HTTP Error 403 Forbidden: Quick guide to fix it (updated)

HTTP Error 403 Forbidden: Quick guide to fix it (updated)

Understand the HTTP 403 Forbidden error: What are the causes and how to fix it.

Table of Contents

What is the 403 Forbidden error

The HTTP 403 Forbidden response status code indicates that the server understands your request but refuses to authorize it. In other words, you are not authorized to access the specified URL.

403 Forbidden from Apache

Different 403 error messages depending on web server

  • “You are not authorized to view this page”
  • “It appears you don’t have permission to access this page.”
  • “Error 403 – Forbidden”
  • “Forbidden – You don’t have permission to access /index.php on this server”
  • “403 – Forbidden: Access is denied”
  • “403 – Forbidden Error – You are not allowed to access this address”
  • “403 Forbidden – nginx”
  • “HTTP Error 403 – Forbidden – You do not have permission to access the document or program you requested”
  • “403 Forbidden – Access to this resource on the server is denied”
  • “403. That’s an error. Your client does not have permission to get URL from this server”

The following sections show you the causes, and how to fix the error:

How to fix the 403 Forbidden error code

We help you identify the different causes and how to fix it on each case.

403 Forbidden caused by browser

Your browser’s cache or cookies could cause the 403 error.

TIP: You can test in an incognito browser tab to check if browser cookies or cached info is the cause to your 403 Forbidden error.

If your incognito session works, then your browser cache or cookies are the problem.

In order to make a website load faster the next time you visit it, the browser cache stores data. However, it could happen that a link was updated, and the current web page link is now different from the cached version.

It can also happen that the error comes from session cookies. It may be the case of a website that you usually access, and due to expiration of the session or due to a change in some cookie reference, the server does not consider you authorized and returns this error message.

To fix the error, remove all session data, cookies, and cache data from the domain of the visited page.

403 Forbidden caused by your web server

If you are setting up a new site, this could be your case. When the web server returns a 403 error, it is indicanting that there are insufficient rights for a ressource.

How to fix the web server configuration

  1. Verify your domain is pointing to your server. Check the log file, and find the error. Another alternative is to display the IP address in your browser’s developer tools network panel:

    403 error code in browser developers panel

    An IP address different from our server indicates that we request the page or ressource from an incorrect server. Check the domain in the url of the ressource and the configuration of the DNS zones.
  2. Verify the file permissions. The target HTML ressource your server is trying to show must be readable by the same user running the web server.

    To view and modify your site’s file permissions, you’ll need to connect via SSH/FTP/SFTP. Here’s how to connect via SFTP with FileZilla.
  3. Check the .htaccess if your web is are running an Apache web server.
  4. Check the nginx.conf if your web is running with an Nginx web server.

You can use this online tool https://nginx.viraptor.info/ to quickly debug which blocks Nginx will match to a certain request.

403 Forbidden caused by your Firewall

If previous fixings do not lead to the desired web page yet, there might be a problem between the web server and your Firewall.

If your web server has a Web Application Firewall (WAF), take a look at the error logs where your Firewall is reporting.

This example shows how ModSecurity is blocking a request giving an Access denied with code 403:

ModSecurity: Access denied with code 403

403 error code caused by a WordPress Plugin

If you made it this far and none of the above methods work, chances are that the error is caused by an incompatible or faulty plugin.

First of all, if by disabling all your plugins, the HTTP Error disappears, then your 403 error is caused by a WordPress Plugin.

To find the plugin causing the problem, we recommend following this process:

  1. Disable all your plugins.
  2. Check the page that gives you the HTTP Error.
  3. If page Works, then enable one plugin from the disabled list and jump to previous steep 2.
  4. If page Fails, then this last enabled plugin could be the one causing the HTTP Error.

If during a test, you don’t want to break your production site:

Clone your server to create a Staging environment!

To clone a WordPress site with Wetopi is as easy as a simple click.

We are techies passionate about WordPress. With wetopi, a Managed WordPress Hosting, we want to minimize the friction that every professional faces when working and hosting WordPress projects.

Not a wetopi user?

Free full performance servers for your development and test.
No credit card required.

All HTTP Status Codes

200 OK

201 Created

202 Accepted

203 Non-Authoritative Information

204 No Content

205 Reset Content

206 Partial Content

207 Multi-Status

208 Already Reported

226 IM Used

300 Multiple Choices

301 Moved Permanently

302 Found

303 See Other

304 Not Modified

305 Use Proxy

307 Temporary Redirect

308 Permanent Redirect

400 Bad Request

401 Unauthorized

402 Payment Required

403 Forbidden

404 Not Found

405 Method Not Allowed

406 Not Acceptable

407 Proxy Authentication Required

408 Request Timeout

409 Conflict

410 Gone

411 Length Required

412 Precondition Failed

413 Payload Too Large

414 Request-URI Too Long

415 Unsupported Media Type

416 Requested Range Not Satisfiable

417 Expectation Failed

418 I’m A Teapot

421 Misdirected Request

422 Unprocessable Entity

423 Locked

424 Failed Dependency

426 Upgrade Required

428 Precondition Required

429 Too Many Requests

431 Request Header Fields Too Large

444 Connection Closed Without Response

451 Unavailable For Legal Reasons

499 Client Closed Request

500 Internal Server Error

501 Not Implemented

502 Bad Gateway

503 Service Unavailable

504 Gateway Timeout

505 HTTP Version Not Supported

506 Variant Also Negotiates

507 Insufficient Storage

508 Loop Detected

510 Not Extended

511 Network Authentication Required

599 Network Connect Timeout Error

See how Wetopi stacks up against your current hosting

Migrating sites to us is free and completely effortless on your part.

No hidden small text.
No commitments.
No credit card.

Try before you buy.