After configuring an SSL certificate for a WordPress site, some users may encounter an inability to log into the admin dashboard, with the browser displaying a "Too many redirects" or "ERR_TOO_MANY_REDIRECTS" error. This is typically caused by incorrect SSL/HTTPS enforcement settings, leading to an infinite redirect loop between HTTP and HTTPS for the login page.
Problem Causes
This issue usually occurs under the following circumstances:
- An SSL certificate is installed and active, but WordPress configuration is not fully updated to enforce HTTPS.
- Server environment variables (like
$_SERVER['HTTPS']) are not correctly set to'on', preventing WordPress from accurately detecting a secure connection. - Website URL settings (
WP_SITEURL,WP_HOME) or thesiteurlandhomeoptions in the database still use HTTP addresses, conflicting with server-side HTTPS enforcement rules.
Solutions
The core solution is to explicitly inform WordPress that SSL is enabled and force the admin area to use HTTPS. Edit the wp-config.php file in your site's root directory via FTP, SFTP, or your hosting control panel's file manager.
Method 1: Modify wp-config.php (Recommended)
Add the following code in wp-config.php, after the <?php tag and before any other code:
// Force SSL/HTTPS to resolve admin login redirect loops
if (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https') {
$_SERVER['HTTPS'] = 'on';
}
if (isset($_SERVER['HTTPS'])) {
$_SERVER['HTTPS'] = $_SERVER['HTTPS'] == 'on' ? 'on' : 'off';
}
if (!isset($_SERVER['HTTPS']) || $_SERVER['HTTPS'] == 'off') {
$_SERVER['HTTPS'] = 'on';
}
define('FORCE_SSL_LOGIN', true);
define('FORCE_SSL_ADMIN', true);Method 2: Hardcode Site URLs (Comprehensive Fix)
If Method 1 doesn't work, you may also need to hardcode the site URLs in wp-config.php. Add these lines after the previous code:
define('WP_HOME', 'https://yourdomain.com');
define('WP_SITEURL', 'https://yourdomain.com');Note: Replace 'yourdomain.com' with your actual domain.
Next Steps & Verification
- Save the file and upload it back to the server.
- Clear your browser cache and cookies, then restart the browser.
- Attempt to log in using
https://yourdomain.com/wp-admin. - Update database URLs (Optional): After successful login, go to Settings → General and verify both "WordPress Address (URL)" and "Site Address (URL)" start with HTTPS. If they still show HTTP, update them manually.
Prevention & Best Practices
- Before installing an SSL certificate, consider pre-configuring the SSL enforcement code in
wp-config.php. - Use a reliable SSL certificate and ensure your server (e.g., Nginx/Apache) SSL configuration is correct.
- Plugins like "Really Simple SSL" can assist with migration, but manual configuration of
wp-config.phpprovides a more permanent solution.
Following these steps should resolve most WordPress admin login redirect loops caused by SSL configuration. If the issue persists, check server rewrite rules (.htaccess or Nginx config) or contact your hosting provider to confirm SSL is properly installed and active.