A 403 Forbidden error means the server understood your request but refuses to serve it, usually from wrong file permissions, an .htaccess deny rule, a missing index file, or a security block. A 404 Not Found means the server cannot find the page, often from broken permalinks, moved content, or a mistyped URL.
.htaccess, and security plugins or firewalls..htaccess, or permissions..htaccess or changing permissions.You clicked a link or typed an address, and instead of your website you see a bare error page. A 403 Forbidden tells you the server received the request and deliberately said no. A 404 Not Found tells you the server looked for the page and came up empty. Both are HTTP status codes, the short numeric replies a web server sends with every response.
This guide is for site owners, WordPress users, and anyone managing their own hosting who wants to know exactly why the error appeared and how to clear it. The good news: both errors are common, and most are fixed in a few minutes once you know which cause you have. If you want the wider picture of what each status code means, our server errors guide covers the full family, including how 403 and 404 differ from a 500 internal server error.
Before changing anything, run two quick checks. They tell you where to point your effort and stop you from editing files you don't need to touch.
Check 1: one page, or the whole site? Open your homepage and two or three other pages. If only one page fails, the cause is almost always that single page's content, its URL, or a rule aimed at it. If every page fails, the cause is usually site-wide: broken permalinks, a bad .htaccess rule, or a permissions problem across your folders.
Check 2: is it 403 or 404? Read the number on the screen. A 403 is a permission or access problem, so you look at file permissions, deny rules, and security tools. A 404 is a missing-resource problem, so you look at URLs, permalinks, and redirects. Clearing your browser cache and trying an incognito window rules out a stale local copy.
Is it your site or your host? Permissions, .htaccess rules, missing index files, and security plugins are all your side, and you can fix them from your dashboard or file manager. A 403 that appears site-wide from the server's ModSecurity (a firewall that inspects web requests) or from your IP address being blocked is host side. If your own checks come back clean and the error is server-wide, contact your host and ask whether a firewall rule or IP block is involved.
A 403 Forbidden means the request was valid and understood, but the server will not authorize access to that resource. The page or folder exists; you are simply not allowed to see it. Common causes include:
.htaccess. The .htaccess file is a per-folder settings file on Apache servers. A Deny from or Require all denied line, or a corrupted file, can block access.index.php or index.html and directory listing is turned off, the server refuses to show the folder.A 404 Not Found means the server looked for the requested page or file and could not find it at that address. Nothing is broken about your permissions; the path simply leads nowhere. Common causes include:
.htaccess. The rewrite rules translate pretty URLs into real file requests. If they're gone, pretty URLs return 404.Match the error to the most likely cause before you start. This table shows where to look first for each situation.
| What you see | Most likely cause | Where to start |
|---|---|---|
| 403 on the whole site | Permissions or a bad .htaccess rule | Check folder/file permissions, then regenerate .htaccess |
| 403 on one folder | Missing index file or a deny rule | Add an index file; inspect .htaccess |
| 403 after logging in a few times | Security plugin or IP block | Pause the security plugin; ask your host about IP blocks |
| 404 on every page except the homepage | Broken permalinks | Reset permalinks (Settings → Permalinks → Save) |
| 404 on one page | Deleted, moved, or mistyped URL | Confirm the URL; restore content or add a redirect |
755 and files to 644. These are the safe defaults the web server expects..htaccess for deny rules or corruption. Look for lines such as Deny from all or Require all denied. To rule out a corrupted file, rename it to .htaccess_old so the server regenerates a clean one. In WordPress, open Settings → Permalinks and click Save Changes to rebuild it.index.php or index.html exists in the folder that fails. Without one, the server can return 403.Settings → Permalinks and click Save Changes without changing anything. This rebuilds the URL rules and is the most common fix for site-wide 404s..htaccess. If resetting permalinks doesn't help, rename .htaccess to .htaccess_old and save permalinks again so a fresh file with the correct rewrite rules is created.301 redirect (a permanent forward) from the old URL to the new one so visitors and search engines land in the right place.Never set permissions to 777. A 777 permission lets anyone read, write, and run a file, which is a serious security risk and often does not even fix the 403. Stick to 755 for folders and 644 for files.
Two more mistakes cause the most avoidable damage:
301 redirect to the new location instead..htaccess without a backup. One wrong line in .htaccess can take the whole site down. Always copy the file first, so you can paste the original back if something breaks.A little routine keeps both errors rare:
301 redirect from the old address to the new one. This is the single best habit for avoiding 404s..htaccess clean. Only add rules you understand, comment what each block does, and keep a known-good copy. A tidy file rarely triggers a 403..htaccess mistake is a quick restore, not a crisis. See the website backups guide to automate it.A 403 Forbidden means the page exists but the server refuses to let you access it, usually because of permissions, a deny rule, or a security block. A 404 Not Found means the server looked for the page and it isn't there. In short: 403 is "you can't have this," and 404 is "this isn't here."
This classic pattern almost always means broken permalinks. The homepage loads because it doesn't rely on the URL rewrite rules, but every other page does. Go to Settings → Permalinks in WordPress and click Save Changes to rebuild the rules. If that alone doesn't work, regenerate your .htaccess file.
Permalinks are the readable URLs WordPress creates for your content. Behind the scenes, rewrite rules map each pretty URL to the right post or page. If those rules are missing or corrupted, the pretty URLs point at nothing and return a 404. Resaving your permalink settings rewrites the rules and usually fixes it.
Sometimes. Many 403s are your side, from permissions, an .htaccess deny rule, a missing index file, or a security plugin. But a site-wide 403 that survives your own checks can be host side, caused by the server firewall (ModSecurity) or an IP block. If your checks are clean and the whole site is forbidden, ask your host to review their firewall and block lists.
A few 404s are normal and won't harm your site. The problem is leaving many broken URLs, especially ones that used to rank or that other sites link to. Those lose value and frustrate visitors. Add a 301 redirect from each important old URL to its new location to keep both readers and search engines on track.
Your browser or a caching layer is probably showing an old copy. Clear your browser cache, try an incognito window, and empty any caching plugin and your CDN. Once caches refresh, the corrected page should load normally.
A 403 Forbidden is an access problem: work through permissions (755 and 644), .htaccess deny rules, a missing index file, and security tools, then ask your host about ModSecurity or an IP block. A 404 Not Found is a missing-page problem: confirm the URL, reset permalinks, regenerate .htaccess, restore or redirect the content, and clear caches. Back up before you edit anything, and set redirects whenever URLs change.
Next step: broaden your troubleshooting with the server errors guide to handle the rest of the HTTP status codes with the same calm, step-by-step approach.
.htaccess file.mod_rewrite.The editorial team behind the Bitrich777 Hosting Help Center — practical, tested guides on web hosting, WordPress, servers, DNS, SSL, email, security and migration. Every walkthrough is reproduced on a live host before it is published.
View all guides by the Hosting Team Spotted an error? Tell us