Error 401: 5 ways to fix it

The 401 unauthorized error indicates that the request was not processed due to a lack of valid authentication credentials for the target resource. If the request already includes the correct authentication credentials, the HTTP status code 401 indicates that authorization for those credentials was refused.

Fortunately, in most cases, these types of errors can be resolved quickly. In this tutorial, you’ll learn about the 401 error code in more detail, including its possible causes and five methods to fix it.

Error codeHTTP Error 401 Unauthorized Type of errorNormally this is a client-side errorError VariationsHTTP Error 401 Unauthorized
401 Unauthorized Error
Error 401 Unauthorized
Access Denied
401 Authorization RequiredError causesInvalid URL
Incompatibility of plugins or themes
Unsuccessful login attempts
Outdated browser cache and cookies
Server configuration errors
IP restrictions

In simple terms, 401 unauthorized is an HTTP status error that occurs when the browser is unable to access a particular web page because the server received an unauthenticated request.

This can be caused by various customer reasons, including:

• Enter a wrong URL
• Username or password incorrect
• Outdated browser cache and cookies

For example, this error can appear when you try to access restricted resources, such as password-protected web pages, without being logged in or entering the correct authentication credentials.

Although client issues seem to be the most common causes of this error, it can sometimes be caused by the web server. The server might be blocking client access to the requested resource on purpose, or the server’s authentication process might be broken.

When the 401 error occurs, the browser will display an error code or message instead of taking you to the actual web page.

One of the following error messages may appear indicating the same thing:

• HTTP Error 401
• A 401 clearance is required
• Error 401 unauthorized
• Access denied

Here is a list of the different variations of the 401 error and their descriptions:

• 401.1 – The login attempt failed.
• 401.2 – The login attempt failed due to server configuration.
• 401.3 – The login attempt failed due to the ACL (access control list).
• 401,501 – The client has generated too many requests or has reached the maximum request limit.
• 401.502 – This error occurs when a specific client (same IP) sends multiple requests to the same server, reaching the concurrent request rate limit of the dynamic IP restriction.
• 401.503 – The client’s IP address is included in the server’s deny list.
• 401,504 – The client’s hostname is included in the server’s deny list.

5 methods to solve the 401 unauthorized error

In this section, we’ll go over five methods to resolve the 401 unauthorized error.

Before proceeding with any of the methods, check if it is for everyone or just for you. This will help determine if the problem is local or server-side.

1. Confirm that the URL is correct

This may seem obvious, but the 401 error code can appear if the user has entered an incorrect URL in the browser’s address bar.

Before trying the other methods, check the URL you’ve entered. Check for any special characters or numbers that you may have missed.

If you follow a hyperlink from another web site or application, check for typographical errors. Sometimes the hyperlink may be misspelled or out of date, causing the 401 error.

To get the correct URL, try to access the restricted resources by going to the main page of the site and manually navigating to the problematic website. Another option is to search for the website on Google.

2. Clear end user problems

Below, we’ll look at some common end-user issues that can cause the 401 error, and how to resolve them.

The following steps are for users who cannot access a specific web page when others can. However, if you’re convinced that the 401 error also appears for everyone else trying to access the page, then scroll down to the third method.

Before trying the following to fix the problem, try refreshing the page and see if that fixes the problem. Sometimes a poorly loaded page can cause the 401 error code.

Clear browser cache and cookies

Browser cache and cookies improve the online experience, specifically in terms of loading speed and personalization. However, in some cases, they can cause the 401 error.

Both cookies and the browser cache are saved in the internal storage of the device. The cache stores the “static assets” of a website, that is, data that does not normally change during repeated visits. This allows the browser to preload some assets from the live version of the website, shortening the load time.

Cookies, meanwhile, are pieces of data that store information about the device and user behavior. Many websites use cookies to store user authentication data.

For example, staying logged in on a specific website is made possible by cookies.

