Blog Menu

I write and curate content for Bluehost. I hope this blog post is helpful.
Are you looking at creating a blog, website or an online store? Bluehost has something for everyone. Get started today.

The WordPress 403 forbidden error can be quite frustrating for website owners and administrators, as it denies access to a webpage, unexpectedly disrupting your workflow. 

This error is typically indicative of server permissions that are improperly configured, denying you access to the requested resource, hence the message “403 forbidden access is denied.” 

If you’re a WordPress user or an administrator who has been locked out of certain sections of your website due to this error, you’re likely looking for immediate solutions.  

In this comprehensive guide, we will walk you through the potential causes of the WordPress 403 forbidden error and offer step-by-step solutions to resolve it. 

Whether you are dealing with a complete lockout or a WordPress admin 403 forbidden issues, we have you covered. 

This guide is designed to assist you in regaining control of your WordPress website and ensuring smooth and uninterrupted operation.

What is the 403 forbidden error in WordPress?

When you see the WordPress 403 forbidden error, it means that your server understands the request you’ve made, but for some reason, it’s refusing to fulfill it. The error can be quite frustrating, particularly when it prevents access to the WordPress admin dashboard, as this hampers your ability to manage your website effectively. 

In such a scenario, you would encounter the 403 forbidden WordPress admin error message. This means that while the server acknowledges your request to access the WordPress admin panel, it’s denying you the necessary permissions to do so. This can occur due to numerous reasons such as incorrect file permissions, faulty plugins or themes, or server configuration issues.

In essence, the WordPress Admin 403 Forbidden error is a signal that there’s a communication breakdown between the server and your WordPress website, barring you from accessing and managing your site. The good news is that, while it can be annoying, this error is usually fixable by identifying and addressing the underlying issues causing it.

What causes the 403 forbidden error in WordPress?

The 403 Forbidden Error in WordPress can be triggered by several factors. Understanding these causes can help in effectively resolving the issue. Here are some of the primary reasons behind the error.

Incorrect file permissions 

Each file and folder in your WordPress installation carries a set of permissions. These permissions, which are defined by three numbers (like 644 or 755), determine who can read, write, and execute the files or folders. The first digit refers to the owner’s permissions, the second to the group’s permissions, and the third to everybody else’s permissions. 

For example, ‘755’ implies the owner can read, write, and execute, while everyone else can only read and execute. If these permissions are incorrectly configured, the server may deny access, causing a 403 Forbidden Error. 

Faulty plugins or themes 

WordPress plugins and themes are developed by various authors and sometimes, they may contain bugs or conflicting code. If you’ve recently installed or updated a WordPress plugin or theme, and the 403 Forbidden Error emerged subsequently, then there’s a good chance that the plugin or theme is the culprit. Compatibility issues with your WordPress version or other installed plugins could also trigger this error.

Server configuration issues 

Often, the 403 Forbidden Error can be a result of server configuration settings that are incorrectly configured. Your website’s .htaccess file, a critical file used to define your site’s configuration, can cause this error if it has incorrect directives. Similarly, if the server itself is misconfigured, it may reject access requests, leading to the error.

Security plugins 

Security plugins are designed to protect your WordPress site by blocking IP addresses that they consider to be a potential threat. However, in some cases, these plugins may end up blocking your IP address, thereby causing the 403 Forbidden Error. 

Hotlink protection prevents other websites from using your site’s bandwidth by directly linking to files and images on your website. If this feature is improperly configured, it may block legitimate requests, leading to the 403 error.

What are the different versions of 403 forbidden errors?

403 Forbidden 

This is the most straightforward version of the error. It signifies that the server has received and understood your request, but it refuses to fulfill it. It could be due to several reasons, such as incorrect file permissions where the server doesn’t have permission to read the file or directory, faulty plugins or themes that have bugs, or conflicting code causing this error.

HTTP error 403 – Forbidden 

This variation is essentially the same as the ‘403 Forbidden’ error but with an ‘HTTP Error’ prefix. This indicates that the server understands your request but won’t display the webpage because you lack the necessary permissions. This is often due to incorrect server configurations or security plugins blocking access erroneously.

Forbidden – You don’t have permission to access [directory] on this server 

This error message provides more specific details, indicating that you’ve been denied access to a particular directory on the server. This could be due to directory-specific permissions set to disallow access, or a misconfiguration at the server level that restricts access to the directory.

