide you toward the appropriate solution. Here are the steps to follow:
- Access your website’s directories via FTP or File Manager.
- Navigate to public_html → wp-content.
- Find the plugins folder.
- To disable all plugins in the folder, rename it to disabled-plugins. Now, try accessing your website. If the error no longer appears, a problematic plugin is the root cause of the issue.
- Revert the folder’s name to plugins to re-enable all plugins.
- Disable the plugins one by one from your WordPress dashboard and check if the site functions correctly. This step will help pinpoint the faulty plugin.
- Once identified, update the plugin or consider deleting it to fix the issue.
7. Upload an Index Page
Check your website’s homepage name – it should be named index.html or index.php.
If not, you have two possible fixes. The simplest method is to rename the homepage as index.html or index.php via FTP or File Manager.
If you prefer not to rename the homepage, the alternative is to upload an index page to your public_html directory and create a redirect to your existing homepage. Follow these steps:
- Access your website files using File Manager or an FTP client.
- Upload a new file named index.html or index.php to your public_html directory.
- Open the .htaccess file.
- Insert the following code snippet to redirect index.php or index.html to your existing homepage. Be sure to replace homepage.html with the actual name of your page.
Redirect /index.html /homepage.html
After configuring web server settings, try to access your website’s homepage to see if the problem is resolved.
8. Edit File Ownership
Incorrect file ownership can trigger the 403 Forbidden error, particularly in Linux-based computers or VPS hosting. If you’re using a VPS with SSH access, you can modify file ownership by connecting your VPS to an SSH terminal emulator like PuTTY.
Once connected, check the ownership using the following SSH command:
ls -l [file name]
The result will resemble the following:
-rwxrw-rw- 1 [owner][group] 22 Sep 22 10:00 filename.txt
Pay attention to the owner and group sections. The correct ownership should match your hosting account’s username. If not, utilize the chown Linux command to adjust file ownership.
Here’s the basic syntax for the chown command:
chown [owner][:group] [file name]
For example, if your username is John, you would use the command below:
chown John filename.txt
9. Verify the A Record
The 403 Forbidden error can happen when your domain name points to an incorrect IP address, denying you access even with valid credentials. To prevent this, make sure that your domain name points to the correct IP address.
For Hostinger customers, follow these steps to check if the domain A record is pointed correctly:
- From the hPanel dashboard, navigate to the Advanced section and click on DNS Zone Editor.
- You will find a list of DNS records. Locate the A records by scanning the Type column.
- Examine the IP addresses in the Content column.
- If it’s pointing to the wrong IP address, click Edit to modify it. Once you’re done, click Update.
If you can’t locate the correct record, create a new one in the Manage DNS Records section. Select A as the Type and input the valid IP address in the Points to field. Then, click Add Record.
10. Update Nameservers
If you’ve recently migrated from one hosting provider to another and forgot to update your nameservers, your domain may still be pointing to your old host. Once the old host cancels your account, it can lead to a 403 error status code.
To resolve this, you must quickly update your domain’s nameservers so that it points to the new hosting provider’s server.
403 Forbidden Error Prevention and Best Practices
Preventing the 403 Forbidden error ensures a smooth operating website. Implement the following best practices to minimize the risk of encountering this error code in the future.
Perform Regular Security Audits
Regular security audits are fundamental for maintaining a secure website. They help you identify vulnerabilities and address potential issues before they lead to the 403 Forbidden error or other security issues.
Security audit usually includes reviewing file and folder access permissions, access controls, server configurations, and the status of security plugins.
Configure your file and directory access rights properly and set up a strong authentication system. Moreover, keep an eye on your .htaccess server configuration file to ensure it’s safe from unauthorized changes.
Document Access Controls and Permission Settings
Access control documentation involves maintaining records of website access and permissions. Keep an up-to-date list of user roles with clearly defined permissions, including administrators, editors, contributors, and subscribers.
Furthermore, document the permission settings for files, directories, and plugins. It includes specifying who can read, write, and execute these resources.
By documenting access controls and permissions, you ensure that only authorized individuals have access to sensitive areas of your site, helping prevent 403 and other errors.
Keep the Web Server Software and Applications Up to Date
Web application maintenance involves regularly updating your website’s software, including your web server, content management system (CMS), plugins, and other applications.
Web servers – Apache, NGINX, or LiteSpeed – is the backbone of your website’s functionality. Updating website server software to the latest stable version is crucial for security and performance.
Keeping your CMS, plugins, and applications up to date is equally important. Outdated applications can introduce vulnerabilities and compatibility issues, possibly leading to the 403 Forbidden error.
Troubleshooting Other 4xx Errors
How to Fix a 400 Bad Request Error
How to Fix 401 Unauthorized Error?
How to Fix 413 Entity Too Large Error?
How to Fix 404 Not Found Error?
How to Fix HTTP Error 405
How to Fix 429 Too Many Requests Error?
HTTP Error 431: 3 Ways to Fix Request Header Fields Too Large
Conclusion
Encountering the 403 Forbidden error can be frustrating as it disrupts your website’s functionality. Luckily, this comprehensive guide has equipped you with the knowledge and solutions needed to overcome the issue also known as the 403 Access Denied error.
