Back to Community
Home / Community / CoreNetworking wordpress

Troubleshooting WordPress Multisite Login Redirects and Admin Access Issues

19 threads Sep 7, 2025 CoreNetworking wordpress

Content

WordPress Multisite is a powerful feature, but it can introduce complex login and redirect problems, especially when accessing the wp-admin area for subsites. A common issue users report is being redirected to the wrong location—like the main site's login, a signup page, or even into an infinite loop—when trying to access a subsite's dashboard. This guide will explain why these redirects happen and provide the most common solutions to get your network running smoothly.

Why Do These Redirects Happen?

In a WordPress Multisite network, the system uses cookies and server configuration rules to determine which site a user is trying to access and whether they have the correct permissions. The root cause of most redirect issues falls into one of these categories:

  • Cookie Configuration: The settings in your wp-config.php file (like COOKIE_DOMAIN, ADMIN_COOKIE_PATH) tell WordPress how to handle authentication across different domains or paths. An incorrect configuration here is a primary cause of login loops and failed authentications.
  • Server Rewrite Rules: Multisite relies heavily on server rewrite rules (in an .htaccess file for Apache or the server config for Nginx) to correctly route requests. If these rules are missing, malformed, or not properly translated for your server, requests for /wp-admin can be sent to the wrong place.
  • Domain Mapping: If you are using custom domains for your subsites, you must ensure that WordPress and your server are correctly configured to recognize them. Otherwise, users may be redirected to the primary domain or the wp-signup.php page.
  • CORS (Cross-Origin Resource Sharing) Policies: For Ajax requests or logins that cross subdomains, browser security policies may block the request if the server does not send the appropriate headers, leading to failed logins or empty responses.

Common Solutions to Try

1. Review Your wp-config.php Cookie Settings

Incorrect cookie paths and domains are a frequent culprit. The 'Networking WordPress' team suggests carefully defining these constants. Be cautious, as seen in Thread 9, where adding certain constants fixed subsite logins but broke network admin access. A common configuration for a subdomain install is to not define these extra constants, allowing WordPress to handle them automatically. Only define them if you are certain of your network's needs.

// Standard Multisite config - often all you need
define('WP_ALLOW_MULTISITE', true);
define('MULTISITE', true);
define('SUBDOMAIN_INSTALL', true);
define('DOMAIN_CURRENT_SITE', 'yourmaindomain.com');
define('PATH_CURRENT_SITE', '/');
define('SITE_ID_CURRENT_SITE', 1);
define('BLOG_ID_CURRENT_SITE', 1);

// Only add these if you have a specific, understood reason
// define('ADMIN_COOKIE_PATH', '/');
// define('COOKIE_DOMAIN', '');
// define('COOKIEPATH', '');
// define('SITECOOKIEPATH', '');

2. Verify Your Server Configuration

Your server must be configured to handle Multisite's complex rewriting needs.

  • For Apache: Ensure your .htaccess file contains the correct Multisite rewrite rules, as shown in Thread 18. The rules for subdomain and subdirectory installs are different.
  • For Nginx: This is a common source of problems, as mentioned in Threads 1 and 19. The standard .htaccess rules do not work; they must be translated into Nginx directives and placed in the server's configuration file. An incorrect translation can lead to malformed URLs and failed redirects.
  • For Reverse Proxies (Nginx): If WordPress is behind a reverse proxy (Thread 12), ensure the proxy passes all necessary headers and that the WP_SITEURL and WP_HOME constants are correctly defined to reflect the public URL, not the internal one.

3. Check for Plugin and Theme Conflicts

Before making complex server changes, rule out simpler causes. Deactivate all plugins on the network and switch to a default WordPress theme (like Twenty Twenty-One). If the problem resolves, reactivate them one by one to identify the culprit. Some plugins may not be fully compatible with Multisite's complex authentication process.

4. Investigate CORS Headers for Cross-Domain Requests

If you are seeing CORS errors in your browser console (Thread 10) when a subsite tries to communicate with the main site, the issue is at the server level. The server responding to the request (e.g., file.php) must include the header Access-Control-Allow-Origin to permit requests from the subsite's domain. This is typically configured in your server's (Apache/Nginx) virtual host file.

5. Confirm Domain Mapping Setup

If you've assigned a custom domain to a subsite (Thread 17) and login/cart functionality breaks, the issue is almost always related to cookies not being set for the new domain. You must ensure your domain mapping plugin (or manual method) is correctly configured to handle authentication for the custom domain.

Conclusion

Multisite login and redirect issues can be frustrating, but they are almost always solvable by methodically checking your configuration. Start with your wp-config.php file, then move on to your server's rewrite rules, and finally investigate plugins and cross-domain policies. For more specific help with server configuration, consulting your hosting provider's documentation for Multisite setup is highly recommended.

Related Support Threads Support