When it comes to error messages, one needs to properly understand to troubleshooting them. Recently when logging-in to my WordPress admin area, I got “403 Forbidden” error which states that “Access to this resource on the server is denied!” Getting this annoying error means you won’t be able to login to WordPress, no matter how many times you try. The good part is that troubleshooting this problem is easy. Let’s take a look at some possible solutions when you face 403 forbidden error, and you can’t login to wp-admin or wp-login page.
Check for file and folder permissions
The first step to solve this error is to check for proper permissions to WordPress files and folders. Normally, your folders (or call it directories) should have 755 permission and files should have 644 permission. Don’t forget to check your wp-config.php and wp-login.php for 644 file permission, and wp-admin folder for 755 permission.
Check your .htaccess file
Web hosts sometimes edit your .htaccess file to add some code to prevent brute force attacks. This is usually a good practice to prevent intrusion, and protect your site from such attacks. However, the side effect of this is that it even restricts the legitimate user (you) from logging-in to WordPress. That’s why, check your .htaccess file which should look like below:
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ – [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress
If yours is different, then edit your .htaccess to look like above and remove the extra code from the file. Once you do this, clear your browser cache or use a different browser and then try to login to WordPress admin. Many users have reported that this method has solved their problem.
For advanced users: If you find that your web host has indeed edited .htaccess to protect it from damage or from using more resources on the server, then you can simply white list your IP and allow access to the wp-admin area.
Disable Security Plugin
If you are using any security plugin and facing this problem, then disable it right now. Reason? Because security plugins have some features like deny brute force, IP whitelist, etc and sometimes they lock down the login area if anything suspicious occurs. To disable such security plugin, login to your cPanel, go to File Manager and rename the plugin’s folder, or use a FTP client to do the same. Now go ahead and try to login to your WordPress again.
So go ahead and fix your access denied to wp-admin / wp-login page by using these methods.
A strange thing happen to one of my WP installation, I can login into the admin but my client cannot; he gets a forbidden page. My .htaccess and file permissions are perfect, what other issues could cause this problem? Thanks 🙂
Are you using any security plugin? Then try disabling that plugin for sometime and see if your client is able to login. If i am right, then this should solve the issue.
Your advices solved me the problem which other could not!
The issue was with a permission on the root folder of the wp installation which had 750. Once I changed permissions to 755, it worked.
Thanks a million!
Glad to know that my solutions worked for you
i cannot completely log in so I do not know where to start and change the files
How do you white list the IP?
If you are asking this question related to this topic here, then just disable any security plugins that you have installed.
Given that WordPress sites are being attacked constantly, and are hacked fairly frequently, I think that any solution that involves disabling any security that may be installed is irresponsible.
How about trying to find a solution that involves whitelisting the plugin with the installed security system so that the software can be used in a secure fashion?
Removing the extra bits from htcaccess file just worked for me. Thanks a lot.
Altering file/folder permissions worked perfectly – thanks!
Still the same problem, i changed the .htaccess and permissions but
403
Forbidden
Access to this resource on the server is denied!
unable to solve it
Thanks for the article. Your idea of checking the htaccess was just what I needed. It wasn’t the security plugin or the file permission though. When I read it, I remembered that caching and performance plugins have a habit of messing with the htaccess. So I disabled W3total Cache and was able to update wordpress to the current version.
Previously I could see a 403 in my server logs whenever i triggered an update for POST and GET requests in /wp-login.php.
How is this easy?
I have no idea what any of the following means!
”
The first step to solve this error is to check for proper permissions to WordPress files and folders. Normally, your folders (or call it directories) should have 755 permission and files should have 644 permission. Don’t forget to check your wp-config.php and wp-login.php for 644 file permission, and wp-admin folder for 755 permission.
”
How do you check for this?
You’ll need to use a FTP client like FileZilla to check for permissions, or use cPanel’s File Manager.