What is 401 error code?
The 401 Error, also known as the 401 Unauthorised Error, is one of the most common error codes. This error indicates that the request to the website or web application was unable to be authenticated. Fortunately, in most cases, this error is easily corrected.
The 401 Error may be caused by several client-side reasons, including:
- Inputting the wrong URL
- Incorrect username or password
- Outdated browser cache and cookies
For instance, the 401 Error may appear when you’re trying to gain access to restricted resources like a password-protected web page without logging in first or entering the correct authentication credentials.
Although client-side issues seem to be the most common causes of this error, sometimes it can be caused by the web server. The server might be blocking the client from accessing the requested resource on purpose, or the server’s authentication process is broken.
When the 401 Error occurs, the browser will show an error code or message instead of taking you to the actual web page.
You may see one of the following error messages indicating the same error:
- HTTP Error 401
- 401 Authorization Required
- 401 Unauthorized Error
- Access Denied
Here is a list of the different variations of the 401 error and their descriptions:
- 401.1 – the login attempt has failed.
- 401.2 – the login attempt has failed due to the server configuration.
- 401.3 – the login attempt has failed due to the ACL (Access Control List).
- 401.501 – too many requests have been generated by the client or the client has reached the maximum request limit.
- 401.502 – This error occurs when a particular client (same IP) sends multiple requests to a single web server, reaching the dynamic IP Restriction Concurrent request rate limit.
- 401.503 – the IP address of the client is included in the deny list on the server.
- 401.504 – the client’s hostname is included in the deny list on the server.
How to Fix the 401 Unauthorized Error
In this section, we will go over five methods to solve the 401 Unauthorized Error.
1. Confirm the URL Is Correct
The 401 error code might appear if the user entered the wrong URL in the browser’s address bar.
Before you attempt the other methods, check the URL you’ve typed in. Verify whether there are any special characters or numbers you may have missed.
If you’re following a hyperlink from another website or web application, double-check if it contains typos. Sometimes, the hyperlink may be mistyped or outdated, triggering the 401 error.
To get the correct URL, try accessing the restricted resources by going to the website’s homepage and manually navigating to the problematic page. Another option is to try searching for the page on Google.
2. Clear User End Issues
We will now go over some common user-end issues that may cause the 401 error and how to solve them.
The following troubleshooting steps are for users who can’t access a specific webpage when others can. However, if you are convinced that the 401 error also appears to everyone else who is trying to access the page, scroll down to method three.
Before you try the following troubleshooting steps, try reloading the page and see if that fixes the issue. Sometimes, a misloaded page can cause the 401 error code.
Clearing Browser Cache and Cookies
The browser’s cache and cookies improve the online experience, specifically with regards to loading speeds and personalization. However, in some cases, they may cause the 401 error.
Both browser’s cookies and cache are saved in your device’s internal storage. The cache saves a website’s “static assets” – data that usually doesn’t change during repeat visits. This lets the browser preload some assets of the live version of the website, shortening loading time.
For example, staying logged in on a specific website is possible thanks to cookies.
Unfortunately, the browser’s cache and cookies may become corrupted, leading to a web server authentication failure. It’s also possible that the current cache and cookies are outdated and in need of manual refreshing.
To clear your browser’s cache and cookies, go to your browser’s settings and find the option to clear them. If you use Google Chrome, follow these steps:
- Click the three-dotted menu icon on the top-right corner.
- Go to Settings -> Privacy and security -> Clear browsing data.
- In the Time range drop-down menu, select All time. Then, check Cookies and other site data and Cached images and files.
4.Select Clear data.
Flushing DNS Cache
In addition to the browser’s cache and cookies, DNS records are also stored locally on your device.
The data in the DNS cache lets your device match URLs to their IP addresses faster for shorter loading times. However, unlike the browser’s cache and cookies, the DNS cache operates on the system level.
