How to Fix the 403 Forbidden Error in 2024 (12 Methods) Print

Here are possible reasons that can cause the 403 Forbidden error:

• Incorrect file and folder permissions ‒ users lack the necessary permissions to access certain files or sections of a website.
• Corrupted .htaccess file ‒ misconfiguration or malware can corrupt the .htaccess file.
• Missing index page ‒ the default homepage template (index.html or index.php) is not present in the website’s directory.
• Incompatible WordPress plugin ‒ a WordPress plugin may conflict with another plugin or be improperly configured.
• Incorrect IP address ‒ the domain name directs to an incorrect IP address, causing the website to block access.
• Malware scan ‒ security measures may restrict access to certain resources to prevent malicious attacks.
• Updated web page link ‒ the webpage link was recently changed, differing from the cached version.
• Empty website directory ‒ the URL attempts to access the website’s directory instead of a specific file.

How to Fix the 403 Forbidden Error

1. Clear Your Browser Cache and Cookies

   The browser cache speeds up website loading on future visits. However, if a web page’s link changes, it can cause a mismatch with the cached version and trigger the 403 HTTP status code. Browser cookies – small files that remember your preferences and details – can also be a common cause of the 403 Forbidden error.

   While caches aim to improve website loading speed, cookies focus on personalizing your browsing experience. That’s why a forbidden page error often occurs on a frequently visited website.

   Keep in mind that clearing your cache and cookies will force the browser to re-request site files, requiring you to sign in again on most websites.

   Steps to Clear Cache and Cookies on Google Chrome

   (These steps are similar for Firefox and Safari.)

   1. Click on the three-dot icon in the top right corner and select Settings.
   2. Navigate to Privacy and security → Clear browsing data.
      •  
   3. Use the drop-down menu to choose the time range. It is recommended to select All time to remove all old files. Then, select Cookies and other site data and Cached images and files.
   4. Click Clear data to erase them.
      •  

   After completing these steps, try revisiting and logging into the problematic website to see if it fixes the error. This method also works for other errors, like the 400 Bad Request.

2. Disable VPN Temporarily

   A virtual private network (VPN) can trigger a 403 Forbidden error on websites that block access from VPN servers due to security or regional restrictions.

   To test this, temporarily disconnect your VPN and try accessing the web page again. If this resolves the error, consider the following options:

   • Switch to a Different VPN Server: Some websites may block specific VPN servers. Switching to a different server may help you bypass the restriction.
   • Contact Your VPN Provider: Reach out to your VPN provider for assistance. They may offer alternative solutions or recommend servers that are less likely to be blocked.

3. Disable CDN Temporarily

   A content delivery network (CDN) is a network of servers that caches and delivers content from the closest web server to the user, reducing load times and bandwidth usage.

   If your website uses a CDN, it may cache a 403 Forbidden error due to issues like file permissions, IP blocking, and incorrect .htaccess rules. Temporarily bypassing the CDN helps determine whether the source of the error is the original web server or the CDN itself.

   For Hostinger users, if you are on the Business Web Hosting plan or above, the in-house CDN is automatically enabled. Follow these steps to troubleshoot a 403 Forbidden error by disabling Hostinger CDN temporarily:

   1. Navigate to Performance → CDN from the hPanel.
   2. Find the CDN status section and click Disable.
      •  

   If this fixes the issue, keep the CDN disabled for now and contact Hostinger's support team for further troubleshooting assistance.

4. Scan for Malware

   The .htaccess file is a web server configuration file that primarily works by altering the Apache web server settings. Located in your website’s root directory (public_html), it contains a set of rules for how your website should behave in certain situations, including who can access what resources or pages.

   If your WordPress site is infected with malware, it can inject unwanted code into the .htaccess file. Changes to these rules can cause the HTTP status code 403.

   Hostinger users can leverage the built-in scanner to remove malware in WordPress. You don’t need to purchase third-party integrations because the automated tool can scan your websites for malware for free.

   Steps to Scan for Malware Using Hostinger's Built-In Scanner:

   1. Navigate to Security → Malware Scanner in hPanel:

      •  

   2. Review Scan Results:

      • If no malware is found, this section will display your hosting plan’s name and the time since the last scan.
      • If malware is detected, the malware scanner will summarize detected malicious files in the past 30 days and the actions taken to fix them.

   For extra security, use a WordPress malware scanner plugin to identify malicious software on your WordPress website. The top WordPress security plugins, such as Sucuri and Wordfence, offer this feature.