Unfortunately, the browser’s cache and cookies can become corrupted and cause web server authentication failure. It is also possible that the current cache and cookies are outdated and need a manual update.

For and cookies in your browser, just go to your browser settings and look for the option to delete them. If you use Google Chrome, follow these steps:

1. Tap the three-dot menu icon in the top right corner.
2. go to Settings -> Security and privacy -> Clear browsing data.
3. In the range dropdown weatherChoose Since ever. Then mark Cookies and other site data Y Cached files and images.
4. Choose Delete data.

DNS Cache Flush

In addition to browser cache and cookies, logs are also stored locally on your device.

DNS cache data allows your device to match URLs to their IP addresses more quickly for shorter load times. However, unlike the browser’s cache and cookies, the DNS cache works at the system level.

Although rare, a DNS error can result in HTTP status code 401. The DNS cache may be stale and contain incorrect URL and IP address details.

Clearing DNS will clear your device’s existing DNS records, forcing it to make a completely new request and re-authenticate URLs.

So you can on Windows:

1. On your desktop, navigate to the search bar and type “Symbol of the system”.
2. Open the Symbol of the system.
3. write the command “ipconfig/flushdns” and press enter. If successful, you will see the message “DNS resolver cache successfully flushed.”

3. Check authentication credentials

The 401 unauthorized error code can appear when you try to access a locked resource, such as a password-protected page, with invalid authentication credentials. As a consequence, you will not be able to open the page.

Check that you’re logged in with a valid username and password. If you know you have entered the data correctly, try changing the password.

If you’re having trouble accessing a password-protected WordPress site, try .

4. Disable password protection

If you’re a webmaster trying to resolve the 401 error, it’s worth temporarily disabling password protection for the problematic section of your website.

If you have enabled password protection using the files and .htpasswddo the following to disable it:

1. go to File Manager of your hosting account.
2. Open the password-protected website directory.
3. Find the file .htaccess that you created when you enabled password protection in the first place. Its content should be similar to this:
   AuthTypeBasic
   AuthName “Your authorization required message.”
   AuthUserFile /path/to/.htpasswd
   require valid-user
4. Make a backup of the file content .htaccess in case you want to re-enable password protection in the future.
5. Delete the file .htaccess of the directory.
6. Find the secret location of the file .htpasswdmake a backup and delete it too.

hPanel has an easy to use feature that allows users to manage password protected website directories.

5. Troubleshoot the code

Sometimes the 401 error is not caused by a client problem, but by the server.

Use the following methods to check if the problem is caused by a server error, especially if you are the website administrator of the problematic page.

WWW-Authenticate header

It starts by checking the site’s WWW-Authenticate header for errors.

According to the IETF, a server that generates a 401 (unauthorized) response must send a WWW-Authenticate header field that contains at least one challenge applicable to the target resource.

This response header determines the authentication method that the browser must follow to access a specific page. Knowing what response the header sends and what authentication method is used will help determine the problem.

To check a WWW-Authenticate header for the cause of the 401 unauthorized error, follow these steps:

1. Navigate to the page that generates the 401 error code. If you’re using Chrome, right-click and select To inspect or press Ctrl+Shift+J to open the developer tools.
2. Open the tab of Net and reload the page. Click the entry with the 401 error status.
3. Open the tab of Headers. look for the entrance WWW Authenticate in the section response headers. The authentication method that the server applies to provide access to the content will be displayed.
4. Please refer to to know the authentication method of the page. In this case, the page uses the basic authentication method, which means that it requires only standard access credentials.

Deactivate plugins, modules and themes

If you encounter the 401 error code as a webmaster, you can identify its cause by disabling any plugins, modules, and themes you have installed on your website.

Unfortunately, no matter what CMS you use – be it WordPress, Prestashop or Magento – these extra pieces of code can cause problems on your website, including the 401 unauthorized error.

We will use WordPress as an example. If you have a WordPress site…