In this article you will learn:
Error 403 Forbidden
You can tell a 403 error by the large Forbidden heading at the top of the page. Below the heading you will find a more detailed description of the error. In the page tab, the text 403 Forbidden.
Solution Error 403
The 403 error can have various causes. You can isolate the specific cause by the message under the Forbidden heading, but if you are not sure, go through the entire procedure.
The steps of this procedure are:
- Correcting file rights
- Checking files on FTP
- HTTPS activation
- Checking editorial system settings
- Support intervention
When verifying the solution, reload the page using the keyboard shortcut Ctrl + Shift + R, which will clear the browser cache. If the shortcut does not work, clear the browser cache.
Correcting file rights
By correcting file permissions, you ensure that the browser can access all files and folders on the site. Restricting these rights is one of the most common causes of Error 403.
Repairing file rights can take up to several tens of minutes, depending on the number of Webhosting files.
Follow these steps:
- Log in to the customer administration ⧉.
- In the top menu, select Hosting Services Webhosting or WMS.
- Select the service for which you want to correct file permissions.
- Select Tools from the left menu.
In the Fix file permissions table, click Fix file permissions.
If correcting the file permissions did not help, continue by checking the files on the FTP site.
Checking files on FTP
We strongly recommend that you back up your files according to the Webhosting - Backup instructions before you do anything to the FTP site.
Unless the file access problem was caused by permissions, the files necessary to operate the site are probably corrupted or deleted.
To proceed further, log in to FTP, for example, via the WebFTP interface(manual) using the main FTP account. If you do not know the login details, follow the instructions Webhosting - FTP Accounts.
First check that only the session, tmp and www folders are in the root directory.
If one of the folders is missing, create it (see the Web Hosting - Basic FTP Directory Structure article for detailed instructions). If you see completely different folders, first make sure you are really in the root folder of the account, where only the main FTP account has access.
In the next step, verify that the www folder contains:
- The .htaccess file (including the period at the beginning).
- Site files including index.html (alternatively index.php), domains folder (possibly subdomain), or both.
If the .htaccess file is missing, restore it in the Web Hosting Tools (same approach as Repair File Rights, but in the Restore Default .htaccess box).
If you have www files of a content management system (e.g. WordPress), upload the .htaccess file from a working installation or backup. The default .htaccess will probably not work.
If the index.html or index.php file is missing, restore it from a backup or from a working installation of the content management system. If your site is in a subfolder of the domains directory (or subdomain for subdomains), you do not need the index file in the www folder.
If the site files and the domains folder (or subdomain) are missing, the site has been completely deleted. If you don't have your own backup, you can try requesting ours according to the Webhosting - Backup instructions.
Finally, verify the contents of the domains folder or subdomain.
- The domains folder should properly contain other folders with the full names of the domains or subdomains on which the sites operate. Only inside these folders should there be web pages, i.e. again index.html or index.php files.
- The subdomain folder works similarly to domains, but contains folders with subdomain names without the domain extension. Inside these folders are index.html or index.php files.
If all files are OK and Error 403 persists, check the contents of all .htaccess files for content blocking code according to this pattern:
order deny,allow deny from all // deny access to all allow from X.Y.Z.Ž // allow access to listed IP addresses
This code will display Error 403 to anyone who tries to view the contents of the folder it is in from an IP address other than the one in the allow list.
HTTPS activation
In some cases, Error 403 can be caused by a problem with the HTTPS settings. Follow the instructions in Webhosting - Manual HTTPS Setup to make sure you have added the domain to a certificate that has been active for at least 30 minutes.
Checking editorial system settings
Content management systems (typically the WooCommerce plugin for WordPress) can restrict access to certain file types. If you observe a 403 error for files of a certain type or in a certain folder that otherwise appears fine, check your CMS or plugin settings.
Support intervention
If nothing in the above procedure has corrected the Error 403, you can ask Customer Support to review the problem.
Support will not intervene on your behalf, it can only point out the possible source of the problem. Detailed information about the scope of support work can be found on the Customer Support page ⧉.
Follow these steps:
- Activate temporary FTP access for support according to these instructions.
- Contact support via the form ⧉. Please include the name of the site, a thorough description of the problem (e.g. if the error only occurs in specific cases) and information about activating temporary FTP access.
- Wait. If the intervention lasts longer than the temporary FTP access period, keep it open.
Frequently Asked Questions
What if nothing in the manual helped me?
Request a support intervention ⧉ and wait for a response. These interventions are beyond the scope of normal support, so the request may take much longer than the normal response time.
Is there any way to make sure that the correct permissions are set for newly uploaded files?
Not from our side. Please consult the manual of your FTP client or other mechanism you use to upload files. Alternatively, you can fix permissions with a custom PHP script run periodically using CRON.
I set up WordPress security according to this guide ⧉ and now I can't get into the administration because of Error 403. What to do?
Check that you are accessing the patch from an IP address allowed under Chapter 2 of the ⧉ article. If you cannot rely on a connection under that IP address, you should not use this security method.
Does Error 403 occur elsewhere than at WEDOS?
Yes, this is a common error caused by unavailability of key files on the server. The server (webhosting) is working fine, the fix is to set the correct file permissions and verify access to the site key files.