Have you ever tried accessing your WordPress site only to be greeted by the frustrating “Sorry, you are not allowed to access this page” error message? This forbidden access notice can prevent you from viewing your website entirely.
So what causes this WordPress error, and how do you fix it? In this guide, we’ll cover:
- The common reasons for the “not allowed” error in WordPress
- Steps to troubleshoot and solve the issue
- Plugins to prevent similar access errors in the future
By the end, you’ll know how to get rid of this error and restore full access to your WordPress site. Let’s dig in!
Why You See “Not Allowed to Access This Page” Error
The “not allowed” error, along with a 403 Forbidden HTTP status, means something on your WordPress site is blocking the access. Some common causes include:
Incorrect File Permissions
For WordPress to function properly all key folders and files must have correct file permissions. If permissions get changed incorrectly, WordPress can’t access critical files causing the error. Often caused by overzealous file permission changes using FTP clients or server admin tools.
Security Plugins Blocking Access
Security plugins like WordFence, iThemes Security, Sucuri, and so on provide firewall protection for WordPress sites. But overly strict plugin rules may inadvertently block legitimate access resulting in “not allowed” errors.
Outdated .htaccess Rules
The .htaccess file handles vital URL rewrite and redirection functions. Old or incorrect rewrite rules in .htaccess can conflict with WordPress causing access issues. Typically occurs after migrating WordPress sites between domains.
Exceeding Server Resources Limits
Most shared hosting plans have limits on bandwidth, memory usage, concurrent connections, etc. Exceeding these server-imposed limits triggers fail-safe protections by the host. This may display “not allowed” errors preventing further access until resource usage is reduced.
Now that you know what’s causing it, let’s go through the steps to troubleshoot and fix it.
6 Ways to Troubleshoot and Solve the Error
Here are the best methods to diagnose and resolve the “Sorry, you are not allowed…” error in WordPress:
1. Check File Permissions
As incorrect file permissions often trigger this error, the first step is to verify if proper permissions are set.
The key folders like /wp-admin/ and /wp-includes/ along with files like wp-config.php must be set to 644 or 400 permissions. Refer to codex for an exhaustive permissions list.
Use FTP clients or server file managers to check and manually fix permissions. Resetting permissions resolves most “not allowed” errors.
2. Temporarily Disable Security Plugins
To check if security plugins are the culprit, temporarily disable them from wp-admin or rename their plugin folder. Test if the error persists with plugins disabled.
If disabling plugins resolves it, systematically enable them one by one to identify specific conflicting plugins. Then tweak plugin settings or change rules until normal access is restored.
3. Roll Back Recent Plugin Updates
If the “not allowed” error cropped up after updating plugins, roll back suspect plugin updates. Perhaps recent updates introduced conflicts that now block access.
Rollback via wp-admin or FTP and test after each rollback to pinpoint the problematic update. Report bugs to developer if needed.
4. Restore Default .htaccess Rules
To check if custom .htaccess redirect rules cause this, replace current .htaccess contents with the default base WordPress .htaccess rules.
Test access after restoring default .htaccess. If the error disappears, it confirms conflict with custom rewrite rules. Fix custom rules until normal access.
5. Switch to Default Theme
Just like plugins, invalid code in the current theme’s functions.php, 404.php, and other templates can also trigger the error.
Switch to a default theme like Twenty Seventeen temporarily via wp-admin and test. If it fixes the issue, then activate themes one by one to identify and troubleshoot bad theme.
6. Contact Web Host Support
For shared hosting accounts, inform your web host about the issue. They can check server logs, trace errors to exact triggers like resource limits, or identify any restrictions blocking access.
If all else fails, consult your web hosting provider. Their server-level visibility and admin rights help troubleshoot errors you can’t resolve alone.
This covers most troubleshooting methods for addressing “not allowed” errors. Let’s look at solutions to prevent repeat issues.
How to Prevent “Not Allowed” Errors in the Future
While troubleshooting fixes help resolve the current error, additional steps are needed to prevent repeat locked-outs going forward:
Lock Down File Permissions
Rather than relying on default file permissions, explicitly lock down folders and file permissions:
- Set /wp-admin/ and other key folders to 750
- Make wp-config.php and other important files 600
- Recursively lock child folder/file permissions
This strict permissions blueprint prevents random permission changes that can trigger access issues.
Carefully Configure Security Plugins
Audit security plugin rules to ensure they won’t block legitimate access. Fine-tune settings to:
- Whitelist IP ranges of all administrators
- Allow access only via proxy/cache if used
- Disable restrictive default options unless needed
- Enable only minimal required rules
- Strike a balance between security and accessibility.
Prevent Hotlinking of Uploads
Block direct URL access for uploaded media files and assets by preventing hotlinking. This stops unauthorized leeching of bandwidth and potential DOS attacks.
Implement a WAF Firewall
Consider implementing a full-fledged Web Application Firewall (WAF) for stronger protection. WAFs filter traffic more selectively allowing access only to verified safe requests. This blocks a wider range of attacks and restrictions.
Restore Normal Access Faster with Logging
Finally, enable detailed WordPress error logging so when issues eventually occur, you can:
- Quickly pinpoint the exact trigger
- Identify the culprit component right away
- Restore access faster with actionable troubleshooting details
Error logs reduce headaches for both site users and administrators by solving issues faster.
Dealing with WordPress throwing up “Sorry, you do not have permission to access this page” errors can be frustrating. However, systematically going through potential causes using the right troubleshooting steps will help identify and fix the source of this blocked access issue.
Additionally, proactively locking down permissions, auditing security rules, protecting uploads, and implementing WAF shields prevent repeat occurrences in the future.
Hopefully, these tips will help you keep the “not allowed” errors away for good and maintain smooth access to your WordPress site at all times!