HostingProblemsSpanish version

Support article

Error 403 Forbidden: causes and fix

Find out what the 403 Forbidden error means, why it appears on your website and how to fix it by reviewing permissions, firewall rules and access settings.

Published: 26/06/2026Updated: 26/06/2026

What this error means

The 403 Forbidden error means the server received the request but does not allow access to the requested content.

Unlike a 404 error, where the page does not exist, in a 403 the resource may exist but access is blocked by permissions, security rules or configuration.

A typical message may say:

Forbidden
You don't have permission to access this resource.

Why it happens

The most common causes are:

  1. Incorrect file or directory permissions.
  2. Security rules from an application firewall or ModSecurity.
  3. An .htaccess file with access restrictions.
  4. A missing index file inside a protected folder.
  5. An IP or country block.
  6. Repeated access attempts that trigger security measures.
  7. Incorrect file ownership after a migration or manual upload.

How to fix it

1. Review permissions

The general recommended permissions are:

Files: 644
Directories: 755

If a folder has permissions that are too restrictive, the server may deny access and return a 403 error.

From the file manager or FTP, review the folder where the error appears and the main website files.

2. Check whether it affects the whole website or only one URL

Before changing configuration, identify the scope of the problem:

  • If it affects the whole website, review general permissions, .htaccess and the firewall.
  • If it affects only one folder, review permissions and rules inside that folder.
  • If it affects only the WordPress admin area, it may be a security rule or a plugin.

3. Review the .htaccess file

An .htaccess file can block folders, IPs, extensions or specific paths.

To test it:

  1. Access the site through the file manager or FTP.
  2. Locate the .htaccess file in the affected folder.
  3. Rename it temporarily, for example:
.htaccess_old
  1. Test the URL again.

If the error disappears, one of the rules in that file was blocking access.

4. Review the application firewall

The application firewall, also known as WAF or ModSecurity, can block requests that it considers suspicious.

This may happen when saving forms, editing WordPress, opening a URL with certain parameters or sending content that the firewall interprets as risky.

From the control panel, review whether you have an option to manage ModSecurity or security rules. If you are unsure, contact support before disabling it.

5. Check whether an index file is missing

If you access a folder without index.php or index.html, some servers may show a 403 error to avoid listing files.

Upload a valid index file or redirect that folder to an existing page.

6. Test from another connection

If the website works from mobile data or another network but not from your usual connection, there may be a temporary IP block.

In that case:

  1. Find your public IP.
  2. Send it to support.
  3. Explain which URL you are trying to open and since when it happens.

What to do if the problem continues

Open a support ticket with this information:

  • The affected domain.
  • The exact URL that shows the 403 error.
  • Whether it affects all users or only your connection.
  • Recent changes to permissions, plugins, security or .htaccess.
  • Your public IP if you suspect a block.

Useful tips

  • Do not change permissions to 777; that can create security risks.
  • If the error appears when saving content in WordPress, a WAF rule may be involved.
  • Keep plugins and themes updated to reduce blocks caused by suspicious behavior.
  • Do not delete .htaccess without saving a copy first.

Conclusion

The 403 Forbidden error is usually related to permissions, .htaccess rules, the application firewall or IP blocks. Review permissions and the scope of the issue first. If you cannot find the cause, contact support with the affected URL and your public IP.