What Is a 403 Forbidden Error (and How to Fix It)

A 403 Forbidden error is an HTTP status code which means that for some reason, you are being blocked from viewing the requested page. The server is "UP" and it *found* the page (so it's not a 404), but it has strict rules in place that forbid you from seeing it.

What Causes a 403 Forbidden Error?

This is a server-side configuration issue. It means a permission or setting on the server is intentionally blocking access.

1. Incorrect File or Folder Permissions

This is the most common cause. All files and folders on your web server have permissions that control who can read, write, and execute them. If these are set incorrectly, the server will forbid anyone from accessing them.

  • Correct Permissions: Folders should almost always be 755. Files should almost always be 644.
  • How to fix: Connect to your server via FTP or your host's File Manager. Right-click on your folders (starting with the root folder public_html) and check their permissions. Set them to 755. Then, select your files (like index.html or index.php) and set them to 644.

2. Bad .htaccess File Rules

Your .htaccess file can contain rules to block specific IP addresses, regions, or "bots." If you have a rule that is written too broadly, it might be accidentally blocking you or all legitimate visitors.

  • How to check: Open your .htaccess file. Look for any rules that start with Deny from or RewriteRule ... [F]. These are "Forbidden" rules.
  • How to fix: Temporarily rename your .htaccess file to .htaccess_old to disable it. If the site loads, you know the problem is a bad rule in that file. Restore the file and delete or fix the problematic rule (e.g., an IP block that is too broad).

3. No Index File

If a user tries to access a directory (e.g., yoursite.com/blog/) and there is no "index file" (like index.html or index.php) inside that directory, the server will, for security reasons, often return a 403 error to prevent people from browsing the files in that folder.

  • How to fix: Either add an index.html file to that directory, or, if you don't want people accessing it, add a rule to your .htaccess file to disable directory indexing: Options -Indexes

4. A Security Plugin Is Blocking You

If you use a WordPress security plugin (like Wordfence or Sucuri), it might have identified your IP address as a threat (perhaps due to too many failed login attempts) and blocked you. This is a 403 error in action.

  • How to fix: Try accessing your site from a different internet connection (like your phone's mobile data). If it works, your IP is blocked. You will need to log in to your security plugin's settings and remove your IP from the blocklist.