403 Forbidden in WordPress: Common Fixes

What this problem is

You see a 403 Forbidden error on the site, wp-admin, or specific URLs.

Why it happens

• Incorrect file or folder permissions
• Security plugin rules blocking access
• WAF/CDN blocking your IP
• .htaccess rules denying access

Prerequisites

• FTP/File Manager access
• Access to hosting security/WAF panel if used

Diagnosis

1. Check if the 403 happens for everyone or only your IP.
2. Review recent changes (plugin installs, security rules, .htaccess edits).
3. Check file permissions on wp-content and wp-admin.

Step-by-step (detailed)

1. Set standard permissions: folders 755, files 644.
2. Temporarily disable security plugins (rename plugin folder if you cannot access wp-admin).
3. Regenerate .htaccess by resetting permalinks in wp-admin, or restore a clean .htaccess file.
4. If you use a CDN/WAF, allowlist your IP and purge rules.

Expected results

• Access is restored
• 403 responses stop

What to do if it fails

• Check server error logs for the exact rule or path blocked.
• Look for deny or require all denied directives in .htaccess.
• Contact hosting support with timestamps and your IP.

Best practices

• Keep a known-good copy of .htaccess.
• Use a WAF but review false positives.
• Limit admin access by IP only when you have a stable IP.