View all Products Close Menu Menu
Why am I receiving a ‘403 Forbidden’ error?
Updated Wednesday July 17th 2019 / Category Troubleshooting

A 403 Forbidden error is typically triggered for one of three reasons listed below.

Incorrect file permissions or ownership

As we operate a suPHP environment; most files should be chmod 644 and folders 755 (there are some exceptions to this rule such as configuration files which should be set lower!). If you would like to blanket reset your permissions to these values, you may use the VIPControl permissions fixer:

Please try running the permissions fixer via:

  1. Login to your VIPControl account.
  2. Click the Manage my Hosting button on your VIPControl dashboard.
  3. Click the blue cog button on the relevant service.
  4. Click on Permissions Fixer.
  5. Read the recommendations and follow the prompts.

If completing this doesn’t resolve the 403, move on to the next potential solution below.

Bad Cookies

Sometimes it may be the result of a bad cookie stored within your web browser. This could be a cookie which a system such as mod_security deems as malicious, and the resolution to this is to clear your browser cache.


If the two potential options above are found not to be the cause, it may be a result of a trigger within our mod_security server protection system.

If you believe this to be the case please submit an eTicket to our Technical Support team including the exact steps to replicate the issue (along with any required login credentials for back-end control panels).

If it is found that mod_security is triggering to cause the 403 error, our team needs to know the exact steps to replicate the issue so we can identify the rule triggered on the fly. Whilst these triggers can be frustrating, mod_security is in place to provide the best possible security we can to protect your front-end website scripts with 0day fixes to problems in your scripts.

Whilst it’s important you update your scripts to the latest developer releases, we have mod_security in place just in case you forget to keep those up to date or if you simply have a poorly coded script. Mod_security automatically updates daily to pick up the latest 0day protection.

Can’t find the answers you're looking for? Check out these other methods of support!