   If the error persists after fixing the infected file, it is recommended to create a new .htaccess file.

5. Restore the .htaccess File

   If your .htaccess file is infected or misconfigured, you can replace it using an FTP client or file manager.

   For Hostinger users, follow these steps to locate and create a new .htaccess file. If you’re using cPanel, the steps should be similar:

   Steps to Restore the .htaccess File Using Hostinger's hPanel:

   1. Navigate to Files → File Manager in hPanel:

      •  

   2. Backup the Current .htaccess File:

      • Open the public_html directory and locate the .htaccess file.
      • Right-click on it and select Download to create a backup on your local computer.
      •  

   3. Delete the Current .htaccess File:

      • Remove the existing .htaccess file from your hosting account.

   4. Create a New .htaccess File:

      • Click New file and name it .htaccess without any extensions.
      •  

   5. Copy and Save the Following Code to the New File:

      plaintext

      Copy code

      # Enable URL Rewriting RewriteEngine On # Rewrite rule to redirect requests to index.php RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule ^(.*)$ index.php?/$1 [L]

   6. Save the New .htaccess File:

   Steps to Restore the .htaccess File for WordPress Websites:

   1. Log in to Your WordPress Dashboard:
   2. Navigate to Settings → Permalinks:
   3. Click the Save Changes Button at the Bottom Without Making Any Modifications:
      • This will generate a new .htaccess file for your WordPress site.
      •  

   After completing these steps, try to re-access the web address. If this method fixes the 403 Forbidden error, it indicates a corrupted .htaccess file.

6. Reset File and Directory Permissions

   Websites have specific file permissions that control how users can read, write, and execute data. If misconfigured, these permissions can cause HTTP 403 Forbidden errors.

   Using Hostinger's hPanel

   With Hostinger, you can fix file permission issues in just one click:

   1. Open hPanel and Search for "Fix File Ownership":

      • Use the search bar to find Fix File Ownership.
      •  

   2. Execute the Tool:

      • Select the confirmation checkbox and click Execute. The tool will automatically assign default permissions to all website files and folders.
      •  

   Using FileZilla

   Alternatively, you can manually reset file and folder permissions using an FTP client like FileZilla. This method requires an understanding of FTP protocol and file permissions.

   1. Connect FileZilla to Your Website:

   2. Change Directory Permissions:

      • Right-click on the public_html directory and select File Attributes.
      •  
      • In the Numeric value field, enter 755. This value allows only the owner to read, write, and execute the file or directory, preventing others from modifying it.
      •  
      • Select Apply to directories only, and click OK.

   3. Change File Permissions:

      • Right-click on the public_html directory again and select File Attributes.
      • In the Numeric value field, enter 644. This value allows the owner to read and write, while others can only read.
      •  
      • Select Apply to files only, and click OK.

   After applying the correct permissions, try accessing your website again to see if the permission error is resolved.

7. Disable WordPress Plugins

   If the previous methods fail, an incompatible or problematic WordPress plugin might be causing the HTTP 403 error.

   Using Hostinger's hPanel

   Hostinger users can disable WordPress plugins directly from hPanel:

   1. Navigate to WordPress → Security:
   2. Scroll Down to the Installed Plugins Section:
   3. Disable the Plugins One by One:
      • Click on the toggle to disable each plugin.
      •  

   Using a File Manager or FTP Client

   Alternatively, you can manually disable the plugins using a file manager or an FTP client:

   1. Navigate to the wp-content Folder in public_html:

      •  

   2. Rename the Plugins Folder:

      • Locate the plugins folder and rename it to disabled-plugins. This makes the folder temporarily unrecognizable by the web server, deactivating all plugins simultaneously.
      •  

   3. Access Your Website:

      • Try accessing your website. If the HTTP 403 Forbidden error is gone, a problematic plugin was likely causing the issue.

   4. Re-enable Plugins:

      • Revert the folder’s name to plugins to re-enable all plugins.
      • Go to Plugins → Installed Plugins from your WordPress dashboard and deactivate all plugins one by one. Whenever you deactivate a plugin, check if it resolves the error. This step will help identify the faulty plugin.
      • Once identified, update or remove the plugin to fix the issue.

   8. 

   Verify the A Record

   The 403 Forbidden error can occur if your domain points to an incorrect IP address, preventing access even with valid credentials. To ensure your domain points to your hosting provider’s IP address, follow these steps.

