WordPress 403 Forbidden after using WordPress app

Steven     12.02.2021

This happened to me twice now, so I’m writing it down for future reference.

A sudden WordPress 403 Forbidden error. Googling points to two common causes. Both resolutions have no effect. In this case, you might experience the third common cause for WordPress 403 Forbidden error.

Problem: website 403 Forbidden error after using WordPress app

After trying to hook up your website to the WordPress iOS app, you might experience a sudden website 403 Forbidden malfunction.

Wordpress 403 forbidden after using iOS app
WordPress 403 forbidden after using iOS app

Common cause of WordPress 403 Forbidden screen

When Googling, you will find two common root causes:

  1. Check and fix your .htaccess file
  2. Check and fix filesystem permissions (both files and folders)

There is however a third cause as well.

403 Forbidden after use of WordPress iOS app

There is a third cause of WordPress 403 Forbidden error: the (first) use of the WordPress iOS app.

To verify if you are in this last situation, fire up a web browser and try to visit your website by using a different IP adress. You can accomplisch this by e.g. disabling your mobile phone Wi-Fi, and accessing your website over the 4G network. If your website loads just fine, read on…

Now, you’re thinking, how can using an app to connect to my website trigger this behaviour? This has to do with the protocol it uses to communicate: XML-RPC. This protocol is very useful for remote website control, but has, over the years, also gained a lot of attention from hackers.

Subsequently, a lot of webhosting companies implemented protection against the use of the XML-RPC protocol. This means, their algorithms will detect any XML-RPC usage and block the originators IP adress.

How to fix WordPress 403 Forbidden error after using iOS app

First of all, you should realise there is nothing wrong with your website. It’s (just) your IP adress that is blocked from accessing it!

All that’s left to do is to contact your hosting provider, explain them the situation, and ask how your IP adress can be unblocked.

Further reading about XML-RPC

A detailed article about XML-RPC background is available here. By the time you found this article, you’ve probably read it already 🙂

Comment

Related

How to host font files locally and preload them

Custom fonts are a great way to improve your online visual appearance. In order to make sure that custom fonts don't slow down your website, make sure you (i) host the font files locally and (ii) preload them. This article describes the process of obtaining and serving font files from your own server, as well as preloading the right font file for faster website loading.

The right way to serve responsive images (srcset and sizes attribute) with WordPress and Bootstrap 5

The most confusing thing when you inspect responsive images is the fact that the browser takes into account the DPR (Device Pixel Ratio) in order to download the most appropriate image size. Find out here how to serve your visitors responsive images.

Fontawesome performance 2 tips: better host locally and include only icons you actually use

Choose the right way to load and use Fontawesome icons. In this article we explain how to host the icons locally to minimize the number of external requests. Also, we optimize performance by only including used icons.