A 403 Forbidden error is returned by the server when the user has been denied access to a resource. This is often a result of a security policy like when you block an IP address using the IP Deny Manager.
What causes the 403 Error?
There are a few causes for 403 Errors and most of them are easily resolved.
The most common 403 Error when working with WordPress is due to ModSecurity. If you were just working on your sites and then you went to save something like a post, a setting, a page, etc and then you see a 403 it is most likely ModSecurity trying to protect your site.
The most common 403 Error when working with WordPress is due to ModSecurity. If you were just working on your sites and then you went to save something like a post, a setting, a page, etc and then you see a 403 it is most likely ModSecurity trying to protect your site.
How do I fix this issue?
The easiest solution is to disable ModSecurity on the domain in question via cPanel -> ModSecurity. Once doing so it may take up to 15 minutes for the change to take full effect, so do please allow this long before testing.
Is it dangerous to disable ModSecurity?
We added ModSecurity to our servers after many years without it as an extra layer of security for our clients. ModSecurity helps to keep your sites secure against attacks but it is not required. The biggest piece of advice we give in regards to your security is to keep everything up-to-date.
Should I re-enable ModSecurity when I am done?
If ModSecurity is interfering with your site you can either leave it off indefinitely or you can turn it off and on as you need to make changes. Each change can take up to 15 minutes and only you can determine whether it's worth it to you or not.
ModSecurity is just one of many layers of security to help keep you secure from attacks so turning off ModSecurity entirely is not risky like it would have been many years ago. Additionally we do keep backups of your data so should an attacker damage your site [with or without ModSecurity enabled] it is often possible to restore back to before the incident.
ModSecurity is just one of many layers of security to help keep you secure from attacks so turning off ModSecurity entirely is not risky like it would have been many years ago. Additionally we do keep backups of your data so should an attacker damage your site [with or without ModSecurity enabled] it is often possible to restore back to before the incident.