Introduction
When a web server denies access to a particular webpage or web content, it displays the 403 Forbidden error. Different web servers report different variations of the 403 Forbidden error.
In this article, you will learn what a 403 error is and how to fix it.
What Is the 403 Forbidden Error
The 403 Forbidden error happens when a web server denies access to a webpage to a user trying to access it trough a web browser. The name "403 error" derives from the HTTP status code that the web server uses to describe that type of error.
There are several variations of the error and several reasons why the web server has denied access. The following sections deal with the different ways the error is displayed and its causes.
Common 403 Error Messages
Like with other errors, webmasters can customize how the 403 error is displayed. Its contents also depend on the web server used. That is why there are many different 403 pages across different websites.
Some common 403 error messages are:
- 403 Forbidden
- HTTP 403
- Forbidden
- HTTP Error 403 – Forbidden
- HTTP Error 403.14 – Forbidden
- Error 403
- Forbidden: You don’t have permission to access [directory] on this server
- Error 403 – Forbidden
- 403 Forbidden Error
- 403 Error
The image above shows an example of a 403 Forbidden error served by an Nginx web server.
Note: Learn more about the 503 service unavailable or the 500 internal server error.
What Causes the 403 Forbidden Error
The 403 Forbidden error usually occurs due to access misconfiguration. The misconfiguration involves improper read, write, or execute permission settings for a file or directory.
Possible causes for the 403 Forbidden error are:
- An empty website directory. If there is no index.php or index.html page, the 403 error displays.
- Missing index page. The 403 error may occur if the homepage name isn't index.html or index.php.
- Permission/ownership errors. Incorrect permission settings or ownership cause the 403 error.
- Incorrect .htaccess file settings. The .htaccess file holds important website configuration settings, and it could be corrupted.
- Malware infection. If your files are infected with malware, it can keep corrupting the .htaccess file.
- Cached outdated webpage. The 403 error comes up if the page link has been updated, which is now different from the cached version.
- Faulty plugin. Improperly configured WordPress plugins or their incompatibility could trigger the 403 error.
The following section deals with different ways of fixing the 403 Forbidden error.
How to Fix the 403 Forbidden Error (Tips for Webmasters)
You can do several things to fix the 403 Forbidden error, depending on whether you are a website visitor or a webmaster.
Note: If you are hosting on an Apache web server, read our tutorial on how to fix the 403 Forbidden error on an Apache Server.
The following fixes for the 403 Forbidden error are resources for site webmasters:
Check Website Directory
An empty website directory may cause the 403 error. Make sure that the content is in the correct directory on the server.
Depending on the server you are using, the correct directory for your content is:
- For Nginx: /var/www/vhosts/domain.com/httpdocs/
- For Apache: /home/username/public_html/
If there is no such directory, create one.
Add an Index Page
The website homepage by default is index.html or index.php. If there is no such page on your website, the visitors can encounter a 403 Error. Resolve this by uploading an index page to your httpdocs or public_html directory.
If you already have a homepage named other than index, you can rename it or set up a redirect in your .htaccess file to that homepage.
Warning: Be careful when editing the .htaccess file as it contains server configuration instructions and affects your web server's behavior. The file is usually hidden as a precaution, but you can find it in your public_html directory by checking the Show Hidden Files option.
To redirect to your homepage, follow the steps below:
1. Log in to cPanel and navigate to your public_html directory.
Note: You can also download and edit the .htaccess file locally using an FTP client instead of cPanel.
2. Right-click the .htaccess file and choose Edit from the dropdown menu.
3. Redirect the index.php or index.html file to your existing homepage by inserting the following code snippet:
redirect /index.html /homepage.html
Replace homepage.html
with the actual name of your page.
Check File and Directory Permissions
Each file and directory on your website have permissions that control access to those files and directories. Incorrect file or directory permissions can cause the 403 Forbidden error. The permissions specify who has read or write access to the file or directory in question.
The permissions are represented with numeric values. The general practice is to use:
- 755 for directories
- 644 for static content
- 700 for dynamic content
Note: Linux file permissions can include numbers, letters, or words, as well as an entry stating to whom the file has been assigned - Owner, Group, or Both.
You can change file permissions recursively with the chmod command. If you prefer a GUI, use an FTP client to change file or directory permissions.
Create a New .htaccess File
A 403 error can be the result of improper .htaccess file configuration. The .htaccess file controls the high-level website configuration.
Follow the steps below to check if the .htaccess file is the cause of the 403 error:
1. Find the .htaccess file via your file management software (e.g., cPanel) or via an sFTP or FTP client.
2. Right-click the .htaccess file and select Download to create a local backup.
3. Next, click Delete to delete the file.
4. Visit your website. If the 403 error no longer appears, it means that the .htaccess file was corrupt.
5. Now you need to generate a new .htaccess file. Log in to your dashboard and click Settings > Permalinks.
6. Don't make any changes. Just click the Save Changes button to create a new .htaccess file.
Visit your website to check if the error is fixed.
Enable Directory Browsing
If the website shows a 403 error when you're trying to browse a directory, you may need to enable directory browsing in your web server software. You can turn on directory browsing in the config file. If you don't feel confident editing the config files yourself, seek help from a web master or your hosting provider.
