Fix 403 Forbidden Error
Your site returns 403 Forbidden. Here’s how to find the cause and fix it on GoZen Host.
A 403 Forbidden response means the server understood your request but refuses to serve it. The web server, file permissions, or a security rule is blocking access.
Common Causes and Fixes
Work through these in order. Stop when you find the one that applies.
1. Wrong File Permissions
This is the most common cause. Files and directories need specific permission levels.
# Fix directory permissions (755)
find ~/public_html -type d -exec chmod 755 {} \;
# Fix file permissions (644)
find ~/public_html -type f -exec chmod 644 {} \;
If you’re on shared hosting without SSH, use cPanel’s File Manager:
- Right-click the
public_htmlfolder > Change Permissions - Set directories to
755and files to644
Expected permissions:
| Type | Permission | Numeric |
|---|---|---|
| Directories | rwxr-xr-x | 755 |
| Files | rw-r–r– | 644 |
wp-config.php | rw-r—– | 640 |
2. No Index File
If there’s no index.html or index.php in the directory, and directory listing is disabled (it should be), you get a 403.
Check: does the directory you’re accessing actually have an index file?
ls -la ~/public_html/
# Look for index.html or index.php
If your site isn’t deployed yet, upload your files. If you’re accessing a subdirectory, make sure it has an index file.
3. .htaccess Rules Blocking Access
A bad .htaccess rule can block everything. Test by temporarily renaming it:
mv ~/public_html/.htaccess ~/public_html/.htaccess.bak
If the 403 goes away, the problem is in your .htaccess. Restore it and review the rules. Common culprits:
Deny from allwithout a correspondingAllow- Incorrect
RewriteRulepatterns - IP-based restrictions you forgot about
To reset WordPress .htaccess to defaults, replace the contents with:
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress
4. cPGuard or ModSecurity Blocking the Request
GoZen Host includes cPGuard on all cPanel plans. It may block requests that look like attacks.
Check the cPGuard dashboard in cPanel:
- Go to cPGuard in your cPanel
- Check WAF Logs for recent blocks
- Look for your IP address or the URL that’s returning 403
If your request was a false positive, whitelist the specific URL or rule. See Using cPGuard for details.
5. PHP Handler Mismatch
If you recently changed PHP versions, the handler configuration may be off:
- In cPanel, go to MultiPHP Manager (or Select PHP Version on CloudLinux)
- Verify the correct PHP version is selected for your domain
- Make sure the handler matches (lsphp for LiteSpeed)
6. Hotlink Protection
If only images or media files return 403, check if hotlink protection is blocking your own domain:
- Go to cPanel > Security > Hotlink Protection
- Make sure your own domain is in the allowed URLs list
- Check that the setting isn’t blocking internal requests
Quick Diagnostic
Run through this checklist:
- Does the 403 happen on all pages or just one specific URL?
- All pages: permissions or
.htaccessissue - Specific page: likely a security rule (cPGuard/ModSecurity) or missing file
- All pages: permissions or
- Did it work before?
- Yes, it just broke: what changed? Plugin update, theme change, file upload? Start there
- Never worked: check permissions and index file
- Does it happen for everyone or just you?
- Just you: your IP might be blocked. Check the cPGuard WAF logs or contact support
What to Do Next
- Using cPGuard - check if a security rule blocked your request
- Fix 500 Internal Server Error - if you’re getting 500s instead of 403s
- Website Not Loading - broader troubleshooting guide
- Contact GoZen Support - if you cannot resolve the issue
Last updated 07 Apr 2026, 00:00 +0200.