A “403 Forbidden” error in PrestaShop means the server is blocking access to your site or certain files. This is very common on PrestaShop (especially PS 8/9) and usually caused by permissions, .htaccess, security rules, or hosting settings.
Below is a step-by-step troubleshooting checklist (start from Step 1 and go down).
1️⃣ File & Folder Permissions (MOST COMMON)
Incorrect permissions = instant 403.
Recommended permissions
Folders: 755
Files: 644
Important folders:
/var
/cache
/img
/log
/modules
/themes
Fix via SSH
find . -type d -exec chmod 755 {} \;
find . -type f -exec chmod 644 {} \;
If using shared hosting → Fix via File Manager
2️⃣ .htaccess File Issue
A broken or corrupted .htaccess is a top reason.
Quick test
- Rename
.htaccess→.htaccess_old - Open website
✔ If site opens → .htaccess is the issue
Regenerate .htaccess
- Login to Back Office
- Shop Parameters → Traffic & SEO
- Click Save (without changing anything)
3️⃣ mod_security Blocking PrestaShop
Hosting firewalls often block PS URLs or parameters.
Symptoms
- 403 on login
- 403 on product pages
- 403 after enabling a module
Fix
Ask hosting support:
“Please whitelist my domain or disable mod_security rules for PrestaShop.”
Temporary test:
<IfModule mod_security.c>
SecFilterEngine Off
SecFilterScanPOST Off
</IfModule>
(Only if hosting allows)
4️⃣ Incorrect Ownership (VPS / Dedicated)
Wrong file owner causes permission denial.
Correct owner:
www-data:www-data
Fix:
chown -R www-data:www-data /path/to/prestashop
(Replace www-data if your server uses another user)
5️⃣ Cache Folder Permission Error (PS 8 / PS 9)
PrestaShop is very sensitive to cache permissions.
Delete cache manually:
rm -rf var/cache/*
Then ensure:
chmod -R 755 var
6️⃣ Server Security (Cloudflare / Firewall)
If using Cloudflare, Imunify360, or CSF:
Check:
- IP blocked
- WAF rule triggered
- Country block enabled
Fix:
- Whitelist your IP
- Disable aggressive bot protection
7️⃣ Module Causing 403
Sometimes a module blocks requests.
Disable all modules (via FTP)
Rename:
/modules → /modules_off
If site works → rename back and disable modules one by one.
8️⃣ PHP Version Conflict
Wrong PHP version can trigger 403 indirectly.
Recommended:
- PrestaShop 8 / 9 → PHP 8.1
- Disable PHP
open_basedirrestriction
9️⃣ Admin (.htaccess) Block
403 only on /admin?
Check:
/admin/.htaccess
Remove IP restrictions like:
Deny from all
Allow from 123.123.123.123
🔍 Where to Check Logs (VERY IMPORTANT)
Check server error logs:
/var/log/apache2/error.log
/var/log/nginx/error.log
PrestaShop logs:
/var/log/
✅ Most Common Fix Summary
| Cause | Fix |
|---|---|
| Wrong permissions | 755 folders / 644 files |
| Broken .htaccess | Regenerate |
| mod_security | Disable / whitelist |
| Cache permission | Fix var/cache |
| Firewall | Whitelist IP |
| Module conflict | Disable modules |