Some OpenCart users may face a 403 Forbidden error when accessing the verification .txt file used by IndexNow or search engine validation.
This usually happens due to restrictive rules inside the .htaccess file that block direct access to .txt files.
This guide explains the issue and the exact fix.
Why This Happens
Many OpenCart installations use security rules in .htaccess to block access to sensitive files like:
.tpl.ini.log.txt
While this improves security, it may also block the IndexNow key verification file, which must be publicly accessible.
When search engines try to verify the key file, they receive:
403 Forbidden
As a result, IndexNow submission may fail.
How to Fix the 403 Error
Step 1: Open Your .htaccess File
Locate the .htaccess file in your OpenCart root directory.
Usually found in:
/public_html/.htaccess
Step 2: Find the FilesMatch Rule
Look for a block similar to this:
<FilesMatch "(?i)((\.tpl|\.ini|\.log|\.txt))">
Order deny,allow
Deny from all
</FilesMatch>
This rule blocks all .txt files.
Step 3: Replace It With the Updated Rule
Update the rule to allow the IndexNow verification file:
<FilesMatch "(?i)((\.tpl|\.ini|\.log|(?<!robots)(?<!ca74f80fa534bbeefa9b7a97990998d4)\.txt))">
Order deny,allow
Deny from all
</FilesMatch>
Important Notes
- Replace
ca74f80fa534bbeefa9b7a97990998d4with your actual IndexNow key filename (without .txt). - Do not remove protection for other
.txtfiles. - Keep
robots.txtpublicly accessible.
Example
If your IndexNow file is:
abc123xyz.txt
Then your rule should be:
<FilesMatch "(?i)((\.tpl|\.ini|\.log|(?<!robots)(?<!abc123xyz)\.txt))">
Order deny,allow
Deny from all
</FilesMatch>
After Updating
- Save the
.htaccessfile. - Clear your OpenCart cache.
- Try accessing the TXT file in your browser:
https://yourdomain.com/yourkey.txt
If it loads without 403, the issue is resolved.
When This Fix Is Required
Apply this fix only if:
- Your IndexNow submission fails
- The TXT file returns 403 error
- Your server uses strict
.htaccesssecurity rules