403 Errors

This article will help you resolve 403 errors on your site.

Your hosting account is equipped with ModSecurity - a web server module which provides a number of important request filtering and other security rules. The idea of ModSecurity is to significantly lower the risk of common attacks such as SQL injection and exploitation of vulnerabilities in web programming/scripting languages.

These rules, while effective, are written by humans. This means that, with the complexity that is a modern web platform such as WordPress, they can return false positives on valid requests. Example scenarios which may return a false-positive could be something as simple as visiting your site from a certain IP, using a certain browser. They could also be triggered by previewing your posts, working in your theme editor and so forth.

The false positive will manifest itself as a "403" error, effectively saying "you do not have permission to complete this request".

To work around this issue, you can log into your control panel by following the link in your account dashboard. Once logged in to cPanel, click the link which says "ModSecurity".

Accessing ModSecurity options

You can then disable ModSecurity on your domain(s).
Disabling or enabling ModSecurity

Once this is done, try once again to complete the action you were originally trying. If it now works successfully then congratulations - you have now resolved the issue.

It is recommended that you keep ModSecurity enabled on the account. Please create a general support ticket and let us know that you received a 403 error that was resolved by disabling ModSecurity. We will adjust the rules to ensure this rule doesn't trigger for you again and then you can re-enable the module on your account once again.

Was this answer helpful?

Also Read

Accessing your email account through the Webmail interface

There are a number of ways of accessing your email. Many people choose to use external mail...

Restoring a file from backup

Your site is backed up using two separate systems. One runs every 12 hours and create incremental...

Creating an FTP account

It is generally more secure and reliable to connect to your site via SFTP (guides for setting...

Briefly unavailable for scheduled maintenance

You may have noticed that sometimes you encounter an "error" message on your site, on a blank...

Managing the malware scanner

From the beginning of 2019 we have been rolling out a series of new and improved security...