Trying to access a website only to be met with a 401 error code? This could be happening on your own WordPress website or it could be happening on someone else’s site that you’re trying to visit.
If your WordPress site is showing the 401 error code to other visitors, it’s important to fix the problem so that your visitors can enjoy your site. And if you’re experiencing the 401 error code when you visit someone else’s site, you’ll want to understand the problem so you know what’s happening. 🐞
In a previous post we presented the most common HTTP error codes and status codes, but this post, we’ll explain what the 401 error is, what causes it, and how to fix the error 401 message.
What does the 401 error code mean? 🤔
A 401 Unauthorized error is an HTTP status code indicating that the server received an unauthenticated request. 401 error code responses are most often generated because of invalid credentials for a particular page or destination on your website. This status is typically sent with a WWW-authenticate header that contains information on how to authorize properly.
In human terms, this basically means that your client (e.g. your web browser) isn’t able to authenticate itself with the server and, as such, cannot view the resource. For example, a specific page might require a valid username and password to view.
The 401 error code, like other error codes in the 400-range, means there’s a problem on the client-side – AKA the problem lies on your web browser’s side (or another client), rather than the website you’re trying to visit.
401 error vs 403 error
People often confuse a 401 error with a 403, but the two are different. A 403 error means access to the page is forbidden, whereas a 401 error just means there’s a problem with authenticating access to the page. That is, a 401 means access is not necessarily forbidden, the server just cannot authenticate the request to grant access.
401 error code variations
The exact message that indicates a 401 error code varies depending on the server, but here are the typical 401 error code variations that you’ll see:
- 401 Unauthorized
- Authorization Required
- Access Denied
- HTTP Error 401 Unauthorized
What causes the 401 error code? ⚠️
Here are some common causes of the 401 error code:
- Incorrect URL – sometimes the 401 error code is because of the wrong URL. Make sure that the URL for the site you want to access has been entered correctly.
- Invalid login credentials – some pages of a website require you to login in order to access the information. If you’re not logged in, you will very likely get a 401-error. Make sure that the login credentials you are entering are accurate.
- False login requirement – this occurs rarely but, in some cases, a website that should not require a login will still show a login page. This indicates an issue on the admin side and will often throw up a 401-error.
- DNS errors – occasionally, domain name system failures may result in a 401 response. DNS malfunctioning is less common.
- Security/firewall issues – some WordPress security plugins or firewalls can cause a 401 error if they detect malicious activity.
- Plugin issues – a WordPress plugin on your site might be triggering the 401 error code.
How to fix the 401 error code on WordPress 🔧
Often, 401-error codes can be fixed by simply hitting the refresh button. If refreshing your page doesn’t work, try the following fixes:
- Check the URL for errors
- Clear browser cache and cookies
- Deactivate your WordPress plugins
- Remove server-level password protection
- Flush your DNS
- Try waiting
1. Check the URL for errors
It is possible that a 401 error occurs because you have typed the URL incorrectly or the login URL has been changed. Alternatively, you may have clicked on an outdated link in your web browser. In cases where a page no longer exists, the server might show a 401 code. Check the URL for spelling mistakes. You can also use a search engine to find the correct URL of the webpage you are trying to access.
2. Clear browser cache and cookies
Your browser’s cache helps improve your overall surfing experience by decreasing the loading time of websites. To do this, browsers store local copies of the content you visit most frequently. Your browser’s cache can sometimes overlap with the live version of your application, resulting in a 404 error code.
To fix this error, just clear the browser’s cache.
Similar to the cache, there are HTTP cookies which are basically tiny pieces of stored data. Invalid and/or corrupted cookies can cause an authentication error. Clear the cookies and try to open the page again.
3. Deactivate your WordPress plugins
Because WordPress plugins can alter how your site functions, they’re a typical cause of the 401 error code on WordPress.
In the case of WordPress security plugins, sometimes the plugin intends to do this. For example, some plugins will lock down your login page if the plugin thinks you’re under attack, which can trigger the 401 error code when you try to open your login page. Or the firewall in a plugin like Wordfence might cause the issue.
In this case, once you figure out the issue by deactivating the plugin, you can reach out to the plugin’s support to understand the issue.
Other times, it could be an unintended compatibility issue.
To figure out which plugin is causing the 401 error, try deactivating all of the plugins on your site and reactivating them one-by-one. Or, if the error only appeared after you installed a new plugin, try deactivating that plugin first.
4. Remove server-level password protection
If you’re using htaccess/htpasswd to protect parts of your WordPress site with an extra username/password, try deactivating this extra password protection.
Many web hosts also give you a tool to control such passwords from cPanel. Look for a tool named something like:
- Password protect directories
- Directory privacy
5. Flush your DNS
In rare cases, DNS errors can cause the server to show a 401-error code on your browser. To fix this, you need to flush your DNS. Although this is a fairly unusual cause, it is quite simple to repair.
👉 For Windows users:
- Log in to your computer as an administrator
- Open a “search” window
- Type in CMD.exe in the search field to open Command Prompt
- Enter this little code in the CMD interface: “ipconfig/flushdns”
👉 For macOS users:
- Open the Command Terminal
- Enter this code in terminal interface: “sudo killall -HUP mDNSResponder”
6. Try waiting
Like security plugins, some WordPress hosting companies will temporarily block your IP if they think you’re doing something malicious – e.g. entering the wrong password. In this case, you can try waiting to see if that fixes the issue, as sometimes your site is only locked down for a short period of time.
Additionally, many WordPress websites need regular downtime for maintenance. If you’re seeing a 401-error on someone else’s site, there may be maintenance or construction going on at the backend causing temporary login issues. Try giving the admins some time and logging in a few minutes later.
401 error code FAQ 🙋
At this point you should have a solid understanding of the general definition of the 401 error code. However, sometimes people ask about it in different contexts or simply want some quick answers to some quick questions. Below you’ll find responses to three of the most commonly asked questions regarding this http error code.
What is 401 status code in REST API?
In the context of REST API, the 401 status code means “Unauthorized.” It’s used when the server requires user authentication for the requested resource. If you receive a 401 response, it indicates that you either haven’t provided valid credentials or haven’t provided any credentials at all. The server may include a “WWW-Authenticate” header in the response to guide you on how to authenticate yourself, such as including an API key or valid username and password.
What is an example of a 401 error?
An example of a 401 error is when you try to access a restricted page on a website without logging in or providing the correct credentials. It’s like attempting to enter a restricted area without the right key or permission. The server will respond with a 401 error, indicating that you need valid login credentials to access the requested content.
What does 401 unauthorized access is denied due to invalid credential mean?
The message “401 Unauthorized: Access is denied due to invalid credentials” indicates that the server received a request that requires authentication, but the credentials provided by the client are either missing or incorrect.
In simpler terms, when you encounter this error, it means that you’re trying to access a resource or perform an action that requires you to provide valid login credentials (such as a username and password), but the ones you provided are not recognized or are missing altogether. As a result, the server denies access to the requested content or functionality.
Conclusion 🧐
A 401 error indicates a client-side problem with authentication. That is, your web browser is having issues authenticating itself with your WordPress site’s server.
Before you start digging into any in-depth troubleshooting, try a few quick fixes first. Make sure that the URL you’re using is correct, and don’t forget to clear your browser’s cache and cookies.
Also consider any security tools you may be using on your site, as well as any server-level passwords you might have added, like a password via htaccess and htpasswd. You can also try deactivating your plugins.
Do you have any questions about the 401 error code? Let us know in the comments!
Or start the conversation in our Facebook group for WordPress professionals. Find answers, share tips, and get help from other WordPress experts. Join now (it’s free)!