The 403 Forbidden error is an HTTP status code, meaning that access to the requested resource is forbidden. The error indicates that the server has understood the request but refuses to authorize it. This error is common since it can be caused by a variety of reasons. We are going to overview the most frequent ones.
The main website file is not uploaded
Every website has a default file, such as:
index.html
index.php
index.htm
In case none of these files is uploaded, the 403 Forbidden error will be displayed. The solution is to create a required file in the website folder. However, the main website file may have a different name. To fix this issue, one more second line should be created in the “.htaccess” file:
directoryindex other.php
Where the “other.php” is the name of the main website file. If the main website file does not exist, visitors should see a list of uploaded files and add this line in the “.htaccess” file: Options +Indexes .
Access to the website is forbidden by the “.htaccess” file
If the “.htaccess” file access lines include words “deny/allow”, it means that access to the website is either completely forbidden (“deny”)or allowed only to specific IP address/addresses (“allow”):
order allow, deny
allow from xx.xx.xx.xx
deny from all
In this case, to allow access to the website, the lines that block access must be removed from the “.htaccess” file.
The corrupted directory or file permissions
For a website to run properly it is necessary to have correct permissions of the directories and files. Copying data, moving site files, or performing other operations on files or directories may corrupt their structure. Default permissions for directories/files are:
public_html – 750
Folders – 755
CGI and Perl scripts – 755
.html .php and other Document Types – 644
Access blocked by “mod_security” filter: this filter detects and blocks attempts to exploit programming errors in popular PHP programs (WordPress, Joomla, phpBB, etc.). There may be situations, albeit infrequent, when a filter rejects requests due to the site’s specific performance. If you find blocked requests with your IP address, you can disable the rules that cause the error:
https://www.hostens.com/knowledgebase/how-to-disable-modsecurity-for-the-domain/
Faulty WordPress plugins
If the website is based on WordPress CMS and previous solutions did not help solve the issue, it is very likely that the error has occurred because of a plugin. Many WordPress security plugins may block an IP address (or a whole range of IP addresses) if they believe them to be malicious. To solve this issue, you need to deactivate the plugins one by one temporarily so that you can detect the one that causes the problem.
