What this problem is
You receive a 403 Forbidden when accessing the site or wp-admin.
Why it happens
- Access denied by .htaccess or server rules
- Incorrect file/folder permissions
- WAF/mod_security blocking the request
- Hotlink protection blocking assets
Prerequisites
- FTP/File Manager access
Diagnosis
Check whether 403 applies to all pages or only wp-admin. Review WAF events if available.
Detailed steps
Step 1) Check permissions
- Folders: 755
- Files: 644
Step 2) Temporarily rename .htaccess
Rename to .htaccess.bak and retest.
Step 3) Check security plugin and WAF
Disable the security plugin temporarily (rename its folder) and review WAF logs for blocked rules.
Expected results
- 403 removed and access restored
What to do if it fails
- Ask hosting support to identify the blocking rule and allowlist your path/IP
Best practices
- Do not add IP restrictions without a safe allowlist process