Few things are more frustrating than opening your website only to see a blank page with “403 Forbidden” or “500 Internal Server Error.” These errors can stop your business cold \u2014 visitors can’t reach you, emails may fail, and if you’re running an ecommerce site, every minute of downtime costs revenue. The good news is that most 403 and 500 errors in cPanel are fixable without needing to contact your hosting provider.<\/p>\n\n\n\n
In this guide, we’ll walk through the most common causes of 403 Forbidden and 500 Internal Server errors on cPanel-based hosting, and show you exactly how to diagnose and resolve each one. Whether you’re a site owner or a sysadmin, these troubleshooting steps will get your site back online quickly.<\/p>\n\n\n\n\n\n
Before diving into fixes, it helps to understand what each error is telling you:<\/p>\n\n\n\n
.htaccess<\/code> file to a PHP memory limit being exceeded.<\/li>\n<\/ul>\n\n\n\ncPanel provides several tools to help you track down the source of both errors \u2014 you just need to know where to look.<\/p>\n\n\n\n
Diagnosing the Cause Using cPanel Tools<\/h2>\n\n\n\n1. Check the Error Log in cPanel<\/h3>\n\n\n\n
The quickest way to diagnose a 500 error is by checking the cPanel error log directly:<\/p>\n\n\n\n
\n- Log into your cPanel dashboard.<\/li>\n\n\n
- Scroll down to the Metrics<\/strong> section and click Errors<\/strong> or Error Log<\/strong> (on some themes, it’s under “Logs”).<\/li>\n\n\n
- Review the most recent entries. Each entry includes a timestamp, error type, file path, and error description.<\/li>\n\n\n
- Look for lines containing
PHP Fatal error<\/code>, mod_security<\/code>, or permission denied<\/code> \u2014 these are your most actionable clues.<\/li>\n<\/ol>\n\n\n\nFor 403 errors, also check Raw Access Logs<\/strong> under the Metrics section, which records the HTTP status code returned for every request.<\/p>\n\n\n\n2. Enable Detailed Error Display (Temporarily)<\/h3>\n\n\n\n
If the error log isn’t helpful, you can configure PHP to display errors directly on the page. Only do this on a staging or development site<\/strong> \u2014 never on a live production site, as it can expose sensitive information to visitors.<\/p>\n\n\n\n\n- In cPanel, go to Select PHP Version<\/strong> under the Software section.<\/li>\n\n\n
- Click the Switch to PHP Options<\/strong> tab.<\/li>\n\n\n
- Toggle
display_errors<\/code> to On<\/strong> and set error_reporting<\/code> to E_ALL<\/code>.<\/li>\n\n\n- Visit the page that was throwing the error. The exact error message, file, and line number will now be displayed in the browser.<\/li>\n\n\n
- Once you’ve identified and fixed the issue, revert these settings immediately.<\/li>\n<\/ol>\n\n\n\n
How to Fix 403 Forbidden Errors in cPanel<\/h2>\n\n\n\nFix File and Directory Permissions<\/h3>\n\n\n\n
Incorrect file permissions are the most common cause of 403 errors in cPanel. Files must be readable by the web server, and directories must be executable. The correct permission scheme is:<\/p>\n\n\n\n
\n- Directories:<\/strong>
755<\/code> (rwxr-xr-x)<\/li>\n\n\n- Files:<\/strong>
644<\/code> (rw-r–r–)<\/li>\n\n\n- Configuration files (wp-config.php, .env):<\/strong>
600<\/code> or 640<\/code><\/li>\n<\/ul>\n\n\n\nFix Permissions Using cPanel File Manager<\/h3>\n\n\n\n\n- Open File Manager<\/strong> from your cPanel dashboard.<\/li>\n\n\n
- Navigate to your site’s document root (usually
public_html<\/code>).<\/li>\n\n\n- Select all files and folders by pressing Ctrl+A<\/strong> (Windows) or Cmd+A<\/strong> (Mac).<\/li>\n\n\n
- Click Permissions<\/strong> at the top of the toolbar.<\/li>\n\n\n
- Set numeric value to
755<\/code> for directories. You can also use the checkboxes: Owner (Read, Write, Execute), Group (Read, Execute), World (Read, Execute).<\/li>\n\n\n- Click Change Permissions<\/strong>. Repeat the process for individual files with
644<\/code>.<\/li>\n<\/ol>\n\n\n\nCheck for an Invalid .htaccess File<\/h3>\n\n\n\n
A corrupted or misconfigured .htaccess<\/code> file is another frequent cause of 403 errors. To test this:<\/p>\n\n\n\n\n- In File Manager, locate the
.htaccess<\/code> file in your site’s document root. If you don’t see it, click Settings<\/strong> at the top right and enable Show Hidden Files (dotfiles)<\/strong>.<\/li>\n\n\n- Rename it to
.htaccess_backup<\/code> to disable it temporarily.<\/li>\n\n\n- Try accessing your site again. If the 403 error goes away, your .htaccess file was the culprit.<\/li>\n\n\n
- If you’re using WordPress, you can generate a fresh default .htaccess by going to Settings \u2192 Permalinks<\/strong> in your WordPress admin and clicking Save Changes<\/strong>.<\/li>\n<\/ol>\n\n\n\n
Review ModSecurity Rules<\/h3>\n\n\n\n
cPanel often includes ModSecurity (a web application firewall), and overly aggressive rules can produce false positive 403 errors. To check:<\/p>\n\n\n\n
\n- In cPanel, go to Security \u2192 ModSecurity<\/strong>.<\/li>\n\n\n
- If ModSecurity is enabled, try Disable<\/strong> it temporarily and retest your site.<\/li>\n\n\n
- If disabling it resolves the error, re-enable it and contact your hosting provider to whitelist the specific rule that was triggered (you can find the rule ID in the error log).<\/li>\n<\/ol>\n\n\n\n
