I don’t know why, but I keep seeing this on many different servers, with various different profiles. Over the past year, I’ve seen this problem randomly happen to at least 10 different websites. One day everything is fine, then an update happens to WordPress, PHP or Apache and poof, WordPress wp-admin spits out a 403 forbidden error.
To keep it real simple, here is the fix. Paste the following into your .htaccess file:
Deny from all
Allow from all
You can also download the text file fix here.
Just make sure this code snippet is pasted below everything else, if you aren’t sure what you are doing.
If this doesn’t work, it could be a number of different things. There are a number of plugins and settings that could get in the way. For instance, your admin might have a setting setup where wp-admin is blocked from everyone except a range of IPs. Or it could be password protected. I wrote a post a while back on WordPress security through obscurity, definitely worth checking out.
You should be good to go after this. Hit me up with any questions, I love fixing broken websites.