How to Fix WordPress Login Redirect Loop

What Is a WordPress Login Redirect Loop?

A WordPress login redirect loop happens when you try to log in, WordPress processes your credentials successfully, but instead of taking you to the dashboard, it sends you back to the login page. You enter your credentials again, get logged in again, and get redirected back to login again—infinitely.

You’ll recognize this by:

• Entering username and password, clicking “Log In”
• Page appears to load briefly
• Redirected back to the login page
• Process repeats endlessly
• Sometimes you see error messages like “Cookies are blocked” or “WordPress database error”

The site itself loads fine, but you can’t access wp-admin. This is different from being completely locked out—the authentication works, but the redirect after login is broken.

---

Common Causes of Login Redirect Loops

• Incorrect WordPress URL settings — Site URL and WordPress URL don’t match
• Cookie settings corrupted — WordPress can’t set session cookies properly
• HTTPS/HTTP mismatch — Site configured for HTTPS but login uses HTTP
• Plugins interfering with authentication — Security or custom login plugins blocking redirect
• Theme issues with login template — Custom login page code is broken
• Trailing slashes misconfigured — URL structure expects or doesn’t expect trailing slashes
• Browser cookies disabled — JavaScript blocking or cookie settings preventing sessions
• WordPress multisite misconfiguration — Domain mapping issues on multisite installs
• Htaccess rewrite issues — Redirect rules interfering with login flow

---

Solution 1: Fix WordPress URL Settings

This is the most common cause. WordPress and Site URLs must match exactly.

1. Log in to WordPress admin (try accessing it anyway, sometimes you can get in briefly)
2. Go to Settings → General
3. Check “WordPress Address (URL)” and “Site Address (URL)”
4. Both should match your domain exactly:
   • If your site is https://yourdomain.com (with HTTPS), both should be:
     • https://yourdomain.com (without www if you don’t use it)
   • If your site uses www: https://www.yourdomain.com
5. Click “Save Changes”
6. Try logging in again

Can’t access wp-admin? Edit the database directly:

1. Access phpMyAdmin from cPanel
2. Select your WordPress database
3. Open the wp_options table
4. Find row with option_name = siteurl
5. Change option_value to your correct URL (e.g., https://yourdomain.com)
6. Find row with option_name = home
7. Change it to match siteurl
8. Click “Go” to save

If URLs don’t match after saving, clear all browser cookies and try logging in from an incognito window.

---

Solution 2: Fix HTTPS/HTTP Mismatch

If your site uses HTTPS but the login redirects to HTTP (or vice versa), you’ll get a redirect loop.

Check your site URL:

1. Visit your site in a browser
2. Look at the URL bar
3. Note if it shows https:// or http://

Update WordPress to match:

1. Go to Settings → General (or edit database)
2. Make sure WordPress Address and Site Address start with the same protocol:
   • Both https:// (preferred)
   • Both http://

Force HTTPS in WordPress:

Add to wp-config.php:

if (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] === 'https') {
    $_SERVER['HTTPS'] = 'on';
}

define('WP_HOME', 'https://yourdomain.com');
define('WP_SITEURL', 'https://yourdomain.com');

Force HTTPS via .htaccess:

Add to .htaccess:

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
</IfModule>

---

Solution 3: Clear All Browser Cookies

Browser cookies can get corrupted and prevent login sessions from working.

Clear cookies in your browser:

• Chrome: Settings → Privacy → Clear browsing data → Cookies and cached images → Clear
• Firefox: Settings → Privacy → Cookies → Show Cookies → Select all → Remove → Close
• Safari: Develop → Empty Web Storage (or Preferences → Privacy → Manage Website Data)
• Edge: Settings → Privacy → Choose what to clear → Cookies and saved website data

After clearing, close your browser completely, reopen it, and try logging in again.

In incognito/private mode:

1. Open an incognito or private browser window
2. Go to your login page
3. Log in with your credentials

If you can log in successfully in incognito mode, the problem is corrupted browser cookies, not your WordPress configuration.

---

Solution 4: Disable All Plugins

Plugins can intercept login requests and cause redirect loops.

Via WordPress:

If you can briefly access wp-admin:

1. Go to Plugins → Installed Plugins
2. Deactivate all plugins
3. Try logging in from a fresh login page

Via FTP (if locked out):

1. Navigate to /wp-content/plugins/
2. Rename plugins folder to plugins-disabled
3. Create new empty plugins folder
4. Try logging in
5. If successful, rename back and test plugins one by one

Common problematic plugins:

• Security plugins with custom login redirect rules
• Custom authentication plugins
• Role/permission plugins with broken logic
• Theme customization plugins

---

Solution 5: Switch to Default Theme

Custom themes can contain broken login redirect code.

Via FTP:

1. Go to /wp-content/themes/
2. Rename your active theme folder (e.g., mytheme → mytheme-disabled)
3. WordPress automatically activates a default theme
4. Try logging in

Via Database:

1. Access phpMyAdmin
2. Select your WordPress database
3. Open wp_options table
4. Find option_name = template, change option_value to twentytwentythree
5. Find option_name = stylesheet, change to twentytwentythree
6. Try logging in

If this fixes the redirect loop, your theme has a login-related issue. Contact the theme developer or switch themes.

