BugWP logo BugWP
Back to Community
Home / Community / PluginRedirection

How to Exclude wp-admin from Redirection Rules and Avoid Getting Locked Out

18 threads Sep 16, 2025 PluginRedirection

Content

One of the most common issues users face with the Redirection plugin is accidentally locking themselves out of their WordPress admin area (wp-admin). This happens when a broad redirect rule, designed to send all site traffic to a new location, also captures attempts to access the backend. This guide explains why this happens and provides the most effective solutions to regain access and configure your redirects correctly.

Why Does This Happen?

The Redirection plugin processes redirects before WordPress fully loads. If you create a rule—especially a regular expression like ^(.*)—that matches all URLs, it will also match /wp-admin and /wp-login.php. Since the plugin treats these requests like any other URL, it will redirect them before you can log in, effectively locking you out of your own site.

How to Regain Access and Fix the Problem

If you are already locked out, you must first disable the plugin to regain access. The recommended method is to use the integrated emergency reset feature by visiting yourdomain.com/?wp-redirect=reset. If that doesn't work, you can disable the plugin manually via FTP or your hosting file manager by renaming the redirection folder (found in /wp-content/plugins/) to something like redirection_off. This will deactivate the plugin and all its rules, allowing you to log in again.

Configuring Redirects to Exclude wp-admin

Once you have access again, you can set up your redirects properly. There are two primary methods to exclude the WordPress admin area from your redirect rules.

Method 1: Use the Site Relocate Feature (Recommended)

The simplest and most robust solution is to use the built-in Site Relocate feature. This is designed specifically for moving a site to a new domain while automatically preserving access to the wp-admin area on the old domain.

  1. In your WordPress dashboard, go to Tools > Redirection > Site.
  2. Find the Site Relocate option.
  3. Enable it and enter the full URL of your new domain (e.g., https://newdomain.com).
  4. Save changes.

This method handles the complexity for you and ensures login pages are never redirected.

Method 2: Create Manual Redirects with Exceptions

If your redirect needs are more complex and the Site Relocate feature isn't suitable, you can create manual redirects using regular expressions while adding a "do nothing" rule for the admin paths.

  1. Create a "Do Nothing" Rule for Admin:
    • Source URL: ^/wp-(.*)
    • Action: Do Nothing (ignore)
    • Set this rule's Position to a lower number (e.g., 0). Rules with lower positions are processed first.
  2. Create Your Catch-All Redirect:
    • Source URL: ^(.*)
    • Target URL: https://newdomain.com (or your desired target)
    • Set this rule's Position to a higher number (e.g., 1).

The "do nothing" rule will be processed first, preventing the admin paths from being caught by the broader redirect rule below it. You may need to add similar "do nothing" rules for other specific paths you wish to exclude (e.g., /graphql).

Important Considerations

  • Rule Order is Critical: When using manual rules, the order of operations (controlled by the Position value) is essential. The exclusion rule must have a lower position number and be processed before the general redirect.
  • Test Carefully: Before logging out, always test your new rules in an incognito browser window to ensure you can still access /wp-login.php. This prevents you from getting locked out again.
  • Avoid Redirecting Admin: As noted in the threads, the Redirection plugin is intentionally designed to make it difficult to create redirects for /wp-admin pages because it almost always breaks site functionality.

By following these steps, you can successfully redirect your site's visitors while maintaining crucial access to your WordPress admin dashboard.

Related Support Threads Support