The following examples show how to enable directory browsing in different web servers:
- IIS Express
1. Open the Web.config file of your project.
2. Add the following tags within <system.webServer>
:
<directoryBrowse enabled="true" />
<modules runAllManagedModulesForAllRequests="true" />
- Nginx
Change the autoindex
value to on
in the config file:
The following is an example of the config file with the on
value for autoindex
.
server {
listen 80;
server_name phoenixnap.com www.phoenixnap.com;
access_log /var/...........................;
root /path/to/root;
location / { index index.php index.html index.htm; }
location /somedir { autoindex on; }
}
Apache
You have to specify the DirectoryIndex directive in the site's .conf file (found in /etc/apache2/sites-available on Linux).
Turn on directory browsing in the Options
directive. Following is an example of the .conf file with directory browsing turned on:
<Directory /usr/local/apache2/htdocs/listme>
Options +Indexes
</Directory>
Contact the Hosting Company
The reason for the 403 Forbidden error could be with the hosting company and not with you. If everything else fails to remove the error, get in touch with your hosting company and let them check what could be causing the issue.
Disable WordPress Plugins
Sometimes, a faulty or incompatible plugin is what causes a 403 forbidden error. You can try to fix the error by disabling all plugins to check if the error goes away.
Follow the steps below to disable all plugins:
1. Log into the WP Admin and navigate to Plugins > Installed Plugins.
2. Select all plugins, choose Deactivate from the drop-down menu and click Apply.
3. Try to access your website. If there is no 403 forbidden error, that means that the cause was one of the plugins.
4. Now enable one plugin at a time to determine which one is causing the 403 error. When you find the root of the problem, update or remove the plugin or install an alternative one to resolve the issue.
Check the A Record
One of the reasons for the 403 Forbidden error can be a domain name pointing to the wrong IP address, where you don't have the permission to view the content. This happens when the A record of a migrated website still points to the old IP address.
Follow the steps below to check if the domain A record points to the right IP address:
1. Log in to cPanel.
2. In the Domains section, click DNS Zone Editor.
3. In the list of DNS records, find the record with the A label in the Type column.
Note: Take a look at the best DNS security practices to protect your business. And to learn how to diagnose conectivity issues, check out our post on DNS troubleshooting.
4. Check if the A record IP address in the Record column is correct. If it's wrong, click Edit to change it.
5. Click Update to finish.
Revisit the website to see if the issue has been resolved.
Scan for Malware
Having malware on your web server can cause the 403 Forbidden error. The malware can keep injecting unwanted lines into the .htaccess file, and that way the error persists even if you generate a new .htaccess file.
Use a security plugin to scan your web server for malware and remove it if any is found. Most plugins also offer actions when detecting malware infected files, such as deleting the infected file or restoring it.
Some of the best security plugins for WordPress are Sucuri, Wordfence, Defender, etc.
How to Fix the 403 Forbidden Error (Tips for Site Visitors)
If you are a site visitor that has encountered the 403 error, below is a list of things you can try to fix the issue.
Check URL
A wrong URL is a common cause of the 403 Forbidden error. Make sure that you're trying to access an actual webpage instead of a directory.
Many websites don't allow visitors to browse through directories, so if you are trying to acces a directory, you will likely get a 403 Forbidden error.
Clear History/Cache
Your browser stores cached webpages to load them faster the next time you visit them. Sometimes the website link has been updated, making the actual link different from the cached version. Loading the cached version then results in a 403 error.
The stored cookies on your browser can also cause the 403 error. If the cookies are invalid or corrupted, they can cause improper server authentication. Clearing browser cache and cookies should resolve this issue.
Note: Clearing the browser cache and cookies means that the next time you load the webpage, your browser requests all the site files again, making it load slower. Clearing the cookies also signs you out from all logged-in websites.
Follow the steps below to clear the cache and cookies on Google Chrome:
- Click the three-dot button on the top right corner and select Settings.
2. Find the Privacy and security section and click Clear browsing data.
- In the drop-down menu, select the data deletion time frame.
- Check the Cookies and other site data and Cached images and files options and click Clear data.
Try to reload the site to see if the problem persists.
Log in
A 403 Forbidden error code could sometimes appear because you need to log in to a website to access a page. If possible, log in with your credentials to gain access to the content.
Note: Although the 401 error is usually displayed when you need special permission to access content, sometimes the 403 Forbidden error is displayed instead.
Reload the Page
Sometimes, reloading the page is the trick to getting around the 403 Forbidden error. Each browser has its own reload button near the address bar. Press Ctrl+F5 on Windows and Linux or Cmd+Shift+R on Mac to reload the page if you prefer using the keyboard.
Try Later
If you aren't the only one denied access to the website, then the problem is usually with the host. Revisit the site later and see if the issue has been resolved.
Contact Your ISP
If you cannot get around the 403 error on a website, but it works for other people, contact your internet service provider (ISP).
Your IP address could be added to a blocklist, and it is causing the 403 forbidden error. In that case, your ISP cannot help you, and the only way to access the website is to use a VPN.
Conclusion
High website availability provides the best user experience and shows reliability. That is why website owners try to keep their site available at all times and invest in website maintenance services.
Preventing or quickly resolving HTTP errors is crucial if you want to retain your visitors. After reading this guide, you should be able to promptly fix the 403 Forbidden error and keep your business running.