---

Solution 6: Add WordPress Auth Cookies to wp-config.php

Sometimes WordPress’s authentication cookies don’t set properly. Define them manually:

Add to wp-config.php:

define('COOKIEHASH', 'put_your_unique_phrase_here_1234567890');
define('USER_COOKIE', 'wordpress_user_' . COOKIEHASH);
define('PASS_COOKIE', 'wordpress_pass_' . COOKIEHASH);
define('AUTH_COOKIE', 'wordpress_logged_in_' . COOKIEHASH);
define('SECURE_AUTH_COOKIE', false);
define('LOGGED_IN_COOKIE', true);
define('COOKIE_DOMAIN', $_SERVER['HTTP_HOST']);

Replace put_your_unique_phrase_here_1234567890 with a random string of characters.

---

Solution 7: Check .htaccess Redirect Rules

Broken .htaccess rewrite rules can redirect login requests infinitely.

1. Via FTP, backup your .htaccess
2. Open it and look for any custom redirect rules:
   • Lines with RewriteRule
   • Lines with Redirect
3. Check if any rules reference your login URL
4. If you find suspicious redirect rules, comment them out with #:

   # RewriteRule ^/wp-login.php$ https://yoursite.com/login [R=301,L]
   

5. Save and test login
6. If it works, those rules were the problem

If you have many custom rules, delete them and regenerate .htaccess:

1. Delete .htaccess
2. Go to WordPress Settings → Permalinks
3. Click “Save Changes” to regenerate clean .htaccess

---

Solution 8: Increase Login Session Timeout

Sometimes redirect loops happen because sessions expire too quickly.

Add to wp-config.php:

define('COOKIE_LIFETIME', 2592000); // 30 days
define('AUTH_COOKIE_EXPIRES', 2592000);
define('LOGGED_IN_COOKIE_EXPIRES', 2592000);

This extends login sessions from the default 2 days to 30 days, reducing logout-induced redirects.

---

Solution 9: Check for Infinite Redirect Chains

Your browser should show warnings about redirect loops. Let’s capture these:

Via Chrome:

1. Press F12 to open Developer Tools
2. Go to Network tab
3. Try to log in
4. Look at the request chain
5. You’ll see something like: POST /wp-login.php → GET /wp-admin/ → GET /wp-login.php → repeat
6. The URLs in the redirect chain tell you what’s going wrong

Fix based on redirect chain:

• If redirecting to homepage: Site URL is wrong in Settings
• If redirecting to admin: User role has issues
• If redirecting to same login page: Cookie or session issue

---

Solution 10: Reset WordPress Authentication Keys

Corrupted authentication salts can cause login issues.

1. Open wp-config.php
2. Find the lines starting with define('AUTH_KEY'... (usually around line 50)
3. Delete all 8 salt/key definition lines
4. Go to https://api.wordpress.org/secret-key/1.1/salt/
5. Copy the new salts generated
6. Paste into wp-config.php where you deleted the old ones
7. Save the file
8. Log out of all devices (sessions will be invalidated)
9. Try logging in again fresh

---

Solution 11: Check User Capabilities

Sometimes users get created with broken capabilities that prevent redirect after login.

1. Access phpMyAdmin
2. Open your WordPress database
3. Find wp_usermeta table
4. Look for rows with your username and meta_key like wp_capabilities
5. Verify the value is valid JSON like: a:1:{s:13:"administrator";b:1;}
6. If corrupted, update it to a proper admin role

Or via wp-cli:

wp user update <user_id> --role=administrator

---

Solution 12: Check Hosting Redirect Rules

Some hosts have server-level redirects interfering with WordPress login.

1. Contact your hosting support
2. Ask if they have:
   • URL redirects configured for your domain
   • Force HTTPS/HTTP redirect enabled
   • Custom rewrite rules at server level
3. Request they disable any redirects except forcing HTTPS
4. Wait 15 minutes for changes to propagate
5. Try logging in again

---

Prevention Tips

• Always verify WordPress URL settings match your actual domain
• Test login immediately after changing domain settings
• Keep authentication plugins updated
• Use strong, unique passwords to prevent brute force redirects
• Monitor .htaccess edits and test after changes
• Backup wp-config.php before editing authentication settings
• Document any custom redirect rules you create

From experience: I once debugged a login redirect loop for 2 hours that was caused by a well-meaning client who changed their site to use www.domain.com but WordPress was still configured for domain.com. One setting change fixed everything. The admin URL bar shows which you’re going to—always check that it matches your settings.

Related: If login issues involve other errors, check How to Fix Wordfence Blocking Admin Access or How to Fix WordPress 403 Forbidden Error for additional troubleshooting.

---

Conclusion

WordPress login redirect loops are usually caused by mismatched URL settings, cookie issues, or interfering plugins. The fastest fix is checking Settings → General to ensure your WordPress Address and Site Address match your actual domain exactly. If that’s correct, clear your browser cookies and try logging in again. Most redirect loops disappear with these two steps. If not, disable plugins one by one to find the culprit, or check .htaccess for broken redirect rules. Understanding that this error means authentication works (credentials are accepted) but redirects are broken helps you focus on redirect and URL configuration issues rather than authentication problems.