Prestashop forbidden error on website

A “403 Forbidden” error in PrestaShop means the server is blocking access to your site or certain files. This is very common on PrestaShop (especially PS 8/9) and usually caused by permissions, .htaccess, security rules, or hosting settings.

Below is a step-by-step troubleshooting checklist (start from Step 1 and go down).

1️⃣ File & Folder Permissions (MOST COMMON)

Incorrect permissions = instant 403.

Recommended permissions

Folders: 755
Files:   644

Important folders:

/var
/cache
/img
/log
/modules
/themes

Fix via SSH

find . -type d -exec chmod 755 {} \;
find . -type f -exec chmod 644 {} \;

If using shared hosting → Fix via File Manager

2️⃣ .htaccess File Issue

A broken or corrupted .htaccess is a top reason.

Quick test

1. Rename .htaccess → .htaccess_old
2. Open website

✔ If site opens → .htaccess is the issue

Regenerate .htaccess

1. Login to Back Office
2. Shop Parameters → Traffic & SEO
3. Click Save (without changing anything)

3️⃣ mod_security Blocking PrestaShop

Hosting firewalls often block PS URLs or parameters.

Symptoms

• 403 on login
• 403 on product pages
• 403 after enabling a module

Fix

Ask hosting support:

“Please whitelist my domain or disable mod_security rules for PrestaShop.”

Temporary test:

<IfModule mod_security.c>
  SecFilterEngine Off
  SecFilterScanPOST Off
</IfModule>

(Only if hosting allows)

4️⃣ Incorrect Ownership (VPS / Dedicated)

Wrong file owner causes permission denial.

Correct owner:

www-data:www-data

Fix:

chown -R www-data:www-data /path/to/prestashop

(Replace www-data if your server uses another user)

5️⃣ Cache Folder Permission Error (PS 8 / PS 9)

PrestaShop is very sensitive to cache permissions.

Delete cache manually:

rm -rf var/cache/*

Then ensure:

chmod -R 755 var

6️⃣ Server Security (Cloudflare / Firewall)

If using Cloudflare, Imunify360, or CSF:

Check:

• IP blocked
• WAF rule triggered
• Country block enabled

Fix:

• Whitelist your IP
• Disable aggressive bot protection

7️⃣ Module Causing 403

Sometimes a module blocks requests.

Disable all modules (via FTP)

Rename:

/modules → /modules_off

If site works → rename back and disable modules one by one.

8️⃣ PHP Version Conflict

Wrong PHP version can trigger 403 indirectly.

Recommended:

• PrestaShop 8 / 9 → PHP 8.1
• Disable PHP open_basedir restriction

9️⃣ Admin (.htaccess) Block

403 only on /admin?

Check:

/admin/.htaccess

Remove IP restrictions like:

Deny from all
Allow from 123.123.123.123

🔍 Where to Check Logs (VERY IMPORTANT)

Check server error logs:

/var/log/apache2/error.log
/var/log/nginx/error.log

PrestaShop logs:

/var/log/

✅ Most Common Fix Summary