BugWP logo BugWP
Back to Community
Home / Community / CoreNetworking wordpress

Resolving HTTPS Redirect Loops and Mixed Content in WordPress Multisite

24 threads Sep 16, 2025 CoreNetworking wordpress

Content

Migrating a WordPress Multisite network to HTTPS or troubleshooting SSL issues can be a complex process. A common challenge users face is the redirect loop, where the site gets stuck in an endless cycle of redirects between HTTP and HTTPS. Other frequent issues include mixed content warnings, where some resources are still loaded over HTTP, and problems with new subsites not defaulting to HTTPS. This guide explains why these problems occur and provides the most effective solutions based on community experience.

Why Do HTTPS Redirect Loops Happen in Multisite?

Redirect loops often stem from conflicting instructions. Your WordPress configuration, database entries, server rules (like those in an .htaccess file), and caching plugins can all be trying to manage the HTTP-to-HTTPS redirect. When these settings are not fully synchronized, they can conflict with each other, creating a loop. Common causes include:

  • Incomplete URL updates in the database after migrating to HTTPS.
  • A redirect rule in the .htaccess file that conflicts with a rule set by a plugin or your hosting provider.
  • Hardcoded HTTP URLs in theme or plugin files.
  • Cached pages or cookies that still reference the old HTTP protocol.

Common Solutions for HTTPS Redirects and Mixed Content

1. Perform a Complete Database Search and Replace

The most critical step is to ensure every instance of your old HTTP URL is updated to HTTPS in the database. This includes serialized data where URLs are stored. For a Multisite network, you must update the URLs for the main site and every subsite.

  • Tool: Use a reliable, trusted plugin like Better Search Replace.
  • Process: Always back up your database first. Then, run a search for http://example.com and replace it with https://example.com. Repeat this process for all variations of your domain (e.g., with and without www).
  • Caution: Avoid using unsupervised search-and-replace scripts, as they can break serialized data if not handled correctly.

2. Review and Update Your .htaccess File

Incorrect or duplicate redirect rules in your .htaccess file are a primary cause of loops. The 'Networking WordPress' team suggests that for a standard WordPress Multisite subdomain setup, your .htaccess file should resemble the code found in the official documentation. If you have added custom redirects, ensure they do not conflict. A common and simple rule to force HTTPS is:

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

Place this rule above the standard WordPress rewrite rules.

3. Force HTTPS for New Multisite Subsites

By default, new sites created in a Multisite network may not use HTTPS, even if the main site does. To automatically force HTTPS for all new subsites, you can use a Must-Use plugin. Create a file like force-https-multisite.php in your /wp-content/mu-plugins/ directory with the following code:

<?php
// Force HTTPS for new sites in a Multisite network
add_filter( 'wp_initialize_site_args', 'force_https_for_new_sites', 10, 2 );

function force_https_for_new_sites( $args, $site ) {
    $args['options']['home']  = 'https://' . $site->domain;
    $args['options']['siteurl']  = 'https://' . $site->domain;
    return $args;
}
?>

4. Configure WordPress for a Reverse Proxy

If your WordPress site is behind a reverse proxy (like nginx or a load balancer) that handles SSL termination, WordPress might not detect that it's being accessed over HTTPS. This can cause redirect loops and mixed content. To fix this, add the following lines to your wp-config.php file, above the line that says /* That's all, stop editing! Happy publishing. */:

if ( isset( $_SERVER['HTTP_X_FORWARDED_PROTO'] ) && $_SERVER['HTTP_X_FORWARDED_PROTO'] === 'https' ) {
    $_SERVER['HTTPS'] = 'on';
}

5. Clear Caches and Cookies

After making these changes, clear all caching from any caching plugins, server-side caches (like Varnish or OPcache), and your browser. Also, clear your browser's cookies and local storage for the site, as old session data can perpetuate redirect loops.

When to Seek Further Help

If these steps do not resolve the issue, the problem may be more specific to your server configuration. In these cases, it is recommended to:

  • Check your server's error logs for more detailed clues.
  • Temporarily deactivate all plugins and switch to a default theme to rule out conflicts.
  • Consult your hosting provider to confirm that your SSL certificate is installed correctly and that their server configuration is not causing a conflict.

Successfully implementing HTTPS across a Multisite network requires careful attention to detail in the database, WordPress configuration, and server settings. Following these structured steps should help you achieve a secure and properly functioning site.

Related Support Threads Support