Several causes, such as incorrect file permissions, a corrupted .htaccess file, a missing index file, faulty plugins, IP blocking errors, or malware infection, can trigger this HTTP error.
To recap, here are ten effective methods you can use to resolve the 403 error:
- Use Hostinger AI Troubleshooter
- Clear the web browser cache.
- Scan and remove any malware.
- Check the .htaccess file.
- Restore the site’s file permissions.
- Disable WordPress plugins.
- Upload an index page.
- Modify file ownership.
- Verify the A record.
- Update nameservers
Prevention and proactivity is key. To avoid encountering this error in the future, conduct regular security audits, document access controls, and keep web server software up-to-date.
The 403 status code is just one of many client-side errors you may encounter. We recommend that you continue learning about these errors to understand how to handle them should they appear on your website.
403 Forbidden Error FAQ
This section will answer the most common questions about the 403 Forbidden error.
Can a 403 Error Be Caused by Incorrect File Permissions?
Yes. When file and directory permissions are misconfigured, certain websites block access to particular resources, resulting in an authentication failure that prevents users from viewing or accessing specific files or directories. Configuring the ideal file permissions is essential to avoid the 403 error.
Can Server Misconfigurations Cause a 403 Error?
Yes. Misconfigured web servers may restrict access to certain resources, resulting in a 403 Forbidden error. Common misconfigurations include .htaccess file issues or server settings that prevent users from accessing specific web content.
Is It Possible to Customize the 403 Error Page?
Yes. Website administrators can create a custom error page to offer a more user-friendly and informative message when a 403 Forbidden error occurs. This approach can also provide specific instructions to resolve this permission error.
Ariffud is a Technical Content Writer with an educational background in Informatics. He has extensive expertise in Linux and VPS, authoring over 200 articles on server management and web development. Follow him on LinkedIn.
Comments
March 04 2019
Thanks for the post. The fix for me was one of the plugins that was causing it.
August 30 2019
oh, very helpful!!! thanks!
April 21 2020
FINALLY!! After going through and checking Cloudflare security settings, Sucuri firewalls, Wordfence IPs, deleting/disabling ALL plugins, checking web server resources and a whole lot more 'fixes' that so many others have recommended ... simply deleting the .htaccess file did the trick. Thank you so much for a great resource!
March 01 2022
I have a problem of my website, last few month , 15days gap, a file downloaded instead of opening my site, everytime I change .htaccess file, change version of php, then open my site, but why this happen everytime, what is the permanent solution?
March 01 2022
Hi there, it looks like your website might be hacked - I would suggest to contact your host and check out this guide on how to fix a hacked website if necessary.
May 13 2020
Thank you, this was very helpful!
June 11 2020
I am so happy this worked and I did not contact anyone from support. * THE MORE YOU KNOW*
July 05 2020
Thanks. This has cured the error on my site. You might want to add to the article that it can take quite some time for the Permissions to change. So far mine are still going and taking over half an hour.
July 07 2020
Happy to help, Bernie! :) If your changes take a while to reflect, try clearing your browser cache. We have a tutorial for that here.
August 06 2020
good
August 21 2020
Just I can say Thank thank and thank you this was very helpful You are perfect
August 25 2020
You are very welcome, Reza! Thank you for your kind words!
August 22 2020
I had this anonymous mail from wordcamp@wordpress.com which registered itself as an admin to my website and later i am still unable to retrieve it after doing all the steps given above I need instant help
November 11 2020
Hey Harshit! :) Looks like your website got hacked. Check this guide here. You can also follow our guide here on how to clean your website up! :) Good luck.
September 08 2020
Thank You so much. 403 forbidden issue solve: it was because the .htaccess file was corrupted. How? 1) Downloaded the .htaccess from Cpanel to have a backup of it. and then, deleted the file. 2) Generated a fresh .htaccess file, by login to the WordPress dashboard, and click on Settings › Permalinks. 3)Without making any changes I clicked on the save changes button at the bottom of the page. and it generated a fresh .htaccess file for me And my issue just got fixed
November 11 2020
Hey Muhammad. Thanks for the input. Glad it worked.
September 26 2020
Hi,i i did everything but still my issue is not resolved. What else can be the problem. Is it possible to have a problem from hosting provider?
November 18 2020
Hey there Zubair. Please make sure you are pointing to the correct nameservers/IP address. Additionally, you can message our Success team and they will gladly help you out.
November 13 2020
I have tried all 3 above methods to explained but my problem is still not resolve. Please let me know if any other solution is possible. 403 Forbidden Access to this resource on the server is denied!
February 02 2021
Hi there! If this doesn't help, I'd suggest you contact our Customer Success team to help you troubleshoot ;)
November 18 2020
Thank you so much for this. I tried so many other "solutions" from other sites, but this went straight to the issue and I could fix it in minutes. Deleting .htaccess instantly solved my problem. You officially rock!
February 09 2021
Happy it helped, Trevor!
