403 Forbidden or No Permission to Access
What Does 403 Forbidden Mean?
A 403 Forbidden error means that you are not allowed, or do not have permission, to view the requested file, resource, or page you are trying to view in a browser. A 403 error can present in several ways.
- Error 403
- 403 Forbidden
- 403. That's an error. We're sorry, but you do not have access to this page.
- Forbidden: You don't have permission to access [directory] on this server
While sometimes this is intentional, other times, the issue is on your end, or it is due to misconfigured permissions.
What Causes 403 Forbidden Errors?
This error's top reasons are permissions, WordPress plugin, or incorrect setting in the .htaccess file.
The files and folders stored on your website have permissions. File permissions may or may not allow who can access these files or folders on your website. The 403 Forbidden error means that your file has incorrect or bad permissions.
A string of 3 numbers denotes these permissions. On our blog, we have an article, How to Secure a Website from Hackers [10 Step Guide], and in Step #9, you can see a breakdown of what each of these numbers means and best practices to keep your website secure.
These should be the file permissions for the following:
- WordPress site files must be 644 or 640.
- Directories and WordPress folders must be 755.
- Executable scripts within the cgi-bin folder must be 755.
- Images, media, and text files like HTML should be 755 or 644.
Want to see the permission set to your files? See our article on How to change permissions (chmod) of a file.
WordPress plugins are great for adding features and functionality to your website. Still, suppose they're not configured correctly or incompatible with another plugin. In that case, they could cause you to see a 403 error message on your website. This WordPress Plugins article provides tips on understanding how you can identify a bad plugin.
The Plugins Advice page offers some general advice on some commonly used plugins and lists banned plugins. Just take note that HostGator cannot provide direct support for the plugins discussed.
Error 403 caused by the Plugins can be fixed by disabling and enabling the plugins one by one. You will then identify which of the installed plugins is/are causing the error. Here are the instructions on how to Enable/Disable or Install/Uninstall WordPress Plugins:
Hidden Files (Dot Files)
Suppose you see "client denied by server configuration" in your Error Logs. In that case, this usually means bad file permissions, but it could also mean that the visitor is trying to look at a hidden file, like the .htaccess file. You cannot look at that file, or any file name that starts with a dot, in your browser.
For example, https://example.com/.htaccess will always result in a 403 error.
The .htaccess file could also be the issue itself. Most websites, especially those built with a CMS like WordPress, have a .htaccess file. Suppose you made changes to this file, and your website is now displaying an error. Then, in that case, you would need to modify it again or create a new one to resolve this .htaccess error.
- The account may have IP Deny rules. You can check in the cPanel to make sure you are not blocking your own IP address. Here is how you can check it in cPanel: How Do I Deny an IP Address Access?
- You may have changed the Index Manager to 'No Indexing.' This will cause a 403 error if there is no correct index page to load. So you can check if the Indexing has been altered, check out these helpful articles below:
- The error could be caused by our mod_security rules, which has something to do with the web application firewall. Please contact us for further help.
How to Resolve 403 Forbidden Errors?
If you see a 403 error on a site that you own, then the section above walks you through several causes for the error and ways to fix them.
As discussed above, a 403 error means that you do not have permission to view the website. If the website is not yours and you're getting this error, here are a few ways to resolve it.
- Check the website's status or reach out to them on social media, such as Twitter or Facebook. They may be aware of the issue because multiple people are experiencing it, or you can find out how to get support if you're the only one.
- The link may be incomplete or incorrect. As we discussed earlier, you can't view any files that begin with a dot(.) such as .htaccess in the browser. You also may not have the complete URL or web address.
For example, https://www.facebook.com/HostGator/photos/a.10150093510632092/ is not a valid link because it stops at the directory /a.10150093510632092. However, the full link - https://www.facebook.com/HostGator/photos/a.10150093510632092/10158726693822092 - works because it resolves to a file that is viewable to the public.
- Were you able to view this website before and can't now? Maybe you're not logged in, or you're not logged into the right account. Navigate to the login page to see which account you're logged into or login if you're not already.
- After any of the previous methods, you may need to clear your browser's cache because when you visit a site, sometimes it displays a saved copy of the site. Clearing your cache may resolve your issue without trying any of the resolutions listed above. Still, we recommend doing this after trying any of the steps above to ensure you see the live site and not a cached page.
For more reference on Permissions, click the links below: