WhatsApp us
How to Fix admin-ajax.php 403 Error in WordPress
- Tech Area
- Last updated on: January 19, 2026
The admin-ajax.php 403 error in WordPress is a common issue that blocks AJAX requests with a “403 Forbidden” response. This error usually breaks features like contact forms, login popups, infinite scroll, filters, and custom AJAX-based functionality.
In this guide, you’ll learn why the admin-ajax.php 403 error occurs and how to fix it permanently using proven methods.
What Is admin-ajax.php in WordPress?
admin-ajax.php is a core WordPress file used to handle AJAX requests for both frontend and backend actions. Many plugins and themes rely on this file to send and receive data without refreshing the page.
If this file is blocked, WordPress AJAX features stop working.
What Causes admin-ajax.php 403 Error?
Here are the most common reasons:
1. Incorrect file permissions
2. Security plugins blocking AJAX requests
3. Web hosting firewall or ModSecurity
4. Missing or invalid nonce
5. Improper .htaccess rules
6. Server-side WAF (Web Application Firewall) restrictions
How to Fix admin-ajax.php 403 Error in WordPress
1. Check File Permissions (Most Important)
Ensure correct permissions:
1. Folders: 755
2. Files: 644
3. admin-ajax.php path:
/wp-admin/admin-ajax.phpIf permissions are incorrect, your server may block access and return a 403 error.
2. Whitelist admin-ajax.php in Security Plugins
Security plugins like Wordfence, iThemes Security, or All In One WP Security often block AJAX requests.
What to do:
1. Go to your security plugin settings
2. Whitelist:
/wp-admin/admin-ajax.php
3. Disable firewall temporarily to test
3. Disable ModSecurity (Hosting Firewall)
Many shared hosting providers enable ModSecurity, which can block admin-ajax.php.
Solution:
1. Ask your hosting provider to disable ModSecurity
2. Or disable it via .htaccess:
<IfModule mod_security.c>
SecFilterEngine Off
SecFilterScanPOST Off
</IfModule>
4. Fix .htaccess File Issues
Incorrect rewrite rules may block AJAX.
Quick fix:
1. Go to WordPress Dashboard → Settings → Permalinks
2. Click Save Changes (without editing anything)
This regenerates the .htaccess file automatically.
5. Add Correct AJAX Nonce (For Developers)
If you’re using custom AJAX code, missing nonce validation can cause a 403 error.
PHP:
wp_localize_script('custom-js', 'ajax_obj', array(
'ajax_url' => admin_url('admin-ajax.php'),
'nonce' => wp_create_nonce('secure_nonce')
));
JavaScript:
jQuery.post(ajax_obj.ajax_url, {
action: 'my_action',
nonce: ajax_obj.nonce
});
6. Check Hosting WAF (Cloudflare / Server Firewall)
If you’re using Cloudflare or any hosting firewall:
1. Disable Bot Protection
2. Lower Security Level
3. Whitelist your site IP
How to Test admin-ajax.php
Open this URL in your browser:
https://yourdomain.com/wp-admin/admin-ajax.php
If you see:
0
admin-ajax.php is working correctly.
admin-ajax.php 403 Error – Final Checklist
✔ Correct file permissions
✔ Security plugin whitelist
✔ ModSecurity disabled
✔ Proper nonce validation
✔ Clean .htaccess
✔ Firewall rules checked
Conclusion
The admin-ajax.php 403 error in WordPress is usually caused by security restrictions or permission issues. By following the steps above, you can fix the issue and restore all AJAX-based functionality on your website.
Join 20,000+ subscriber