is*hosting Blog & News - Next Generation Hosting Provider

What is 403 forbidden — and how to fix it

Written by is*hosting team | Apr 15, 2023 10:00:00 PM

A 403 (forbidden) error has popped up - a problem which ordinary visitors to a site and site owners alike have faced (and continue to face). The 403 page error has its own causes and there are different ways to address each case. Let's take a deeper look.

What does the 403 Forbidden Error mean?

What is 403 code? A 403 Forbidden appears when a user doesn't have access to a site or part of a site. All of the HTTP response codes have three-digit numbers to identify the problem.

Most often, when you are trying to open the desired page on the site the code 403 appears, but variations are also possible. In general, the user can see any combination of error code and description. Sometimes just “Forbidden” appears on the screen.

A 403 page error can scare site owners, so in this case it is especially important to know its causes.

HTTP 403 Error Causes

Error 403 Forbidden may be the result of one or more of these situations.

  • Incorrectly configured permissions.

The administrator may have made a mistake in permissions, or the settings have been set on purpose so that you cannot view a resource.

  • Incorrect IP address.

This situation might occur when the domain in DNS points to an invalid or outdated IP, when the IP address got into the blacklist because of spam or inappropriate content.

  • Empty site directory.

Users and website-owners will see 403 Forbidden if the main page is not named index.php or index.html.

  • Faulty plugin.

Incorrectly configured WordPress plugin or its incompatibility with another plugin may also be the cause of a 403 page error.

  • Incorrect htaccess file settings.

The htaccess file allows you to control website settings using directives. Correspondingly, incorrect settings or a corrupted server configuration file will cause an error.

  • Outdated page in the cache.

The webmaster may have updated the requested page, but because the user is storing an old version of the page in the cache, the user will see Error 403 Forbidden. In these cases, clearing the cache is enough to resolve the issue.

  • Malware infection.

A classic situation of malicious programs causing many problems on the site. Viruses can corrupt many critical files and simply don't let you access the resource.

How to get rid of 403 page errors?

If you know or at least can guess the problem that caused you to receive an HTTP 403 Forbidden error, then you will be able to reduce the time it takes to fix it. Otherwise, you can follow a few of the following recommendations.

For site visitors

Reload the page. Even though this tip seems trivial, the 403 (forbidden) error may be temporary, so try waiting a little while and reloading the page several times.

Check the address of the site. If you are trying to access a directory, rather than a web page, you will see a 403 page Error. Double-check the URL.

Clear cache. Sometimes a Forbidden message may occur if the page has been updated, but the user has an older version of it in cache. Go to your browser settings and clear the cache and cookies for the desired site. We explained in this article how to clear cookies in the browser.

Try again later. Yes, it is possible that the problem is temporary and the administrator is already dealing with the problem. Access to the desired site may be restored after some time.

Use a VPN. If your IP address has been added to the blacklist, a high-quality VPN service will come to your rescue. Instead of public VPNs, which don't guarantee personal data protection, we recommend choosing a VPN with a dedicated IP.

For a site owner

Deactivate WordPress plugins. For owners of sites based on CMS WordPress, it is recommended to check the correctness of all plugins. Go to WP Admin, then to Plugins - Installed Plugins. Use the "Deactivate" function for all the plugins. If the 403 page error disappears after that, switch plugins one by one and update the site until you find the one that is working improperly.

Check the index page. The site's default home page must be index.html or index.php. Load the index page into httpdocs or public_html or change its name or set up a redirect to the original one in the .htaccess file (it is stored in the public_html). To set the redirect, use this record redirect /index.html /websitehomepage.html

Edit the .htaccess file. The .htaccess file is stored in the public_html directory and can be hidden, so set the "Show Hidden Files" option. Save the file to your PC and then delete it from the directory. If the error 403 Forbidden disappears after deletion, it means that this important file was corrupted. Go to Settings - Permalinks and click on "Save Changes" to create a new .htaccess file.

Edit file permissions. You can configure permissions for each website resource. If HTTP 403 appears, check that the permissions are correct.

Check A record. A 403 page error can appear when the A record still points to the old IP. Make changes to the DNS record if necessary.

Scan for malware. Install the security plugin and use it to scan the website for viruses. Malicious software can make changes to critical files.

Clear your browsing history and cache. You might have left an older version of the page in the cache. Clear the history, and then make another request.

Find and fix other 4xx errors

There can be both client-side and server-side errors. Errors of the 4xx type are easy to detect because they appear on the browser screen.

Error 400 Bad Request occurs when the user sends an incorrect or corrupt request. In other words, it is necessary to configure the server so that it can process such requests. Other causes of Error 400 could be a mistyped URL, outdated cookies, a too-large file uploaded to the server, a virus or an antivirus blockage.

Recommendations for fixing 400 Bad Request:

  • Clear browser history and cache
  • Clear DNS cache
  • Change antivirus and firewall settings
  • Check your device for viruses
  • Update network device drivers
  • Reduce the file size if you upload it to a server

401 Unauthorized, or failed authentication error, can be caused by incorrect authentication data, a lack of user access to the requested resource or an error of the server, which failed to process user login data.

If you are an ordinary user, then check the correctness of the entered data, clear the cache and try to log in again. If the error still appears on the screen, contact the site owner.

The site owner can recheck the authentication and authorization settings. The problem could also be in the code.

404 Not Found reports that the requested page is not available. Reasons may vary: old URL, lack of pages in the public domain, etc. In other words, the server is available, but it isn't possible to open the page. Other causes of error 404 may include broken links, deleted pages, incorrect redirect settings or problems on the server.

You can fix a 404 error page by changing or deleting its URL. If there are few broken links, you can do it manually. A more original solution would be to make the 404 page useful - just put a link to the home page, clickable menu and other content on it.

In general, any error is presented together with a description, through which you can quickly solve the problem. To find pages with errors you, as a site owner, can use Search Console Google and other stat systems.