Error 403: What is it and How to Fix it?

Posted by Jack Ryan on January 9th, 2020

Causes of Error 403 Prohibited

Let's see what can be the causes of error 403:

• Lack of correct permits : this is perhaps the most common cause of all. If we have a file or folder configured with certain permissions, but to make them accessible via the web, different permissions are needed, then when trying to read the file or view the folder in question our site will launch an error 403.

• Use of incorrect URL : it is not a case as common as the previous one but there is no doubt that it can also occur. Basically, calling an incorrect URL or one that is not considered valid can cause the server to throw an error 403 in response. It can also occur in the case of URLs that are of the private type, that is, they would not be sections of a site that are not intended to be used by anyone.

• .htaccess badly configured : yes, a file of type .htaccess that contains rules that are not correct or appropriate to the situation can also result in the occurrence of a 403 error.

• Cache and cookies of the browser : another case that is not very common but that can also occur is to obtain an error 403 because of our browser. This usually comes from the hand of the browser cache, cookies or even both at the same time. If you have invalid cookies or if the browser is caching data that is old or is no longer used, then the appearance of error 403 would be nothing out of the ordinary.

• Lock by ModSecurity : ModSecurity is an excellent security software, although you have to know how to use it very well to avoid having too many false positives. There are ModSecurity security rules that can cause a 403 error when a particular activity is detected at a server site.

• The index file of your site is missing : let's assume that you have checked the previous points and you are sure that the error 403 of your website is not caused by any of them. What would remain to be checked? It may sound silly, but it never hurts to verify that your site has all its content, especially the Index file, be it an index.php, index.html, etc., since the lack of such a file also It may result in error 403. It should be mentioned that this particular case occurs if the server directory listing function is not active.

Solutions to Error 403 Forbidden

Unfortunately there is no universal solution for error 403, since being an error code that has so many different causes it is impossible to solve them all by means of a single method, so we will see how to fix error 403 from the Causes seen above.

Assign correct permissions

If we believe that the error 403 of our website may be having its origin in the permissions of our files or folders, then it is a good idea to adjust them. But what permissions must be configured?

That will depend on the server settings where you host your site, so if you are not entirely sure it is advisable to consult your hosting provider. In general, permissions 644 for files and permissions 755 for directories should be sufficient, although we reiterate what was said previously: it depends on the server.

Having said that, before making any changes to folder or file permissions on your website, check with your provider what are the correct permissions to use, since if you configure them incorrectly you can cause errors on the site. In the example below the correct permissions are those already mentioned: 755 for folders and 644 for files.

To adjust the permissions we need to use an FTP client such as Filezilla . This program needs some data to be able to establish the FTP connection with your website through the FTP server , so if you do not have such data remember to ask your hosting provider.
With the data at hand, open Filezilla and fill in the fields "Server", "Username", "Password" and "Port" and click on Quick Connection. Now look for the folder that saves the files of your site (for example in cPanel is usually public_html), right click on it and choose the option «File permissions».

Next you will see a window entitled "Change file attributes". Place the number 755 in the box that says "Numeric value", check the box that says "Include all subdirectories" and also the one that says "Apply only to directories." Click OK to proceed with the change.

Next you will see a window entitled "Change file attributes". Place the number 755 in the box that says "Numeric value", check the box that says "Include all subdirectories" and also the one that says "Apply only to directories." Click OK to proceed with the change.

We have adjusted the permissions of the folders of the site so now we have to do the same procedure, only some things change. Place 644 in "Numeric value" and click on "Include all subdirectories" and "Apply only to files". To finish click on OK. This way you will have adjusted the permissions of all the files on your site.

Check not to use an incorrect URL

This specific case is actually solved by simply calling the correct URL, although of course, we may actually have always been calling the correct URL but it also gives us error 403.

If so, we must talk to the site manager to verify if we have the necessary permissions to access the URL in question, as there are many private areas that show error 403 on purpose to protect access to certain resources.

