Wordpress 403
When it comes to error messages, one needs to properly understand to troubleshooting them. Recently when logging-in to my WordPress admin area, I got “403 Forbidden” error which states that “Access to this resource on the server is denied!” Getting this annoying error means you won’t be able to login to WordPress, no matter how many times you try. The good part is that troubleshooting this problem is easy. Let’s take a look at some possible solutions when you face 403 forbidden error, and you can’t login to wp-admin or wp-login page.
Check for file and folder permissions
The 403 Forbidden error is an HTTP status code that is sent back by the server when the client (user) who initiated the request does not have permission to access a specific page or resource. What Causes the 403 Forbidden Error in WordPress Several scenarios can trigger the 403 forbidden error at a WordPress site. More often than not, a 403 error in WordPress is caused by security plugins that have been added to a website and not configured properly. When not configured properly, these security plugins can block IP addresses because they incorrectly think that they are malicious. The 403 Forbidden error in WordPress, is an HTTP status code which appears when we don’t have permissions to access a specific page or a resource on our website, most probably because of some improper configuration of our web server. The cause of the 403 WordPress forbidden error is the wrong setup of authentication plugins. Many security plugins for WordPress will block an IP address (or a whole list of IP addresses) if you suspect you are malicious. A corrupt.htaccess file or wrong file permissions on your server, which could be another potential explanation. XML-RPC is not responding correctly (403) It looks like XML-RPC is not responding correctly. Please make sure XML-RPC is turned on for your site and is set up to respond to all content types. You can test this yourself by running the following command from the command line.
The first step to solve this error is to check for proper permissions to WordPress files and folders. Normally, your folders (or call it directories) should have 755 permission and files should have 644 permission. Don’t forget to check your wp-config.php and wp-login.php for 644 file permission, and wp-admin folder for 755 permission.
Check your .htaccess file
Wordpress 403 Error
Web hosts sometimes edit your .htaccess file to add some code to prevent brute force attacks. This is usually a good practice to prevent intrusion, and protect your site from such attacks. However, the side effect of this is that it even restricts the legitimate user (you) from logging-in to WordPress. That’s why, check your .htaccess file which should look like below:
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index.php$ – [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress
If yours is different, then edit your .htaccess to look like above and remove the extra code from the file. Once you do this, clear your browser cache or use a different browser and then try to login to WordPress admin. Many users have reported that this method has solved their problem.
Wordpress 403 Forbidden
For advanced users: If you find that your web host has indeed edited .htaccess to protect it from damage or from using more resources on the server, then you can simply white list your IP and allow access to the wp-admin area.
Disable Security Plugin
Wordpress 403 Images
If you are using any security plugin and facing this problem, then disable it right now. Reason? Because security plugins have some features like deny brute force, IP whitelist, etc and sometimes they lock down the login area if anything suspicious occurs. To disable such security plugin, login to your cPanel, go to File Manager and rename the plugin’s folder, or use a FTP client to do the same. Now go ahead and try to login to your WordPress again.
Wordpress Nginx 403
So go ahead and fix your access denied to wp-admin / wp-login page by using these methods.