Support » Fixing WordPress » 403 Forbidden on whole website including wp-admin

  • Upon logging into my wp-admin page I was asked to upgrade WordPress, which I did. This did not seem to cause any issues.

    I remembered that I had not backed up my site! So I installed the Backup plugin. Upon attempting to activate I was greeted by the following:


    You don’t have permission to access / on this server.

    Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request.

    I’ve gone in and deleted that plugin with FTP, but no change.

    I googled around on this topic, and could not find any consensus on what the issue might be. There seemed to be a lot of discussion about .htc access, which I am pretty unfamiliar with. In case anyone cares, my .htc access file includes only the following

    Order allow,deny
    Deny from all

    It is probably only a coincidence, but today I also received a very weird comment on the Hello World post that I thought was private or deleted. I was notified by WordPress about the comment and clicked on the link to moderate. Could I have been hacked?

    The site is

    Please help Obi-Wan!

Viewing 15 replies - 1 through 15 (of 17 total)
  • The scan by Sucuri shows your site has warnings. It can be malware, or simply because of the 403 Forbidden error.

    EDIT: Because it is related to your server, I think you should contact your host.

    Sucuri … I make that typo all the time also !

    Thanks Seacoast Web Design for pointing out the typo. However, I edited it.

    Oh man! I can’t believe this!

    Anything else I can do besides contact the host? Especially to keep any malware from spreading? They (Dreamhost) are not exactly responsive.

    I read somewhere to FTP the entire site locally. Delete the site. Scan the files with PC malware software? Sounds kind of crazy to me.

    Did you come here for advise or to find out your lack of abilities? I get slammed on these replies at times, but as one once said, You can lead a horse to water….

    Sometimes, it happened because the .htaccess was not configured properly.
    And your .htaccess is said: DENY FROM ALL?

    Ring any bell?

    Seacoast, I didn’t mean any lack of respect. I am just bummed, as well as un-abilitied. Thanks though.

    And Arie as I said, I know squat all about .htcaccess, but thought that DENY FROM ALL looked odd. But after Googling around it seemed like others were being advised to configure their .htcaccess exactly as mine is.

    No disrespect folks, I am admittedly very clueless on this stuff.

    They (Dreamhost) are not exactly responsive.

    Really? They are supposed to make that little extra efforts for WordPress sites. I’ve tagged this topic for their attention. If they don’t respond here in (say) the next week, please let us know.

    Last time it took Dreamhost a while, but this time they were fairly fast with a response (overnight basically). Standard delete everything and re-install, which I did. Pain, but mostly up and running. Thanks all

    Double-checked into this, and it does look like you should have received a detailed list of our findings, and ways that you can clean things up.

    If you do have any more questions, I’d definitely suggest replying directly to the email from support so that our Abuse/Security team can help you further.

    Having the same problem on my dream host website. Also tried a backup plugin, ran the job and yah the rest is history :(.

    Waiting for DH to get back to me.

    nathemie – What’s your domain? I can take a look and see if it’s easy to fix.

    Support’s a little behind today.

    I messed around and found it was a .htaacess file but the one in the root directory not the one of the root directory of the domain.

    I am not sure what you call it. Anyhow, I renamed it and things are working. Is there suppose to be a htaaccess file there?

    <Files “*”>
    <IfModule mod_access.c>
    Deny from all
    <IfModule !mod_access_compat>
    <IfModule mod_authz_host.c>
    Deny from all
    <IfModule mod_access_compat>
    Deny from all

    It contained the following.

    That .htaccess would totally block everyone from seeing your site. It’s denying access from everyone.

    A normal .htaccess has this:

    # BEGIN WordPress
    <IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteBase /
    RewriteRule ^index\.php$ - [L]
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule . /index.php [L]
    # END WordPress
Viewing 15 replies - 1 through 15 (of 17 total)
  • The topic ‘403 Forbidden on whole website including wp-admin’ is closed to new replies.