A 403 forbidden error occurred while using an ErrorDocument to handle the request

This error typically occurs when the server’s configuration is misconfigured. The server tries to handle the original 403 error with an ErrorDocument directive as specified in the server configuration, but another 403 error occurs while processing it. This could indicate a recursive error situation where the ErrorDocument directive itself is causing the 403 error.


This is a simplified version of the 403 Forbidden Error. The term ‘Forbidden’ is a general HTTP status code that means the server understands the request but refuses to fulfill it due to certain restrictions or rules established by the server administrator.

Error 403 

This is a generic error message indicating that the requested resource is restricted and cannot be accessed. The server has received and understood the request, but the necessary credentials are not provided or are insufficient to gain access. This is commonly seen when trying to access password-protected directories without the correct authentication details.

How to fix 403 forbidden error

1. Clean your browser’s cache

One of the simplest yet effective remedies for the 403 error is cleaning your browser’s cache. It’s always advisable to perform a hard refresh whenever you stumble upon a WordPress error.

The issue could merely be a result of your browser cache. Therefore, eradicating your browser cache and cookies or accessing your website in private browsing mode might resolve your problem.

Among the wide range of web browsers available, if you’re a Google Chrome user, here’s a guide on how you can purge your browser cache.

To eradicate your cache in Google Chrome, click on the three-dot symbol situated at the top right corner of your browser window, then navigate to More Tools > Clear browsing data. Alternatively, you can use the shortcut keys: CTRL + SHIFT + DEL. Select the “Cached images and files” and pick the desired period (for instance, the past 24 hours) from the Time Range field. Click on “Clear data” to purge the cache.

For a more comprehensive data removal process, visit the Advanced tab in the Clear browsing data window. You have the option to purge passwords, autofill form data, site settings, and hosted app data. Click on “Clear Data” once you’re finished.

Google Chrome provides multiple pathways to access the Clear Browsing Data window. You can locate it in Chrome Settings > Privacy and Security or directly by clicking the Clear Browsing Data button. Also, you can manage cookies by navigating to Cookies and Other Site Data settings.

To automate the cache-clearing process, consider the option to purge cookies and site data upon closing all windows. You also have the option to manually manage cache items by navigating to “See All Cookies and Site Data.” Here, you can permit, block, or purge cookies for individual sites.

2. Revert to a previous functional version using your hosting backup

If your hosting service provides a backup at the application or server level, you can utilize this feature to undo recent changes and revert to a former functional version. Rolling back to a previously working version could help you circumvent the 403 error.

For instance, if your website was operating smoothly on August 2nd but encountered issues on September 1st, then you could restore the site to its previous state with just a few clicks.

If you are a Bluehost user, the process of reverting to a prior version is straightforward. Here are the steps to follow:

  1. Sign in to your Bluehost account.
  2. Click on the WordPress Tools tab.
  3. Select Backup from the left menu.
  4. Choose your WordPress site from the dropdown.
  5. Find the backup date you want to restore.
  6. Click Restore next to the chosen backup.
  7. Confirm the restore process when prompted.
  8. Wait for the restoration to complete and reload the page.

That’s all there is to it. Applying the steps mentioned above will enable you to revert to prior versions on the Bluehost platform quickly and conveniently.

3. Inspect .htaccess file

One potential culprit behind the occurrence of a 403 forbidden WordPress error could be a damaged .htaccess file. With the help of any FTP manager, you can rectify a problematic .htaccess file within a matter of seconds.

  1. First, access your server using an FTP client.
  2. Navigate to the .htaccess file, housed in the public_html directory.
  3. Right-click on the .htaccess file and download it to ensure safety.
  4. After downloading the file, proceed to delete the .htaccess file.
  5. Next, refresh your website in your browser to see if the 403 error has been rectified.
  6. If the problem is resolved by deleting the .htaccess file, this confirms that the error was due to a damaged .htaccess file.
  7. To create a new, clean .htaccess file, follow these steps:
  8. Access your WordPress dashboard.
  9. Navigate to Settings > Permalinks.
  10. This will direct you to the permalink settings page.
  11. Click on the Save Changes button located at the bottom of the page to create a new .htaccess file.
  12. Open your FTP client to confirm if the .htaccess file has been successfully regenerated.

4. Validate file permissions

A multitude of files in WordPress need access permissions. If these permissions are set incorrectly, the server will return a 403 permission denied error, signifying that you lack access to the requested file.

