403 Error in the WordPress Administration [wp-admin]

What is a 403 Error?

A 403 Forbidden error is returned by the server when the user has been denied access to a resource.  This is often a result of a security policy like when you block an IP address using the IP Deny Manager.


What causes the 403 Error?

There are a few causes for 403 Errors and most of them are easily resolved.

The most common 403 Error when working with WordPress is due to ModSecurity. If you were just working on your sites and then you went to save something like a post, a setting, a page, etc and then you see a 403 it is most likely ModSecurity trying to protect your site.

How do I fix this issue?

The easiest solution is to disable ModSecurity on the domain in question via cPanel -> ModSecurity.  Once doing so it may take up to 15 minutes for the change to take full effect, so do please allow this long before testing.

Is it dangerous to disable ModSecurity?

We added ModSecurity to our servers after many years without it as an extra layer of security for our clients.  ModSecurity helps to keep your sites secure against attacks but it is not required.  The biggest piece of advice we give in regards to your security is to keep everything up-to-date.


Should I re-enable ModSecurity when I am done?

If ModSecurity is interfering with your site you can either leave it off indefinitely or you can turn it off and on as you need to make changes.  Each change can take up to 15 minutes and only you can determine whether it's worth it to you or not.

ModSecurity is just one of many layers of security to help keep you secure from attacks so turning off ModSecurity entirely is not risky like it would have been many years ago.  Additionally we do keep backups of your data so should an attacker damage your site [with or without ModSecurity enabled] it is often possible to restore back to before the incident.
 
  • WordPress, wp-admin, ModSecurity, Mod_Security, 403, 403 Error, 403 Forbidden, Forbidden
  • 0 Users Found This Useful
Was this answer helpful?

Related Articles

Setting PHP Environment Variables

To set custom PHP Environment Variables such as register_globals, display_errors,...

Cannot upgrade WordPress or a WordPress Plugin

Should you receive an error message about not being able to write or open a file in "/tmp" when...

My site is displaying a blank white page or HTTP Error 500!

Generally a blank white page when you expect content is a PHP error.  As we offer production...

BackupBuddy not working, how can I fix this?

BackupBuddy schedules things to run in the background in a way that isn't inherently compatible...

PHP - Cannot modify header information - headers already sent by ...

This message means that your PHP script is sending data to the web browser before the headers and...