How to Fix 403 Forbidden Errors
A 403 Forbidden error means the server understood your request but refuses to authorize it. This guide helps you identify and fix the common causes.
What Causes 403 Errors?
- Incorrect file or folder permissions
- .htaccess rules blocking access
- ModSecurity or firewall rules
- No index file in directory
- IP address blocked
- Hotlink protection
Solution 1: Fix File Permissions
Correct permissions for web hosting:
- Folders: 755 (rwxr-xr-x)
- Files: 644 (rw-r--r--)
Fix via cPanel File Manager:
- Open File Manager in cPanel
- Navigate to the affected file/folder
- Right-click and select Change Permissions
- Set to 755 for folders or 644 for files
- Click Change Permissions
Fix via SSH:
# Fix folder permissions
find /home/username/public_html -type d -exec chmod 755 {} \;
# Fix file permissions
find /home/username/public_html -type f -exec chmod 644 {} \;
Solution 2: Check .htaccess
Your .htaccess file may have rules blocking access:
- Open File Manager in cPanel
- Enable Show Hidden Files (Settings)
- Find .htaccess in your website directory
- Rename it to .htaccess_backup
- Test your site
- If working, review .htaccess rules to find the problematic one
Common blocking rules to look for:
Order Deny,Allow Deny from all # Or RewriteRule .* - [F]
Solution 3: Check ModSecurity
ModSecurity may block legitimate requests:
- In cPanel, go to Security → ModSecurity
- Find the domain showing 403 errors
- Review recent blocked requests
- You can temporarily disable ModSecurity for testing
- If it resolves the issue, whitelist the specific rule
Solution 4: Add an Index File
If you're trying to access a directory without an index file:
- Create an index.html or index.php file in the directory
- Or enable directory listing in .htaccess:
Options +Indexes
Solution 5: Check IP Blocking
- Go to cPanel → Security → IP Blocker
- Check if your IP is blocked
- Also check .htaccess for IP deny rules:
Deny from 123.45.67.89
Solution 6: Check Hotlink Protection
If images are returning 403:
- Go to cPanel → Security → Hotlink Protection
- Ensure your own domain is in the allowed URLs list
- Check "Allow direct requests" if appropriate
WordPress-Specific Solutions
- Disable security plugins - Plugins like Wordfence or iThemes Security may block access
- Regenerate .htaccess - Go to Settings → Permalinks → Save
- Check wp-config.php permissions - Should be 600 or 640
Still Getting 403?
Check your error logs for more details:
- cPanel → Metrics → Errors
- Look for entries matching your 403 error
- The log will show exactly what triggered the error
Need Help?
Contact support with:
- The exact URL showing the error
- When the error started
- Any recent changes made
- Relevant error log entries
