WordPress API credentials unexpected error 'Forbidden'

Sun_NB · March 18, 2026, 1:06pm

“Couldn’t connect with these settings
Forbidden - perhaps check your credentials?”

Describe the problem/error/question

I am stuck on connecting the WordPress API credentials, but I don’t think I missed out on any steps. The username is the username of the account on the WordPress environment, the password is the application password to the same account from within the WordPress environment, and the account is connected to a Wordpress.com account with 2FA enabled, connected through the JetPack plugin. The WordPress URL is without a trailing slash and the toggle of Ignore SSL Issues has no effect on the error. The account in the WordPress environment has the admin role as well, so that shouldn’t be an issue either. Does anyone know what I could be missing here?

Information on your n8n setup

n8n version: [email protected]
Database (default: SQLite): SQLite
Running n8n via (Docker, npm, n8n cloud, desktop app): Web app
Operating system: iMac - Google Chrome V146.0.7680.80

Anshul_Namdev · March 18, 2026, 1:15pm

Hi @Sun_NB Welcome!
Try adding these lines into your .htaccess file:

RewriteCond %{HTTP:Authorization} ^(.*)
RewriteRule ^(.*) - [E=HTTP_AUTHORIZATION:%1]
SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1

I guess this is related to this issue here:

Sun_NB · March 18, 2026, 1:59pm

Hi @Anshul_Namdev , thanks for the quick reply. I received those lines from the documentation AI chatbot as well and implemented it in the following way:

<IfModule mod_rewrite.c> 
RewriteEngine On 
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}] 
RewriteBase / 
RewriteRule ^index\.php$ - [L] 
RewriteCond %{REQUEST_FILENAME} !-f 
RewriteCond %{REQUEST_FILENAME} !-d 
RewriteRule . /index.php [L] 
RewriteCond %{HTTP:Authorization} ^(.*) 
RewriteRule ^(.*) - [E=HTTP_AUTHORIZATION:%1] 
SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1 
</IfModule>

This didn’t fix the issue, sadly. Though maybe I did it wrong, since I’m not very familiar with the way to do things in a htaccess file. Could it be a wrong way of adding it of mine, or does it look about right to you?

Sun_NB · March 25, 2026, 8:30am

Hi @Benjamin_Behrens,

I changed the password in my n8n credentials to the application password from the WordPress environment, but this didn’t seem to do the trick. This leads me to think it might be due to Nginx as you mentioned, but I’m not too familiar with the server side and haven’t figured out how to host using Apache yet. The PHP version 8.4 is being executed as Apache, but other than that I haven’t found much that leads me to think it could be the ‘switch‘ from Nginx to Apache.

My hosting provider is Plesk.

Does this help for insight on the situation? Please feel free to let me know if you need any more info.

Thanks in advance!

Sun_NB · March 25, 2026, 9:01am

Hi @Benjamin_Behrens, thanks for the quick reply. I checked and saw that ‘Websites & Domains‘ is only visible on the Power User-display. When switching to this view, I only see the domains that are connected to the webspace selected top right. ‘Apache & nginx Settings‘ isn’t visible for me, and I couldn’t find a way to navigate to it using the Plesk documentation either. I’ve found Apache with nginx | Plesk Obsidian documentation, but seem to lack access to ‘Server management‘.

Could there be a step I’m missing to navigate to ‘Apache & nginx Settings‘ from the ‘Websites & Domains‘ as you mentioned?

Also the Application Password was generated in the website domain’s back-end, yes. This time I didn’t take the password from Wordpress.com, but from the website domain in the directory you mentioned.
Thanks for confirming!

Sun_NB · March 25, 2026, 9:49am

Hi @Benjamin_Behrens, I’ve added the snippet to the wp-config.php file at the very top, right below the opening tag. Then tried to verify the credential again after a refresh, but sadly with the same error result.

I will contact our hosting support and see if they can add the configuration settings for us, thanks for providing the information. When this is done, I’ll share another update to let you know if it worked. Thanks!

Sun_NB · April 1, 2026, 1:25pm

Hi @Benjamin_Behrens,
The snippet has been added by the hosting party, but the same error keeps showing up. I’ve cleared cache and tried again, deactivated all plugins and tried again to see if there was anything blocking, but these didn’t fix the issue.

Are there any niche causes that could end up in the ‘Forbidden - perhaps check your credentials?‘ error?

Sun_NB · April 8, 2026, 7:22am

Hi @Benjamin_Behrens, here’s a process update; I’m waiting for my host to respond, but I’ve tested the other suggestions.

-Jetpack
I deactivated the plugin and reactivated it, then reconnected the WordPress.com account. After this I went and hard reloaded the credentials page on n8n but the same error persisted.

-JSON test
I added the slug and it showed me a JSON response, so this shouldn’t be an issue either.

-Application password
To be certain I’ve generated another application password, copied it, reloaded the n8n credential page and pasted it without changing it one bit and retried. The forbidden error still appeared.

I’ll redo these when I hear back from my host just to be sure.

Sun_NB · April 22, 2026, 7:19am

Hi @Benjamin_Behrens , I’ve received confirmation that the Nginx reload has been executed and checked. The is active in the current serverside configuration.

After this I emptied the cache and tried to retry the credentials, but the error of “Couldn’t connect with these settings. Forbidden - perhaps check your credentials?“ still persists.