November 30 2020
403 Access Denied I have seen these error on my site and it's not solved by the above answer. Please help me.
February 09 2021
Hi! It could be that the issue is coming from your host's side. If all of the options above didn't help resolve it, I'd suggest checking with your host to help you troubleshoot :)
December 09 2020
I have a website (wordpress) and this works well. If I log in as a member this works fine but if I log in as an administrator I get “Forbidden You don’t have permission to access on this server.” in front page and admin page. If I delete cookies the site is online again. I follow all step I delete .htaccess file I have change the permitions in all folders (755) and all files (644) with ftp. I have rename plugin folder, but nothing... Any idea?
February 09 2021
Hi, Panos! If disabling .htaccess and plugins didn't help, I'd suggest checking with our Customer Success team - they'll be happy to help you troubleshoot further :)
May 06 2021
Arts council England website keeps giving me a '403 forbidden' error- nginx. what has happened? am i blacklisted? Arts council wales and Scotland works for me -so do other websites. arghhh! help!
May 13 2021
Hi Tracey, The error could be coming from the website you are trying to access. They may need to fix their permissions before you are able to access it again.
August 03 2021
You forgot to include that wp-config.php needs to then be changed back to 600 or you'll be letting the world access your config file.
September 24 2021
Hi Paul, that's a good point - thanks for pointing that out! However, it will only be accessible from inside of the server, so as long as your server isn't compromised, it shouldn't be an issue. You can read more about it over here :)
March 04 2022
good work
March 10 2022
Over the past couple of days, I've been seeing an increase in traffic across multiple sites I manage getting 403 - Forbidden errors, and the URLs they're generating them from are not ones the public should be able to access. It's always the same IP address with a known malicious user-agent triggering this error code and being blocked by WordFence. So I'd add that another cause of this error is your file permissions doing their job properly and stopping a bad actor from gaining unauthorized access to areas of your site or server they should not have access to.
March 16 2022
Hi Jason, that's a very good point - thanks for pointing that out and sharing!
March 23 2022
Solves problem forbidden
April 21 2022
I have a Wordpress site showing "Forbidded:You don't have permission to access this resource." Now I follow all the instructions here and even remove all files just leaving the domain. But still it is showing the forbidden error. Help please.
April 25 2022
Hello there, I would suggest to reset all of your permissions to default and make sure you have a /public_html folder along with an index.php or index.html file in there. If that doesn't help, it would be best to contact your hosting provider to check if everything is well on their end and that your IP is not being blocked. In case you're hosting with Hostinger, you can reach our Customer Success team here.
June 04 2022
I am still getting the 403 forbidden error, even after I followed the steps you provided in the tutorial that didn't apply to WP, as I don't use WP. I don't understand why this is happening. Sometimes it appears to load fine, and other times, it gives me the 403 error. I tried using two different browsers and the same thing happens on both. Sometimes it works and other times it doesn't. Please help.
June 07 2022
Hi there! Most of the methods mentioned in the article (apart from plugins) are applicable to any website, so I'd suggest going through them again and making sure you've tried them all 😊
October 24 2022
i cant open my website. so how can i edit public_html folder along with an index.php ??
October 28 2022
Hi, TO edit public_html, you do not need for the website to be running, as website files are edited from the File Manager or an FTP client. You can check out this article to learn how to use File Manager.
March 09 2023
i need 403 solution
March 10 2023
Hey there! If you see a 403 Forbidden error it's usually related to permissions. First make sure that your domain is properly pointing to your hosting provider since incorrect A record can cause 403. Next up, double check file permissions from your hosting provider File Manager, depending on the file/folder type permission values will be different. Another possible cause is .htaccess file or plugins that create restricting rules inside .htaccess file, best bet would be to reset it to its default values. Hope this helps!
April 04 2023
I build my own website using python. As per instruction I have tried all the applicable solutions but to no avail. Initially I was redirected to the hostinger page. One info as per an article in your website was to delete the default.php file when being redirected to hostinger, but after deleting the default.php I was being shown Error: 403. Also after double clicking the "public.html" I only see my website folder and nothing other than that, I don't see .htaccess Now how do I navigate. (is .htaccess something that is present when using wordpress ? )
April 07 2023
Hello there! Public_html folder is where all of your website files should be located along with the index.php or index.html file. A quick test to see if everything is working properly is to create an index.html file on domains/yourdomain.tld/public_html/index.html, as for contents you can use code from here. After that, visit your website and you should see the generic landing page. As for .htaccess it can be used on any type of website not only WordPress and it can be responsible for protecting your site with a password, creating a custom-made error page or redirecting visitors to another pages, more about it here. Now lastly, keep in mind that Python websites are only supported on our VPS plans, so if you are using shared hosting, it won't work and you would need to migrate your files to a VPS. If I missed something or you have any additional questions, feel free to contact our live support and we will gladly help you!
November 15 2023
Thank you for this im a high school student and this really helped me i was wondering why my websites we'rent working thank you
November 16 2023
You're welcome! If you have any more questions, feel free to ask. Happy coding 😁