Encountering a 403 Forbidden page in WordPress can be frustrating. No errors are sent to the error logs, so finding the source of the issue can be difficult. In this article we explain why 403 Forbidden errors occur, and how to resolve them.
About 403 Forbidden Errors
If you access a page or file which is blocked by server configuration, you may encounter a 403 Forbidden Error. The error most often looks like the following:
403 Forbidden errors most often occur when visiting a file or page which is intentionally restricted, or when your website’s file permissions are incorrect. Files which are intentionally restricted include configuration files like .htaccess and wp-config.php. 403 is an HTTP Status Code which could occur on any website, and is not specific to WordPress.
How to Fix 403 Forbidden Errors
If you encounter a 403 Forbidden response on your website and you determine this page or file should not be restricted, a good first response is to reset your website’s file permissions. If the error you encounter is due to misconfigured file permissions this will most likely resolve your issue. If not, you may need to investigate your configuration files with SFTP to determine where the issue lies.
Reset File Permissions
To reset file permissions, login to your WP Engine User Portal and navigate to the environment for your website. From the Overview page for the environment, click Utilities from the left-hand navigation. On the Utilities page, select the Reset button in the “Reset File Permissions” pane.
Wait a few minutes, then check your website again. If the issue was caused by incorrect file permissions, you should now be able to access the page. If this did not resolve your issue (and the file is not intentionally restricted, like .htaccess and wp-config.php), you may need to check what restrictions exist in the configuration files on your website via SFTP.
Check Configuration Files via SFTP
403 Forbidden errors could also be caused by configuration files explicitly blocking access. To get started, make sure you have downloaded an SFTP client and configured a user for SFTP access using our SFTP guide.
Connect to your website using your SFTP client and locate the listing of your website files. In the root directory of your website you will see a .htaccess file. Many times file and folder restrictions are enforced with this file. Right-click the .htaccess file in your file list, and select to “View/Edit.”
This will allow you to view the contents of the .htaccess file in a text editor. In the .htaccess file, look to see if there is anything that might be causing your error. In the example below, the .htaccess file is blocking access to all files with the .php extension. That’s not good, since this .htaccess file is in the root directory of my website–that means none of the .php files are able to be accessed.
After removing the suspect lines, you may save the file. Your SFTP client may then prompt you to confirm whether you would like to save the changes to the .htaccess file on your website. Make sure you confirm “yes” if prompted.
The .htaccess file in the root directory of your website can sometimes be problematic if restrictions are placed in that file. However, .htaccess files may also exist in other parts of your website. Trace the filepath to the file where you received the error to see whether there are any other .htaccess files which might be restricting access if the steps above do not resolve your issue.
Last, if you are still encountering 403 Forbidden responses on your website and are unable to find the cause, please feel free to contact WP Engine Support for more help. WP Engine Support is available via 24/7 Live Chat via your User Portal. Be sure to provide the URL where you are experiencing the error, the error message, and any events or changes that led to the error.