Redirect loop on wp-admin or wp-login.php

For whatever reason /wp-admin/ path causes a redirect loop, but /wp-admin/index.php does not. As such, we can use .htaccess to redirect the /wp-admin/ path to /wp-admin/index.php by adding the following line to your .htaccess file after "RewriteBase /" line like this:

RewriteBase /
RewriteRule  /wp-admin/ /wp-admin/index\.php [L,P]

It worked for me like that. You final .htaccess would probably look like this:

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule  /wp-admin/ /wp-admin/index\.php [L,P]
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress

Checking the permissions of wp-login.php revealed that they too had somehow been set to 664 - the same permissions that caused index.php to fail and caused the 500 server error.

I changed the permissions of wp-login.php to 644 and hey presto, the WordPress login page showed up.

But on logging in, another redirect loop. So, once again, looking at /wp-admin/index.php, the permissions were 664 rather than 644.

Fixing them led to problems with the next files in line - the dashboard was a right mess. One by one, changing from 664 to 644 corrected the issues (/wp-admin/load-scripts.php, /wp-admin/load-styles.php).

So it became obvious that a recursive change of permissions was the only way to sort things out.

My UNIX isn't exactly top notch, but this appears to have worked (running from Mac OS X Terminal). I ran it from the root directory of this WP install.

find . -type f -perm 664 -print -exec chmod 644 {} \;

There might be a better command, but I understand this to mean "find all files with 664 permissions and change them to 644".

It has fixed my problem.


If you're using Cloudflare you might want to try adding this to the TOP of your wp-config.php file:

define('WP_SITEURL', 'https://www.example.com');
define('WP_HOME', 'https://www.example.com');
define('FORCE_SSL_ADMIN', true);
define('FORCE_SSL_LOGIN', true);
if(isset($_SERVER['HTTP_CF_VISITOR']) && strpos($_SERVER['HTTP_CF_VISITOR'], 'https')){
  $_SERVER['HTTPS']='on';
}

It's important that you add it to the top of the wp-config.php file or you'll end up with "Sorry, you are not allowed to access this page" error messages.

Credit: https://www.meltajon.com/dev/wordpress-wp-admin-redirect-loop-with-cloudflare-ssl