Although rare, a DNS error may result in the 401 HTTP status code. The DNS cache may be outdated, containing incorrect URL and IP address details.
Flushing your DNS will clear the existing DNS records of your device, forcing it to make a completely new request and re-authenticate the URLs.
Here’s how to flush your DNS cache on Windows:
- On your desktop, navigate to the search bar and type in “Command Prompt.”
- Open Command Prompt.
- Type in the command “ipconfig/flushdns” and press Enter. If successful, you will see the message “Successfully flushed the DNS Resolver Cache”.
3. Check Authentication Credentials
The 401 Unauthorized Error code may appear when you’re trying to gain access to a locked resource, such as a password-protected page, with invalid authentication credentials. As a consequence, you won’t be able to open the page.
Double-check whether you’re logged in with a valid user ID and password. If you’re sure that you have entered the details correctly, try changing the password.
If you’re having trouble accessing a password-protected WordPress site, attempt resetting your WordPress password.
4. Disable Password Protection
If you’re a webmaster trying to solve the 401 error, it’s worth temporarily disabling password protection for the problematic section of your website.
If you have enabled password protection using .htaccess and .htpasswd files, follow these steps to disable it:
- Go to your hosting account’s File Manager.
- Open the password-protected website directory.
- Find the .htaccess file that you created when you enabled the password protection in the first place.
- Back up the content of the .htaccess file in case you want to re-enable password protection in the future.
- Delete the .htaccess file from the directory.
- Find the secret location of the .htpasswd file, back it up, and delete it as well.
Troubleshoot the Code
Sometimes, the 401 error is not caused by a client-side issue – there could be a problem with the web server.
Use the following methods to verify if the issue is caused by a server error, especially if you are the website administrator of the problematic page.
Begin by checking the site’s WWW-Authenticate header for errors.
According to the IETF, a server generating a 401 (Unauthorized) response has to send a WWW-Authenticate header field containing at least one challenge applicable to the target resource.
This response header determines the authentication method the web browser should follow to access a specific page. Knowing what response the header sends and which authentication method is used will help determine the problem.
To check a WWW-Authenticate header for the cause of the 401 Unauthorized Error, follow these steps:
- Access the page that generates the 401 error code. If you’re using Chrome, right-click it and select Inspect or press Ctrl+Shift+J to open the developer console.
- Open the Network tab, then reload the page. Click on the entry with the 401 error status.
- Open the Headers tab. Find the WWW-Authenticate entry under the Response Headers section. It will show the authentication method the server enforces to provide access to the content.
- Refer to the HTTP Authentication Scheme Registry to find out the page’s authentication method. In this case, the page uses the basic authentication method, which means that it only requires standard login credentials.
Disable Plugins, Modules, and Themes
If you encounter the 401 error code as the website’s administrator, you can identify its cause by disabling the plugins, modules, and themes you have installed on your website.
Unfortunately, no matter which CMS you use – be it WordPress, Prestashop, or Magento – these additional pieces of code can cause issues on your website, including the 401 Unauthorized Error.
We’ll use WordPress as an example. If you have a WordPress site and still can access its admin dashboard, changing your theme to the default one and disabling all your plugins at the same time will be easy.
To reinstate the default theme, go to Appearance -> Themes and Activate the default theme.
To disable all WordPress plugins at the same time, go to Plugins -> Installed Plugins. Bulk select all the plugins, choose Deactivate from the drop-down menu and click Apply.
The process to change your design template and disable the modules should be similar with any other CMS dashboard.
However, if you don’t have access to your WordPress admin dashboard, you can disable your WordPress plugins by opening the File Manager on your hosting account and renaming the Plugins folder.
Similarly, you can change your WordPress theme without opening the admin dashboard by making changes to files through File Manager and phpMyAdmin.
The HTTP error 401 occurs when the browser’s request to the server lacks valid authentication credentials. While it’s most commonly caused by a client-side issue that is easy to fix, it can also stem from a server error.