How to Fix 500 Internal Server Errors in cPanel<\/h2>\n\n\n\n1. Rename or Remove the .htaccess File<\/h3>\n\n\n\n
As with 403 errors, a corrupt .htaccess<\/code> is often the simplest explanation for a 500 error. Follow the same steps above: rename .htaccess<\/code> to .htaccess_backup<\/code> and check if the error clears. This single step resolves roughly 30\u201340% of all 500 errors encountered on shared hosting environments.<\/p>\n\n\n\n2. Increase the PHP Memory Limit<\/h3>\n\n\n\n
PHP scripts that exceed the allocated memory limit will trigger a 500 error. This is especially common with WordPress sites running memory-intensive plugins, large page builders, or ecommerce platforms like WooCommerce.<\/p>\n\n\n\n
\n- In cPanel, open Select PHP Version<\/strong> under the Software section.<\/li>\n\n\n
- Click the Switch to PHP Options<\/strong> tab.<\/li>\n\n\n
- Find
memory_limit<\/code> and increase it. A typical starting value is 256M<\/code>; for larger sites, 512M<\/code> may be needed.<\/li>\n\n\n- Click Apply<\/strong> and retest your site.<\/li>\n<\/ol>\n\n\n\n
3. Check for Plugin or Theme Conflicts (WordPress)<\/h3>\n\n\n\n
If you’re running WordPress, a faulty plugin or theme is one of the most common triggers for 500 errors. To rule this out:<\/p>\n\n\n\n
\n- Rename the
wp-content\/plugins<\/code> folder to wp-content\/plugins_disabled<\/code> via File Manager. This deactivates all plugins at once.<\/li>\n\n\n- If the error disappears, rename it back, then re-enable plugins one by one until the error returns \u2014 that identifies the culprit.<\/li>\n\n\n
- Temporarily switch to a default WordPress theme (like Twenty Twenty-Four) by renaming your active theme’s folder in
wp-content\/themes<\/code>. If the 500 error clears, your theme is the problem.<\/li>\n<\/ol>\n\n\n\n4. Check for Corrupted .htaccess Rewrite Rules<\/h3>\n\n\n\n
WordPress and many CMS platforms use mod_rewrite rules in .htaccess to generate clean URLs. If these rules become corrupted \u2014 often after moving a site, restoring from backup, or updating a plugin that modifies rewrite rules \u2014 a 500 error can result. The fix is the same as above: rename the .htaccess, navigate to WordPress Settings \u2192 Permalinks, and click Save Changes to regenerate a clean set of rewrite rules.<\/p>\n\n\n\n
5. Verify Your Script’s Shebang Line (Perl\/Python)<\/h3>\n\n\n\n
If you’re running custom scripts or CGI applications, a missing or incorrect shebang (#!\/usr\/bin\/perl<\/code>) line will produce a 500 error. Ensure the first line of your script points to the correct interpreter path \u2014 you can find the correct paths in cPanel under Software \u2192 CGI Center<\/strong>.<\/p>\n\n\n\nKey Takeaways<\/h2>\n\n\n\n\n- Start with the error logs.<\/strong> cPanel’s Error Log and Raw Access Logs give you the fastest path to the root cause for both 403 and 500 errors.<\/li>\n\n\n
- .htaccess is the #1 suspect.<\/strong> Rename it to test \u2014 this resolves a large percentage of both 403 and 500 errors instantly.<\/li>\n\n\n
- File permissions matter.<\/strong> Use 755 for directories and 644 for files. Never set anything above 755 on shared hosting.<\/li>\n\n\n
- ModSecurity can cause false 403s.<\/strong> Temporarily disable it to test, then work with your host to whitelist the specific rule.<\/li>\n\n\n
- For WordPress 500 errors, plugins and themes are the most common culprit.<\/strong> Disable all plugins at once by renaming the plugins folder, then re-enable one by one.<\/li>\n\n\n
- Keep detailed records.<\/strong> When you fix an error, note the cause and solution. If it recurs, you’ll have your fix ready instantly \u2014 and your hosting provider’s support team will thank you for the head start.<\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"
Few things are more frustrating than opening your website only to see a blank page with “403 Forbidden” or “500 Internal Server Error.” These errors can stop your business cold \u2014 visitors can’t reach you, emails may fail, and if you’re running an ecommerce site, every minute of downtime costs revenue. The good news is … Read more<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[147],"tags":[198,195,196,197,199],"class_list":["post-73","post","type-post","status-publish","format-standard","hentry","category-security","tag-htaccess-fix","tag-403-forbidden-error","tag-500-internal-server-error","tag-cpanel-troubleshooting","tag-php-error-log"],"_links":{"self":[{"href":"https:\/\/cpanelreview.com\/index.php\/wp-json\/wp\/v2\/posts\/73","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cpanelreview.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cpanelreview.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cpanelreview.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/cpanelreview.com\/index.php\/wp-json\/wp\/v2\/comments?post=73"}],"version-history":[{"count":0,"href":"https:\/\/cpanelreview.com\/index.php\/wp-json\/wp\/v2\/posts\/73\/revisions"}],"wp:attachment":[{"href":"https:\/\/cpanelreview.com\/index.php\/wp-json\/wp\/v2\/media?parent=73"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cpanelreview.com\/index.php\/wp-json\/wp\/v2\/categories?post=73"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cpanelreview.com\/index.php\/wp-json\/wp\/v2\/tags?post=73"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}