Step-by-Step Guide to Fix a 403 Forbidden Error in WordPress

1. Check File and Folder Permissions

Use FTP or your hosting control panel’s File Manager.

Ensure that:

Folders have permission set to 755.

Files have permission set to 644.

Incorrect permissions can block access and trigger a 403 error.

2. Deactivate All Plugins

If you can access your WordPress dashboard:

Go to Plugins > Installed Plugins, then deactivate all.

If you can’t access the dashboard, use FTP:

Navigate to /wp-content/ and rename the plugins folder to something like plugins_backup.

If the site loads after this, a plugin is the issue—reactivate them one by one to find the culprit.

3. Check the .htaccess File

Connect via FTP and locate the .htaccess file in the root directory.

Download a backup, then delete the .htaccess file.

Log in to your WordPress admin panel, go to Settings > Permalinks, and click Save Changes. This generates a new, clean .htaccess file.

4. Check IP Deny Rules

Some security plugins or server settings may block IPs.

In cPanel or your hosting dashboard, look for IP Blocker or ModSecurity settings.

Remove any incorrect IP deny entries.

5. Deactivate Security Plugins

Plugins like Wordfence or Sucuri may mistakenly block access.

Temporarily deactivate them to see if that resolves the issue.

6. Contact Your Hosting Provider

If the error persists, your host may have server-level restrictions (e.g., firewall rules).

Ask them to check server logs or security settings that might be causing the error.

Preventing Future 403 Errors

Regularly update plugins, themes, and WordPress core.

Avoid using nulled or poorly coded themes/plugins.

Backup your site frequently.

Use a reputable security plugin with proper configuration.