Very odd behaviour. I have 40+ WordPress sites spit across 5 Digital Ocean severs. Today, while doing some updates, I first noticed one site not working and was unable to log-in to wp-admin with a 403 error.
Checking with SFTP, I noticed all directories under public_html had changed permissions to 720. Fearing it had been hacked, I restored a backup to the day before it was last edited - 23rd December but, still the problem remained so, I took it back another 5 days, just to be certain, and still the problem was still there. I checked a number of other sites and found two more displaying the same issues but, on different servers.
I raised a support ticket and they came back and said they’d set permissions on all directories under public_html to 775 and the problem was fixed - and it was, on all 3 affected sites. I responded asking what had caused the problem and they said, in short, it must have been a plugin that had made the changes. By the way, no sign of any hacks - no additional users, WordFence runs clean.
I don’t believe it was a plugin - I use a pretty similar stack across all sites and everything was up to date. At the server level, what else might have caused this? Any ideas, comments etc.