What is 403 access error and how to fix it

Why does error 403 occur?

If you observe this code, it can mean the following:

1. Failure when trying to access the system files of the web server. For example, if the client accesses data from the .htaccess or .htpasswd configuration file.
2. Incorrect format of the index file on the server. The main page file must be named index.shtml, index.html, index.htm, index.phtml or index.php, and always in lower case. If any of these files has an incorrect name, the server will generate an error.
3. Access to the folder or directory in which the file is located is incorrectly configured. All directories and folders to which visitors should have access must not contain any restrictions.
4. Site files are uploaded to the wrong address. In the hosting menu in the "Domains/My Domains" subsection, make sure that all files are in the correct folder – that is, in the root folder.

Also, the 403 error can be provoked by a crooked plugin or extension. If this is the reason, you will have to disable all plugins one by one and see which one is to blame.

Options to fix 403 Forbidden

If the website administrator has purposefully restricted access to the requested file, then the HTTP 403 Forbidden code occurs correctly, and nothing needs to be corrected in this case. Access may be allowed for a specific pool of IP addresses – this is done to protect the site control panel from hacking. If this is the case, you can bypass the restrictions using a corporate VPN or a device connected to the internal local network. You will be able to access the requested files if you retry to access the server from an authorized device.

If the error occurs for other reasons, we recommend doing the following.

Check access rights to folders and files

The 403 Forbidden error may occur if a person from the group for which some restrictions are provided tries to access certain files. There are three levels of access:

1. To read – only view content.
2. To edit –  allows you to make changes, create new files or delete old ones.
3. To execute – run scripts or execute commands.

As for user groups, there are also three of them:

1. Owner – can perform absolutely any actions with files and folders.
2. A group of trustees with special rights that can be established by the owner.
3. World – all other users. This includes ordinary visitors to the site.

The access level is regulated by a three-digit number, where each digit defines the rights of a particular category of users. In most cases, standard rights are used:

• for folders – 755 or 750;
• for files – 644 or 640.

If you use these values in 99% of cases, no problems will arise, this is the standard.

The only exception to this rule is the wp-config.php file for sites running CMS WordPress. In this case, set access rights 440 or 400.



Check the index file

It is located in the root directory of the site and is loaded every time someone tries to load the site page in their browser. If the folder containing the page files does not have an index file with the correct name specified in the settings, the web server will generate a 403 Forbidden error.

You should check the following:

• whether the name of the index file is correctly specified in the configuration file;
• file storage location – it should be located in the public_html folder of your site.

The error can occur if someone made a mistake while editing or setting up the site. Also, problems with the index file can occur as a result of moving the site from one hosting to another.

Check the .htaccess file

This configuration file contains commands for the Apache web server that will be executed each time incoming requests are processed. Redirection parameters are configured here, and the level of access to certain pages is regulated here.

If the commands in the file are specified with an error, or if the file contains conflicting commands, it may cause a 403 error.

The easiest and fastest way to find out if the .htaccess file is the cause of your troubles is to rename it. As a result, the commands will not work. And if the error has disappeared, it means that it is this file. Then you should carefully study the contents of the file and find out what exactly the problem is.

Check the owner of folders

If the folder belongs to a user who does not have a web server in the trusted group, this can cause a 403 Forbidden error, because in this case the web server is subject to access rights of other users. And this is not enough in most cases.

The solution is simple - assign the owner of files and folders to the web server itself. To do this, simply connect to the server via SSH and use the command through the console:

chown user:group /path/to/file

The user and group here is the user name under which the web server initiates processes.

Disable plugins and extensions

It often helps sites that use CMS, and this is the majority. It happens that the installed modules and extensions contain crooked code, which provokes errors.

Just disable all plugins on the site and see if the problem persists. If not, the problem is in one of these CMS modules. Connect them one by one and see when the problem reappears. This will help to identify the problematic extension, which will have to be completely disabled or replaced by some other.

Conclusion.

If none of the described methods helped to solve the problem, try clearing the cache and cookies. It's trite, but sometimes it works. To get a personal consultation on any issues, write to us in Livechat. HostZealot specialists will help you solve any issue.