WordPress login redirect loop – why does it happen?

A WordPress login redirect loop is an endless redirect loop during login. In this article I explain how to recognize it, the most common causes, and when the issue is likely outside WordPress.

What is the problem?

A WordPress login redirect loop is essentially an endless redirect cycle during login. You try to log in with your username and password, but instead of reaching the dashboard, you keep landing back on the login page. In other words: the site keeps sending you back and you can’t break the circle. This problem effectively locks you out of your own website — even if you enter the correct credentials.

The frustrating result is that you can’t access the admin area (wp-admin) of WordPress. It’s a common WordPress problem, so you’re not the only one experiencing this. Fortunately, the cause is usually a specific setting or conflict, and the issue can be resolved once you understand what triggers it.

How do you recognize it?

Browser error in Google Chrome when a page redirects too many times.

In practice you’ll notice one or more of the following symptoms:

  • Repeated return to the login screen: After entering your password you’re immediately sent back to the login screen, without a WordPress error message. You keep “stuck” on the login screen and never reach the dashboard — it feels like you can’t log in at all.
  • Endless redirect: You may see the URL flip between wp-admin and wp-login.php, or the page keeps refreshing. Sometimes the browser warns that the page can’t load correctly.
  • Browser message “too many redirects”: Many modern browsers detect this and show an error. Google Chrome might say “This page isn’t working – domain.com redirected you too many times.” That’s a clear sign a redirect loop is happening.

In short, you can’t log in no matter how often you try. You don’t see a specific WordPress error, just the recurring login page (or a generic browser redirect error).

Most common causes

Why does WordPress keep sending you back to the login page? Below are the most common WordPress‑level causes of a login redirect loop:

  • Incorrect website URL settings: A common cause is that the configured WordPress Address (URL) and Site Address (URL) don’t match the actual URL of your site. For example, your site runs on https:// but WordPress is still set to http://, or your domain with www redirects to the version without www (or vice versa). These URL mismatches can confuse WordPress and cause a loop.
  • Cache problems: WordPress and browsers use cache (temporary page storage) to make sites faster. If there are outdated or corrupted cache files, the login flow can break. Your browser or a caching plugin might hold on to old data, so WordPress thinks you’re not logged in (or already are) and keeps sending you back.
  • Cookie problems: Cookies are small files your browser uses to stay logged in. WordPress relies on a login cookie to recognize your session. If your browser blocks cookies or the WordPress login cookie is corrupt or incorrect, WordPress won’t recognize you and sends you back to the login page. In Firefox this can show a message like “The page isn’t redirecting properly, possibly caused by refusing cookies.” Cookies have to work correctly for login to succeed — see cookies are blocked.
  • Plugin or theme conflict: Another common cause is a conflict with a plugin or theme. For example, you recently installed a new plugin or updated a plugin/theme and it now triggers an unwanted redirect. A login‑related plugin (such as a security plugin that redirects logins or adds extra steps) might be too strict and block legitimate logins. A theme bug (less common) can also cause the login page to keep reloading.
  • .htaccess or redirect‑file errors: Many WordPress sites (especially on Apache servers) use a hidden configuration file called .htaccess to manage redirects and URL structures. If it’s damaged or misconfigured, it can create an endless redirect. For example, a wrong redirect rule in .htaccess can make wp-login.php keep pointing back to itself. (On servers without .htaccess, similar redirect rules in server config can cause the same issue.)

These causes cover most WordPress login redirect loop cases. Often it’s something small in the configuration or a recent site change that triggers the loop.

When is the problem likely outside WordPress?

In some situations the endless login loop isn’t caused by WordPress itself but by factors outside the WordPress software. Examples where the cause is likely outside WordPress:

  • Domain or DNS redirects: There may be an external redirect active on your domain or at your host. For example, a misconfigured domain forward at your registrar or hosting provider (such as a www version redirecting to non‑www and vice versa) can cause a loop outside WordPress. These are server or DNS settings unrelated to WordPress configuration.
  • HTTPS/SSL settings conflict: WordPress and your server need to agree on HTTP vs HTTPS. If your hosting forces HTTPS (via a server rule or CDN) while WordPress is still set to HTTP, you get a conflict. Your browser may bounce between http:// and https://. Conversely, a poorly configured SSL certificate can also cause endless redirects. These issues live in server or certificate settings rather than, or alongside, WordPress settings.
  • External services (CDN/Firewall): Do you use a content delivery network (CDN) or an external security/firewall service (for example Cloudflare or Sucuri)? Such services sometimes add their own redirects or rules for performance or security. A misconfigured rule can clash with WordPress and cause a redirect loop. For example, a CDN forcing a different URL variant, or a security layer that always sends suspicious login attempts back to login.
  • Server configuration and permissions: Finally, the issue can be in server configuration. Think of incorrect file permissions — if WordPress doesn’t have the right access to certain files or session folders, the login may not complete. This is technical, but it means the server doesn’t allow WordPress to perform the required actions. That sits outside WordPress itself because it must be fixed at the hosting level. Other server settings (for example special redirects in the web server software) can also cause issues if they aren’t configured correctly.

In short: if you’ve checked all typical WordPress causes and the problem persists, the cause is likely outside WordPress — in your hosting environment, domain settings, or an external service.

Conclusion

A WordPress login redirect loop can be confusing, especially if you’re not technical. The good news is that this problem is usually traceable once you know what to look for.

Locked out of wp-admin too often?

Login and access issues usually come down to changes, conflicts or security rules. Managed hosting reduces surprises with controlled updates and checks.

See managed WordPress hosting

  1. Cannot log in to WordPress – what does it mean?

    Not being able to log in to your own WordPress site (`wp-admin`) is frustrating. In this article I explain the symptoms you can recognize and the most common causes so you can see where the issue sits.

    2267 words
  2. No access to wp-admin – without an error

    You try to log in to the WordPress admin area, but you’re redirected or see a blank page without an error message. In this article I explain the three categories of causes that usually sit behind this and how to recognize them.

    1344 words
  3. Sorry, you are not allowed to access this page – explained

    You log in and see the message “Sorry, you are not allowed to access this page.” I explain when this appears, what it means, and why it’s a deliberate security measure.

    638 words