Understand the HTTP 403 Forbidden error: What are the causes and how to fix it.
Table of Contents
- What is the 403 Forbidden error
- How to fix the 403 Forbidden error code
- All HTTP Status Codes
What is the 403 Forbidden error
The HTTP 403 Forbidden response status code indicates that the server understands your request but refuses to authorize it. In other words, you are not authorized to access the specified URL.
Different 403 error messages depending on web server
- “You are not authorized to view this page”
- “It appears you don’t have permission to access this page.”
- “Error 403 – Forbidden”
- “Forbidden – You don’t have permission to access /index.php on this server”
- “403 – Forbidden: Access is denied”
- “403 – Forbidden Error – You are not allowed to access this address”
- “403 Forbidden – nginx”
- “HTTP Error 403 – Forbidden – You do not have permission to access the document or program you requested”
- “403 Forbidden – Access to this resource on the server is denied”
- “403. That’s an error. Your client does not have permission to get URL from this server”
The following sections show you the causes, and how to fix the error:
How to fix the 403 Forbidden error code
We help you identify the different causes and how to fix it on each case.
403 Forbidden caused by browser
Your browser’s cache or cookies could cause the 403 error.
TIP: You can test in an incognito browser tab to check if browser cookies or cached info is the cause to your 403 Forbidden error.If your incognito session works, then your browser cache or cookies are the problem.
In order to make a website load faster the next time you visit it, the browser cache stores data. However, it could happen that a link was updated, and the current web page link is now different from the cached version.
It can also happen that the error comes from session cookies. It may be the case of a website that you usually access, and due to expiration of the session or due to a change in some cookie reference, the server does not consider you authorized and returns this error message.
To fix the error, remove all session data, cookies, and cache data from the domain of the visited page.
403 Forbidden caused by your web server
If you are setting up a new site, this could be your case. When the web server returns a 403 error, it is indicanting that there are insufficient rights for a ressource.
How to fix the web server configuration
- Verify your domain is pointing to your server. Check the log file, and find the error. Another alternative is to display the IP address in your browser’s developer tools network panel:
An IP address different from our server indicates that we request the page or ressource from an incorrect server. Check the domain in the url of the ressource and the configuration of the DNS zones.
- Verify the file permissions. The target HTML ressource your server is trying to show must be readable by the same user running the web server.
To view and modify your site’s file permissions, you’ll need to connect via SSH/FTP/SFTP. Here’s how to connect via SFTP with FileZilla.
- Check the
.htaccessif your web is are running an Apache web server.
- Check the
nginx.confif your web is running with an Nginx web server.
You can use this online tool https://nginx.viraptor.info/ to quickly debug which blocks Nginx will match to a certain request.
403 Forbidden caused by your Firewall
If previous fixings do not lead to the desired web page yet, there might be a problem between the web server and your Firewall.
If your web server has a Web Application Firewall (WAF), take a look at the error logs where your Firewall is reporting.
This example shows how ModSecurity is blocking a request giving an Access denied with code 403:
403 error code caused by a WordPress Plugin
If you made it this far and none of the above methods work, chances are that the error is caused by an incompatible or faulty plugin.
First of all, if by disabling all your plugins, the HTTP Error disappears, then your 403 error is caused by a WordPress Plugin.
To find the plugin causing the problem, we recommend following this process:
- Disable all your plugins.
- Check the page that gives you the HTTP Error.
- If page Works, then enable one plugin from the disabled list and jump to previous steep 2.
- If page Fails, then this last enabled plugin could be the one causing the HTTP Error.
If during a test, you don’t want to break your production site:To clone a WordPress site with Wetopi is as easy as a simple click.
Clone your server to create a Staging environment!
We are techies passionate about WordPress. With wetopi, a Managed WordPress Hosting, we want to minimize the friction that every professional faces when working and hosting WordPress projects.
Not a wetopi user?
Free full performance servers for your development and test.
No credit card required.
All HTTP Status Codes
203 Non-Authoritative Information
204 No Content
205 Reset Content
206 Partial Content
208 Already Reported
226 IM Used
300 Multiple Choices
301 Moved Permanently
303 See Other
304 Not Modified
305 Use Proxy
307 Temporary Redirect
308 Permanent Redirect
400 Bad Request
402 Payment Required
404 Not Found
406 Not Acceptable
407 Proxy Authentication Required
408 Request Timeout
411 Length Required
412 Precondition Failed
413 Payload Too Large
414 Request-URI Too Long
415 Unsupported Media Type
416 Requested Range Not Satisfiable
417 Expectation Failed
418 I’m A Teapot
421 Misdirected Request
422 Unprocessable Entity
424 Failed Dependency
426 Upgrade Required
428 Precondition Required
429 Too Many Requests
431 Request Header Fields Too Large
444 Connection Closed Without Response
451 Unavailable For Legal Reasons