   Using 369Hosting's hPanel

   1. Locate Your Website’s IP Address:

   • Navigate to Plan Details on 369Hosting's hPanel to find your website’s IP address.
   •  

   2. Check the Domain A Record:

   • From the hPanel dashboard, go to Advanced → DNS Zone Editor.
   • Locate the A records by scanning the Type column.
   • Examine the IP addresses in the Content column.
   •  

   3. Modify the A Record if Necessary:

   • If the A records don’t point to the correct IP address, click Edit to modify them.
   • Enter the correct IP address and click Update.
   •  
   • Note: Editing an existing A record may affect any services or subdomains currently using it. If changing the existing A records doesn’t resolve the error or disrupts other operations, consider creating a new one.

   4. Create a New A Record (If Necessary):

   • If editing the existing A records disrupts other operations or doesn't resolve the error, create a new A record.
   • In the Manage DNS Records section, select A as the Type.
   • Input the valid IP address in the Points to field.
   • Click Add Record to save the new A record.
   •  

   By verifying and correctly setting the A record to your hosting provider’s IP address, you can prevent the 403 Forbidden error caused by incorrect IP configuration.

    9. 

   Update Nameservers

   If you’ve migrated to a new hosting provider and forgot to update your nameservers, your domain might still point to the old host and lead to a 403 Forbidden error.

   To resolve this issue, follow these steps to update your domain’s nameservers.

   Updating Nameservers to 369Hosting

   If you have migrated to 369Hosting and need to update your nameservers:

   1. Go to Domains and Select Manage Next to Your Domain:

      •  

   2. Click on the Change Link in the Nameservers Section:

      •  

   3. Select the Use 369Hosting Nameservers Option:

      • Click on the option to use 369Hosting nameservers.
      •  

   4. Click Save to Apply the Changes:

      • Save your changes to update the nameservers to 369Hosting.
      •  

   By updating your domain’s nameservers correctly, you ensure that it points to the new hosting provider, resolving any 403 Forbidden errors caused by incorrect server configurations.

   10. Upload an index Page.

   If you’re uncertain about these technical steps, it’s best to contact your hosting provider’s support team for assistance.

   Most web servers disable directory browsing for security reasons. Instead of showing folder contents, they display a default web page.

   Additionally, accessing a directory without an index.html or index.php file typically triggers a 403 Forbidden error.

   To resolve this:

   1. Check and Rename Your Homepage File:

      • Ensure your homepage is named index.html or index.php. If not, rename it using your FTP client or file manager.

   2. Upload an Index Page:

      • Access your public_html directory via FTP or file manager.
      • Create a new file named index.html or index.php in the root directory.

   3. Redirect to Your Homepage:

      • Open the .htaccess file in the root directory.
      • Insert this code snippet to redirect index.html or index.php to your actual homepage (replace homepage.html with your homepage's actual file name):
        bash

        Copy code

        Redirect /index.html /homepage.html

   4. Save and Test:

      • Save the .htaccess file.
      • Check your website’s homepage to verify if the error is resolved.

   We strongly advise against enabling directory browsing as a solution, as it can expose your directory’s content and pose security risks. For technical guidance, it's recommended to seek assistance from your hosting provider’s support team.

   11. Edit File Ownership

   Incorrect file ownership can lead to a 403 Forbidden error, especially in Linux-based systems or VPS hosting environments. If you have SSH access to your VPS, you can adjust file ownership using commands like chown. Here’s how:

   Checking File Ownership

   1. Connect to Your VPS via SSH:

      • Use an SSH client like PuTTY to connect to your VPS.

   2. Check Ownership with ls -l Command:

      • Use the following SSH command to check file ownership:
        bash

        Copy code

        ls -l [file name]
      • For example:
        bash

        Copy code

        ls -l filename.txt
      • The output will display details including owner, group, and permissions.

      Example output:

      css

      Copy code

      -rwxrw-rw- 1 [owner] [group] 22 Sep 22 10:00 filename.txt

      Pay attention to the [owner] and [group] sections.

   Adjusting File Ownership

   3. Adjust Ownership with chown Command:

      • Use the chown command to modify file ownership:
        css

        Copy code

        chown [owner][:group] [file name]
      • Replace [owner] and [group] with your hosting account’s username and the appropriate group (if needed).

      For example, to change ownership to user John:

      bash

      Copy code

      chown John filename.txt

   Example Scenario

   If the file filename.txt needs to be owned by user John, you would use:

   bash

   Copy code

   chown John filename.txt

   Ensuring correct file ownership is crucial for resolving 403 Forbidden errors. If you encounter issues or are unsure, consulting your hosting provider’s support for assistance is recommended.