Website error - 403 Forbidden
- Linux Hosting
- Windows Hosting
- WordPress Hosting
- Websites hosted on Apache-based servers (cPanel, Plesk, DirectAdmin, shared hosting, VPS, etc.)
- Commonly triggered on domains or subdomains using .htaccess files
- Can occur after website migrations, CMS updates (e.g., WordPress), permission changes, or incorrect security rules
Issue
A user attempting to access a webpage receives the following error:
Forbidden
You don't have permission to access this resource.
Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request.
Cause
A 403 Forbidden error indicates that the server understood the request but is blocking access due to permissions or configuration.
Common causes include:
1. Incorrect file or directory permissions
- Directories not set to 755
- Files not set to 644
2. Misconfigured .htaccess file
- Incorrect rewrite rules
- Deny/Allow directives blocking access
- Syntax errors causing Apache to reject access
Solution
1. Check file and directory permissions
Set recommended permissions:
- Directories → 755
- Files → 644
- wp-config.php / configuration files → 440 or 400 (if WordPress or similar)
See cPanel guide here: How to Assign Permissions to Files and Folders in cPanel
See Plesk guide here: How to manage file/directory permissions via Plesk File Manager
2. Fix .htaccess errors
Rename .htaccess temporarily:
.htaccess → .htaccess_backup
If the site loads after renaming, the .htaccess file is the cause.
For WordPress, recreate the .htaccess using:
- WordPress Admin → Settings → Permalinks → Save Changes
3. Check for IP or access blocks
Look for these directives in .htaccess:
Deny from all
Require all denied
allow/deny incorrect rules
Remove or correct them.