There are typically 2 reasons for receiving a 403 error:
1. Litespeed (the web server software we use as a drop-in replacement for Apache) will reject access to files and folders that contain world and group writeable permissions, as these permissions are considered very insecure and potentially dangerous. Because we do not run mod_php, these permissions are not necessary in any situation, as the PHP process runs as the username of your account on our servers and thus has all the permissions required. To resolve the 403 error you will need to fix the permission(s) on the files and/or folders with the insecure permissions. You can achieve this easily by CHMOD'ing your files/folders from an FTP client. We recommend the following permissions:
All files should be chmod'ed to 644 permissions.
All folders should be chmod'ed to 755 permissions.
2. We implement mod_security on all of our shared servers which acts as a web application firewall. Its purpose is to detect common website attacks and prevent them by blocking requests before they reach the back-end processes (PHP, etc). Unfortunately, the "rules" that are in place can sometimes (relatively rarely) trigger false positives - that is, trying to do something "normal" on your website may cause you to receive a 403 error. This is typically most common when attempting to add, edit or update a blog post or other content via a CMS.
If you are receiving a 403 error when trying to do something on your website, you may be running into one of these false positive triggers. If that's the case, please get in touch with us and provide your IP address so that we can disable the specific mod_security rule causing the problem. We also then submit feedback on this specific rule to the rule developers and mark it as a false positive. In time, this should allow the rule creators to fine-tune these rules and avoid these problems.