Check your .htaccess settings

An easy way to see if a 403 error is caused by an .htaccess file is to temporarily rename it and reload the page that failed. We can rename the file in different ways, for example via FTP or also through the cPanel file manager (File Manager in English).

Inside the manager, we must click on Configuration (top right), check the option "Show hidden files (dotfiles)" and save the change. This will allow us to see hidden files that start with a period (.) As in the case of .htaccess

Now that we can see the file, we just right click on it and choose the "Rename" option, which will allow us to put a different name.

After changing the name to a different one, try again the URL that used to give you error 403. If you continue giving error then try another of the solutions mentioned in the article, but if the error disappeared it means that one of the rules of the. htaccess is causing the problem, so it will be necessary for the site programmer or webmaster to check it out.

Of course keep in mind that renaming a .htaccess can break the functionality of a site while maintaining another name, so if you do it try to return it to normal as soon as possible, or preferably perform this test at a time with little web traffic .

Clear cache and browser cookies

When our browser is guilty of error 403 because it is storing invalid cookies or old cached data, the solution becomes very simple, because all we are going to have to do is delete such data. Yes, basically we have to clear the web browser cache and cookies from our browser, close it and open it again and retest the URL that gave the error.

In the article linked in the previous paragraph you can see our step-by-step guide to clean the navigation data, although explained in a simple way you only have to access the configuration of your browser or tools menu and use the option to delete the cache and cookies (generally available under a privacy section or similar).

Verify ModSecurity rules

Resolving a crash caused by ModSecurity is not always easy, especially if we don't know it very well, because sometimes finding the rule that caused error 403 becomes more difficult than it seems.

If you can alter the ModSecurity rules for your website from your control panel then you can solve it on your own, but if not, you will have to raise the case with your hosting provider or who is in charge of the administration of Linux servers that you have hired.

Depending on how ModSecurity is managed on your server, sometimes you can access it and sometimes not. If you can access using a tool like ModSec Control you can turn it off only for your site in a few steps.

You just have to enter the ModSec Control tool in WHM, select the site with the problem and set its configuration to Off.

Upload an index file to your site

This is undoubtedly the easiest case of all, because to solve it it will only be necessary to upload the missing index file on our website. After that we will have to try again the URL that was giving us error 403 and the problem should have disappeared.

To upload your index access the FTP of your site as we explained before, enter the public_html folder and on the left side of Filezilla explore your local files to find the index you want to upload. To upload it just right click and choose the option «Upload».

How to fix Error 403 in WordPress?

 Although we have already talked about several solutions for error 403, there is a particular CMS that is well known and in which we can also run into a 403, and of course we refer to WordPress .

Being the most used CMS in the world it is obvious that WordPress is no stranger to bugs and problems, and in the sites based on it it is possible to find cases of 403 errors for which the solutions discussed previously may not work. Of course you will have to try the solutions indicated previously before moving on to this specific point for WordPress.

On this platform it is not strange to run into a 403 error if we are using a security plugin. There are some tools of this type that have a utility to block IPs, which could obviously result in error 403. You can temporarily deactivate your security plugin or check your records to see if the error occurs due to a blocked IP.

To deactivate a WordPress plugin you just have to enter the WordPress desktop / dashboard, click on the "Plugins" option on the left menu and finally click on the "Disable" option of the plugin you wish to deactivate.

In case a security plugin is not responsible, and no other solution has served you, it is best to deactivate all the plugins of the site and then try to reproduce error 403 as we activate the plugins one by one. In other words, it is simply a trial and error method, but it still does not help to fix error 403 in WordPress.

conclusion

Error 403 is quite common in the world of hosting, however there are also different ways to solve depending on its origin, which can be for example a conflict in file or folder permissions, a .htaccess rule, our browser's cookies, the lack of an index file or even a plugin in the case of WordPress.

Knowing the point of origin of the problem we can quickly determine and apply a solution, either by correcting permissions, reviewing ModSecurity rules, fixing a .htaccess, uploading the correct content to our site, deleting browser data or deactivating a conflicting component of the Web.

 For more information, visit: https://www.wpoven.com/