Skip to content

WordPress fixes, security checks, and performance guides for site owners and builders.

Start with fixes
Fixes

How to Fix a WordPress Login Redirect Loop

Fix a WordPress login redirect loop by checking cookies, site URLs, caches, and plugin conflicts without dashboard access.

4 min read Last updated Jun 15, 2026

A WordPress login redirect loop usually sends you back to wp-login.php after accepting your credentials, or repeatedly redirects between the login page and /wp-admin/. Start by clearing cookies for the site. If that does not work, check the WordPress URLs, purge caches, and temporarily disable plugins.

Clear the site’s cookies

WordPress uses browser cookies to maintain an authenticated session. A stale cookie can prevent that session from being recognized.

Delete cookies and cached site data for the affected domain, close the browser, and then open a new window. Visit the login page directly:

https://example.com/wp-login.php

Also try a private browsing window. If private browsing works, the problem is confined to the original browser profile. Disable browser extensions that modify cookies, privacy settings, or redirects before testing again.

Check that cookies are allowed for both the main domain and the exact hostname used for login. For example, logging in through www.example.com while WordPress redirects to example.com can break the session when the site URLs are inconsistent.

Check the WordPress URLs

The WordPress Address and Site Address should normally use the same hostname and protocol as the public site.

If you have WP-CLI access, inspect both values without changing anything:

wp option get home
wp option get siteurl

Look for differences involving:

  • http:// and https://
  • www.example.com and example.com
  • An old staging or temporary domain
  • A missing subdirectory when WordPress is installed below the document root

A mismatch does not always indicate an error. WordPress can deliberately use different addresses when its core files are stored in a subdirectory. Confirm the intended configuration before editing either value.

If the addresses are wrong, back up the database and correct them through your hosting control panel, database manager, or a known-good WP-CLI workflow. Use the final public URL consistently. Afterward, clear cookies and caches before testing the login again.

Also inspect wp-config.php for existing WP_HOME and WP_SITEURL definitions. These constants override the corresponding database values. Do not add another copy; correct or remove the existing definitions only after confirming why they were introduced.

Purge every cache layer

An old redirect can remain active even after the underlying URL or cookie problem has been fixed.

Clear the layers available on your site:

  • WordPress caching plugin
  • Hosting-platform page cache
  • Reverse proxy or CDN cache
  • Browser cache

Temporarily pause CDN redirect or caching rules if your provider allows it. Then request wp-login.php directly and test in a private window.

Do not leave the login page broadly excluded from security controls. Restore any paused CDN or hosting protections after the test.

Disable plugins without dashboard access

Security, SSL, caching, membership, and redirect plugins can interfere with authentication or send /wp-admin/ to the wrong address.

Use SFTP or your host’s file manager to open wp-content. Rename the plugins directory:

plugins

to:

plugins-disabled

WordPress will be unable to load the plugins from that directory. This does not delete their files or settings. The official WordPress troubleshooting documentation describes this method for disabling plugins when the administrative menus are unavailable.

Try logging in again after clearing cookies and caches. If login works:

  1. Rename plugins-disabled back to plugins.
  2. Open the Plugins screen in WordPress.
  3. Activate plugins individually.
  4. Test the login flow after each activation.

The last plugin activated before the loop returns is the likely conflict. Leave it disabled while checking its vendor documentation, configuration, and available updates.

If renaming the directory does not help, restore its original name immediately.

Check HTTPS and proxy redirects

A loop between HTTP and HTTPS often means WordPress and the server disagree about whether the request is secure. This is common after enabling SSL, moving behind a CDN, or changing a reverse proxy.

Check the browser address bar during the loop. If the URL alternates between http:// and https://, review:

  • WordPress home and siteurl values
  • Hosting-panel HTTPS redirects
  • CDN redirect rules
  • Web-server configuration
  • Proxy settings that pass the original request protocol to WordPress

Avoid disabling HTTPS as a general fix. Correct the conflicting redirect or proxy configuration so WordPress consistently recognizes secure requests.

Escalate when the redirect happens before WordPress loads

Contact the hosting provider if the loop continues with all plugins disabled, correct site URLs, cleared caches, and fresh cookies. Ask them to inspect server-level redirects, proxy headers, CDN rules, and the request path for wp-login.php and /wp-admin/.

Provide the affected hostname, the approximate time of a failed login, and whether the browser alternates between specific URLs. Do not send passwords, authentication cookies, or full configuration files.

Editorial Staff

The BugWP editorial staff publishes practical WordPress guides for fixes, security, performance, hosting, Cloudflare, and plugin/theme recovery.

5 min read How to Fix the WordPress Media Upload HTTP Error 4 min read How to Fix the WordPress Memory Exhausted Error 4 min read How to Increase the WordPress Maximum Upload File Size