Home Web Hosting Understanding and Resolving 403 Forbidden Errors on Your Website

Understanding and Resolving 403 Forbidden Errors on Your Website

Last updated on Jul 25, 2025

Understanding and Resolving 403 Forbidden Errors on Your Website

Description:
A comprehensive guide to help Brixly shared hosting customers diagnose and fix 403 access restriction errors independently. This article covers common causes such as file permissions, .htaccess configuration, and security settings, with step-by-step solutions you can implement via cPanel, File Manager, or FTP.


What is a 403 Forbidden Error?

A 403 Forbidden error indicates that your web server understands the request, but it refuses to authorize it. Typically, this means that access permissions are incorrectly set on your files or directories, or your .htaccess rules are blocking access.


Common Causes of 403 Errors

  • Incorrect file or directory permissions
  • Misconfigured .htaccess rules
  • Missing index file in a directory
  • IP or geographic restrictions
  • Hotlink protection settings
  • Blocked by security plugins or firewalls

Step-by-Step Troubleshooting

1. Check File and Directory Permissions

Correct permissions are essential for your site to function properly.

  • Files: should be set to 644
  • Directories: should be set to 755
  • Sensitive PHP config files: (like wp-config.php) should be 600

How to Fix Permissions in cPanel File Manager

  1. Log in to your cPanel.
  2. Open the File Manager.
  3. Navigate to your website’s root directory (usually public_html).
  4. Right-click the file or folder and select Change Permissions.
  5. For files, tick boxes to match 644 (Owner: Read/Write, Group: Read, Public: Read).
  6. For folders, tick boxes to match 755 (Owner: Read/Write/Execute, Group/Public: Read/Execute).

Example Permission Settings:

Files:      644   (-rw-r--r--)
Directories:755   (drwxr-xr-x)
Sensitive PHP:600 (-rw-------)

2. Review Your .htaccess File

A corrupted or misconfigured .htaccess file is a common culprit.

Steps to Troubleshoot .htaccess:

  1. In File Manager, locate your site’s .htaccess in public_html.
  2. Download a backup of this file to your computer.
  3. Rename it to .htaccess_backup or delete it temporarily.
  4. Try reloading your website.
    • If it works, the problem is in your .htaccess.
    • Restore the file and review its rules.

Basic WordPress .htaccess Example:

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress

Tip: If you’re unsure, you can regenerate a standard .htaccess via your CMS or by copying the default example.


3. Ensure You Have an Index File

If a directory doesn’t contain an index file (like index.html or index.php), the server may return a 403 error.

  • Check public_html and subdirectories for an index file.
  • If missing, upload or create one.

To enable directory listings (not recommended for security):
Add this line to your .htaccess:

Options +Indexes

By default, directory listings are disabled for security reasons.


4. Review Security and Hotlink Protection

If you’ve recently enabled security features or hotlink protection in cPanel:

  • Go to cPanel > Hotlink Protection and review your settings.
  • Ensure your site and assets are allowed.

5. Check for IP or Geographic Restrictions

Some security plugins or custom .htaccess rules may block visitors by IP or region.

  • Review any lines in .htaccess such as:
    deny from 123.45.67.89
    allow from all
    
  • Remove or adjust as necessary.

Additional Tips

  • Clear your browser cache and try accessing your site again.
  • Use Incognito/Private mode or a different browser to test.
  • Check your CMS/plugin security settings if you use WordPress, Joomla, etc.

Example: Common .htaccess Misconfigurations

Deny All Access Example (causes 403 for everyone):

deny from all

Remove or update this line to restore access.


When to Contact Support

If you’ve followed the above steps and still see a 403 error, please raise a support ticket with us including:

  • The affected domain and URLs
  • Steps you’ve already tried
  • Any recent changes made (plugins, permissions, etc.)

Our team will be happy to investigate further.


Need More Help?
If you’re unsure about making changes or need further assistance, don’t hesitate to open a support ticket via your Brixly client area.


Last updated: June 12, 2025