When I read it, I remembered that caching and performance plugins have a habit of messing with the htaccess. So I disabled W3total Cache and was able to update wordpress to the current version. Previously I could see a 403 in my server logs whenever i triggered an update for POST and GET requests in /wp-login.php. Blog, How Tos, WordPress I don’t know why, but I keep seeing this on many different servers, with various different profiles. Over the past year, I’ve seen this problem randomly happen to at least 10 different websites.
When it comes to error messages, one needs to properly understand to troubleshooting them. Recently when logging-in to my WordPress admin area, I got “403 Forbidden” error which states that “Access to this resource on the server is denied!” Getting this annoying error means you won’t be able to login to WordPress, no matter how many times you try. The good part is that troubleshooting this problem is easy. Let’s take a look at some possible solutions when you face 403 forbidden error, and you can’t login to wp-admin or wp-login page.
Check for file and folder permissions
The first step to solve this error is to check for proper permissions to WordPress files and folders. Normally, your folders (or call it directories) should have 755 permission and files should have 644 permission. Don’t forget to check your wp-config.php and wp-login.php for 644 file permission, and wp-admin folder for 755 permission.
Check your .htaccess file
Web hosts sometimes edit your .htaccess file to add some code to prevent brute force attacks. This is usually a good practice to prevent intrusion, and protect your site from such attacks. However, the side effect of this is that it even restricts the legitimate user (you) from logging-in to WordPress. That’s why, check your .htaccess file which should look like below:
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index.php$ – [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress
If yours is different, then edit your .htaccess to look like above and remove the extra code from the file. Once you do this, clear your browser cache or use a different browser and then try to login to WordPress admin. Many users have reported that this method has solved their problem.
For advanced users: If you find that your web host has indeed edited .htaccess to protect it from damage or from using more resources on the server, then you can simply white list your IP and allow access to the wp-admin area.
Disable Security Plugin
If you are using any security plugin and facing this problem, then disable it right now. Reason? Because security plugins have some features like deny brute force, IP whitelist, etc and sometimes they lock down the login area if anything suspicious occurs. To disable such security plugin, login to your cPanel, go to File Manager and rename the plugin’s folder, or use a FTP client to do the same. Now go ahead and try to login to your WordPress again.
So go ahead and fix your access denied to wp-admin / wp-login page by using these methods.
Given the complexity of the Internet, it is no surprise that things do go wrong. Since WordPress powers a significant portion of the Internet, the number of errors that pop up at WordPress websites is pretty high.
How To Fix 403 Forbidden Error in WordPress
- Fix 403 Forbidden Error on WordPress website
A pretty common error that users encounter is the 403 forbidden error on WordPress websites. To understand this error, it is important you should have a bird’s eye view of how it all works. Next, in this article, I will explore the possible causes and the options to fix these errors for WordPress websites.
Wordpress 403 Error Wp-admin
The Client-Server Model
The most popular model of communication over the Internet is a client-server model in which (typically) server responses to the requests sent by multiple clients. Every server response has an HTTP status code that indicates success or failure of the request-response cycle. Developers use these status codes to understand what’s going on and create processes that handle a specific situation.
What is 403 Forbidden
The 403 Forbidden error is an HTTP status code that is sent back by the server when the client (user) who initiated the request does not have permission to access a specific page or resource.
What Causes the 403 Forbidden Error in WordPress
Several scenarios can trigger the 403 forbidden error at a WordPress site. Going through the causes of sequentially is a great way of debugging the error.
Note: Before going further, it is a good idea to take the backup of the entire website.
Wordpress 403 Forbidden Nginx
The following are the common causes of 403 Forbidden error:
- Corrupt .htaccess file.
- Incompatible or faulty plugins.
- File permission issues
Corrupt .htaccess file
The .htaccess file determines how Apache servers process clients’ requests. There are times when users explicitly modify this file to achieve certain functionality. However, changing the contents of the files could result in conditions that could cause access related issues.
Solution
Fixing this issue is easy. Just access the root directory of the website through FTP and delete it. Once the file is removed, log into your WordPress Admin and under Settings, select Permalinks. A new .htaccess file is created as soon as you hit the Save Changes button.
Try to access the website in a new tab. If you are successful, you could then start adding the changes to the file. Take care to test the access to the website to ensure that things are working properly.
Incompatible or Faulty Plugins
Plugins are essential components of a WordPress website. However, given the huge number of WordPress plugins in the market today, it is very easy to install a faulty or incompatible plugin on your WordPress website, with predictable results. The plugins can break your site and cause access related issues.
Solution
The easiest fix is to simply deactivate or completely remove the offending plugin(s).
To do so, simply deactivate all the installed plugins and check if the site is back on. If yes, then start activating them one by one until you see the error again. At that point mark that plugin and either replace it with an alternate plugin or look for its developer’s support. It is possible that even after deactivating all the plugins you would still be looking at the error; this shows that the problem is not caused by your plugins and further troubleshooting is required.
File Permission Issues
If the above two fixes don’t work, chances are that the problem is incorrect file permission. WordPress folders and files are inaccessible if the permissions are set incorrectly.
Solution
To rectify this issue, access the website through FTP manager.
Folders’ permission at any WordPress site should be set to 744 or 755. Similarly, file permission should be either 644 or 640.
In the FTP manager, right click on the folder name and select File permissions tab to open a new window.
Now simply put the proper numeric value in the field:
To apply these changes to all subdirectories inside that folder; click on Recurseinto subdirectories and click OK button. Repeat the process for files. However, this time use either 644 or 640. Once the process is completed, try accessing your WordPress site in a new tab, and hopefully, you will not see the 403 Forbidden error anymore.
Frequently Asked Questions
Q1. What causes a 403 Forbidden error?
The 403 Forbidden error means that a user does not have the permission to view the page. The page or resource is forbidden for some reason which needs to be troubleshooted to access it.
Q2. What does it mean when you get a 403 Forbidden error?
403 Forbidden error means that you do not have the permission to access the resource. This is usually because misconfigured permission settings which needs to be changed in order to view the page. One of the most common reason behind 403 Forbidden error is the .htaccess file.