Home Website TutorialsWordPress Processing 403 error when accessing WordPress admin (Forbidden)

Processing 403 error when accessing WordPress admin (Forbidden)

Published: Last Updated on

Processing 403 error when entering WordPress admin (Forbidden) with 5 steps.

I. Overview

Welcome back to the AZDIGI documentation channel. In today’s article, I will guide you on how to check and troubleshoot the 403 Forbidden error when accessing the WordPress admin on cPanel hosting at AZDIGI. 403 Forbidden error, you can understand that you are blocked from accessing that page. The reason why it is blocked and how to solve it, AZDIGI will guide you in today’s article.

Processing 403 error when accessing WordPress admin

II. Steps to fix 403 error when accessing WordPress admin

Step 1: Disable ModSecurity

ModSecurity is also a cause of this. ModSecurity is a typical firewall application. When a request is sent, ModSecurity will parse that request into the Request header, Request body components. Any field in each section that violates the established rules will depend on the configurator that has the corresponding response.

Usually, ModSecurity will be enabled on your Hosting, but in some cases, you manipulate your website (manipulate too fast or for other reasons), causing Hosting to mistake you as the person trying to invade. So if you go to Hosting, this feature will block your access, you usually get a 403 error in this case.

You log in to cPanel => ModSecurity and select the corresponding domain and turn it off.

After disabling ModSecurity, please try to access the website to see if it works or not, if not, continue with step 2 as follows:

Processing 403 error when accessing WordPress admin

Step 2: Check the configuration file .htaccess

What is .htaccess? The file .htaccess (hypertext access) is located in the root directory of the hosting and is managed and authorized by apache. The .htaccess file can control, configure many things with a variety of parameters, it can change the default setting values of the webserver…

If in the .htaccess file you set up rules to block execution or access, it will lead to a 403 error when accessing the website or being an admin of the web. Go to cPanel and open this file.

Since this is a hidden file, you need to show the hidden file as follows:

Processing 403 error when accessing WordPress admin

After opening the file, copy the content of the .htaccess file as follows and paste it in.

AZDIGI Tutorial
# BEGIN WordPress

RewriteEngine On
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
RewriteBase /
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [L,R]
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]

# END WordPress
Processing 403 error when accessing WordPress admin

Now try to access it and see if there is still a 403 error. If not, you can confirm the error from the .htaccess file. If the error still appears, continue with Step 3.

Step 3: Disable Security Plugins

For some security Plugins you install on your website when you do not follow the plugin’s rules, the plugin will work and block your access to the website. Below are examples of some common security plugins:

Go to your hosting and navigate the Plugins folder wp-content/plugin. Here, you will see all installed plugins. For example, I have iTheme Security installed and I will disable it by renaming or re-decentralizing from 0755 to 0000 or removing this plugin.

Screenshot 2021 02 27 at 10.43.23@2x

Now try to access it and see if there is still a 403 error. If the error still appears, you continue to do it in Step 4 because this is a way to help you check each problem so that you can eliminate it.

Step 4: Check the wp-admin folder

When you access the admin page, the wp-admin folder will manage this page. Therefore, go to the wp-admin folder and check if there is a .htaccess file, if so, please open the file and read the content first.

My case is that in wp-admin there is a .htaccess file with the content deny from all *.php, which means it will disable all when accessing .php files. This is the first cause I can identify and I will delete this .htaccess file.

Screenshot 2021 02 27 at 10.44.29@2x

Step 5: Check for Malware

Malware is also the most common cause of this condition. As the image below, you will easily recognize the files are not in the structure of WordPress and the virus has created the files and inserted malicious code causing this error.

The basic reason why the website is infected with malicious code:

  1. In the process of using, you upload data, if the data on your personal computer is infected with a virus when you upload it, it will bring the virus to the hosting.
  2. Password management information is set at a simple level, not difficult enough, easy for hackers to exploit, some websites set passwords as follows (123456, 12345678, 12345678a), which is very dangerous for the website.
  3. Don’t update WordPress versions, Plugins and Themes to new versions, old versions have many vulnerabilities and are vulnerable to exploits.
  4. Using a paid Theme, Plugin but sharing for free is easy to install malicious code.
  5. Failure to comply with security guidelines, using website/hosting.
  6. Don’t regularly scan the website with tools and plugins to scan for malicious code.
  7. Website operating on the internet will be at risk every day, every hour because there will be hackers, auto bots find holes to exploit and insert malicious codes, so the website needs to be checked for updates and maintained regularly. (You can see companies and businesses always have IT to do this review)

See more:

Screenshot 2021 02 27 at 10.45.28@2x

For AZDIGI hosting, you can go to imunify 360 => Hosting to see the malware-infected files detected by the software.

Screenshot 2021 02 27 at 10.50.05@2x

For hosting servers using cPGuard application, you can access cpguard => Virus Scanner => > to review scan logs.

Screenshot 2021 03 05 at 10.21.43

Once you have identified the cause, you can promptly fix your website to ensure data security.

If you have completed all 5 methods but still cannot resolve the Forbidden 403 error, please submit a ticket to the Technical Department for technical support.

III. Summary

So AZDIGI has just completed the guide to handling the 403 Forbidden error when accessing WordPress admin. Hopefully, this article can help you solve your doubts as well as fix this error. Wishing you success!

Đánh giá

Tham gia nhóm hỗ trợ Server - Hosting

Tham gia nhóm Hỗ trợ Server - Hosting & WordPress để cùng nhau hỏi đáp và hỗ trợ các vấn đề về WordPress, tối ưu máy chủ/server.

Tham gia ngay

Bài viết cùng chuyên mục

AZDIGI – Không chỉ là đơn vị hàng đầu trong lĩnh vực Web Hosting và Máy chủ, chúng tôi mong muốn mang lại những kiến thức bổ ích nhất và luôn cập nhật thường xuyên cho cộng đồng người đam mê thiết kế website, công nghệ,…

Vui lòng không sao chép nội dung nếu chưa xin phép. Designed and Developed by PenciDesign