R
Redirect Tracer

How to Fix Too Many Redirects in WordPress

WordPress-specific causes and fixes for redirect loops: SSL plugin conflicts, .htaccess loops, wp-config.php settings, Cloudflare SSL mode, and plugin conflicts.

WordPress redirect loops are frustrating because they often lock you out of the admin panel entirely. You cannot fix the settings that caused the loop because you cannot reach the settings page.

This guide covers every known cause of ERR_TOO_MANY_REDIRECTS in WordPress and how to fix each one — including when you cannot log in.

The Most Common Cause: Protocol Mismatch

The number one cause of WordPress redirect loops is a mismatch between your site URL settings and your server's SSL configuration.

WordPress stores two critical URLs in the database:

  • siteurl — The URL where WordPress core files live
  • home — The URL users see as your site address

If either of these uses http:// while your server forces HTTPS (or vice versa), you get a loop.

Fix via wp-config.php (When You Cannot Access Admin)

Add these lines to wp-config.php via FTP or SSH, before the /* That's all, stop editing! */ line:

define('WP_HOME', 'https://example.com');
define('WP_SITEURL', 'https://example.com');

Use your actual domain

Replace example.com with your real domain. Include www. if your site uses it. The protocol (http or https) must match what your server actually serves.

Fix via Database (Definitive Fix)

The wp-config.php defines override the database values but do not change them. For a permanent fix, update the database directly:

UPDATE wp_options SET option_value = 'https://example.com' WHERE option_name = 'siteurl';
UPDATE wp_options SET option_value = 'https://example.com' WHERE option_name = 'home';

Run this via phpMyAdmin, Adminer, or the mysql command line. After updating, you can remove the defines from wp-config.php.

Check your table prefix

If your WordPress installation uses a custom table prefix (not wp_), replace wp_options with your actual prefix. Check wp-config.php for the $table_prefix variable.

Fix .htaccess Redirect Loops

WordPress uses .htaccess for permalink rewriting. Sometimes it also accumulates redirect rules from plugins, manual edits, or hosting panels.

Reset .htaccess to Default

1

Access your files via FTP/SFTP

Connect to your server. Navigate to the WordPress root directory (where wp-config.php lives).

2

Rename .htaccess

Rename .htaccess to .htaccess.backup. This disables all custom rules.

3

Test the site

Reload the page. If the redirect loop is gone, the problem was in .htaccess.

4

Regenerate .htaccess

Log in to WordPress admin. Go to Settings > Permalinks and click Save Changes (without changing anything). WordPress regenerates a clean .htaccess.

Common .htaccess Mistakes

# PROBLEM: Forcing HTTPS when Cloudflare already handles it
# This creates a loop with Cloudflare Flexible SSL
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [R=301,L]

# FIX: Check the forwarded protocol instead
RewriteEngine On
RewriteCond %{HTTP:X-Forwarded-Proto} =http
RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [R=301,L]

# PROBLEM: www and non-www rules that conflict
RewriteRule ^(.*)$ https://www.example.com/$1 [R=301,L]
# ... later in the file:
RewriteRule ^(.*)$ https://example.com/$1 [R=301,L]

# FIX: Pick one and remove the other

Fix Cloudflare SSL Conflicts

This is the most common cause of WordPress redirect loops on Cloudflare-hosted sites.

Cloudflare SSL ModeWith WordPress HTTPSResult
FlexibleWordPress forces HTTPSREDIRECT LOOP
FlexibleWordPress uses HTTPWorks but insecure origin
FullWordPress forces HTTPSWorks correctly
Full (Strict)WordPress forces HTTPS + valid certBest option

The fix: Go to Cloudflare Dashboard > SSL/TLS > Overview and set the mode to Full or Full (Strict). Then ensure your origin server has a valid SSL certificate.

Trace your redirect chains

Find redirect loops, broken chains, and unnecessary hops instantly.

Fix Plugin Conflicts

WordPress plugins are the second most common cause of redirect loops. Multiple plugins trying to handle redirects, SSL, or caching can conflict.

Disable All Plugins (When Locked Out)

You cannot deactivate plugins from the admin panel if you cannot reach it. Do it via the filesystem:

1

Connect via FTP/SFTP

Navigate to wp-content/.

2

Rename the plugins directory

Rename plugins to plugins_disabled. WordPress deactivates all plugins when it cannot find the directory.

3

Test and reload

If the site loads, log in to the admin panel. Rename the directory back to plugins. All plugins will now be deactivated but visible in the admin panel.

4

Reactivate one at a time

Activate each plugin individually, testing the site after each one. When the loop returns, you have found the culprit.

Known Plugin Culprits

SSL/HTTPS plugins

Really Simple SSL, WP Force SSL, Easy HTTPS Redirection — these can conflict with server-level HTTPS redirects or Cloudflare. If your server already handles HTTPS, you usually do not need these plugins.

Caching plugins

WP Super Cache, W3 Total Cache, LiteSpeed Cache — cached redirect responses can persist even after you fix the underlying issue. Always clear the cache after fixing a redirect problem.

Redirect plugins

Redirection, Safe Redirect Manager, Simple 301 Redirects — check for rules that create loops, especially rules that redirect a URL to itself or to another redirected URL.

Security plugins

Wordfence, Sucuri, iThemes Security — these can force HTTPS or redirect login pages in ways that conflict with other settings.

Fix WordPress Multisite Issues

WordPress Multisite has additional redirect complexity:

// wp-config.php — Ensure these are set correctly for Multisite
define('DOMAIN_CURRENT_SITE', 'example.com');
define('PATH_CURRENT_SITE', '/');

// If using HTTPS across the network
define('FORCE_SSL_ADMIN', true);

// Force the correct protocol
if (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] === 'https') {
    $_SERVER['HTTPS'] = 'on';
}

For subdirectory-based Multisite installations, check that the .htaccess rewrite rules match the Multisite format, not the single-site format. WordPress generates different rewrite rules for Multisite.

Fix Reverse Proxy / Load Balancer Issues

If WordPress sits behind a reverse proxy (Nginx as a proxy, AWS ELB, Google Cloud Load Balancer), the proxy terminates SSL and forwards HTTP to WordPress. WordPress sees HTTP, redirects to HTTPS, and the loop begins.

Add this to wp-config.php:

// Tell WordPress to trust the forwarded protocol header
if (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] === 'https') {
    $_SERVER['HTTPS'] = 'on';
}

Place this above the require_once ABSPATH . 'wp-settings.php'; line.

Clear All Caches After Fixing

After resolving the redirect loop, clear every cache layer:

1

Clear WordPress object cache

If you use an object cache (Redis, Memcached), flush it: wp cache flush via WP-CLI, or restart the cache service.

2

Clear page cache

In your caching plugin, click the "Purge All" or "Clear Cache" button.

3

Clear CDN cache

In Cloudflare: Caching > Configuration > Purge Everything. Other CDNs have similar options.

4

Clear browser cache

Hard refresh with Ctrl+Shift+R or clear site-specific cookies and cache.

WP-CLI is your friend

If you have WP-CLI access, check your options without the admin panel: wp option get siteurl and wp option get home. Fix them with wp option update siteurl 'https://example.com'.

Related Articles

Check siteurl, check home, check Cloudflare SSL mode. That covers 90% of WordPress redirect loops.

Never miss a broken redirect

Trace redirect chains and detect issues before they affect your users and SEO. Free instant tracing.