  1. Establish a connection with your WordPress website using an FTP client.
  2. Proceed to the root directory.
  3. Right-click on public_html and select the file permissions.
  4. Confirm that the numeric value in the Permission box is set to either 744 or 775.
  5. Tick the box next to ‘Recurse into subdirectories‘.
  6. Select the option that reads ‘Apply to directories only‘.
  7. Click OK.
  8. Repeat the same procedure for all files.
  9. Set the file permission to either 644 or 640.
  10. Ensure to select Recurse into subdirectories > Apply to files only.
  11. Click OK.

Recheck to ascertain if the 403 forbidden WordPress error has been resolved. If it continues to show up, then proceed to the next step, which involves deactivating the plugins.

5. Disable all plugins

On occasion, plugins with subpar coding can trigger a 403 forbidden error on WordPress websites. Thus, one possible solution is to disable all your plugins and then see if the issue is resolved.

To disable your plugins:

  1. You’ll need to access your WordPress files using an FTP client, such as FileZilla.
  2. Navigate to public_html > wp-content.
  3. Rename the plugins folder (for example, it’s been renamed to plugins-old here).
  4. Return to your browser and refresh the page.
  5. If the website resumes normal operation, then it implies that the plugins were the source of the error.
  6. Rename your plugins-old folder back to plugins.
  7. After renaming the folder, go to WordPress Dashboard > Plugins > Installed Plugins.
  8. You’ll notice that all plugins are now disabled by default.

Reactivate each plugin one by one and check your website after each activation to identify the problematic plugin.

6. Utilizing hotLink protection

Hotlink protection is a tool that restricts other websites from using images from your site. If you prefer not to have your images displayed on platforms like Google Images, Pinterest, or any other website, hotlink protection is a useful feature. Additionally, it aids in managing your site’s bandwidth and server resource usage.

However, occasionally, enabling hotlink protection on your CDN/hosting can provoke a 403 error if not correctly configured. As a result, careful and precise setup of hotlink protection is strongly advised, followed by monitoring your site’s status.


The 403 forbidden error in WordPress, although a common issue, can be quite disruptive for website owners and administrators. 

However, with a clear understanding of the potential causes and solutions, you can swiftly regain access to your website. 

The solutions outlined in this guide provide a comprehensive approach to tackle the issue. 

Remember, the key to resolving this error lies in correctly identifying its cause and then applying the appropriate solution. 

With patience and a methodical approach, the 403 Forbidden Error can be resolved, ensuring the smooth and uninterrupted operation of your WordPress website.

Frequently asked questions

Why am I getting 403 Forbidden on a website?

You may encounter a 403 Forbidden error on a website when the server understands your request but refuses to authorize it. This can occur due to several reasons such as incorrect file permissions, faulty plugins or themes, security plugins blocking access, or server configuration issues.

Is the 403 error the same as the access denied error in WordPress?

The 403 Forbidden error and the Access Denied error in WordPress are essentially the same. Both indicate that the server has understood your request to access a particular webpage or resource but is refusing to grant you access.

What is the main difference between 401 and 403 errors?

The main difference between 401 and 403 errors lies in their meanings. A 401 error, “Unauthorized,” means that the request lacks valid authentication credentials for the target resource. On the other hand, a 403 error, “Forbidden,” means the server understood the request but refused to authorize it. While both involve a lack of access, the 401 error implies that the user can authenticate (i.e., log in) to gain access, whereas the 403 error means access is completely forbidden.

How can I prevent the 403 error from occurring?

To prevent the 403 error from occurring, ensure that your file and folder permissions are correctly set, keep your plugins and themes updated, and regularly check your server configurations. Also, ensure that your security plugins are not blocking access unnecessarily.

Can a misconfiguration in the .htaccess file result in a 403 Forbidden error in WordPress?

Yes, a misconfiguration in the .htaccess file can indeed result in a 403 Forbidden error in WordPress. The .htaccess file is used to define your site’s configuration and rewrite URLs, and any mistakes or incorrect directives in this file can lead to various errors, including the 403 Forbidden error.

  • Devin Sears

    Devin is a Senior Event Marketing Manager for the Bluehost brand. He is our brand steward for all things Bluehost and WordPress. You'll always see him supporting Bluehost at WordCamps around the world!

    Brigham Young University
    Previous Experience
    Social Media, Customer Experience, Field Marketing, Sponsorships, Event Coordinator
Learn more about Bluehost Editorial Guidelines

Write A Comment