Free Guides 6 min read

How to Fix "Too Many Redirects" in WordPress

The WordPress too many redirects error (ERR_TOO_MANY_REDIRECTS) has a handful of specific causes. Here is how to find and fix each one in under 10 minutes.

Dobromir Dechev
Dobromir WordPress agency owner
Quick answer

The WordPress ERR_TOO_MANY_REDIRECTS error is caused by a redirect loop — most commonly a misconfigured WordPress Address or Site Address in Settings, conflicting HTTPS force-redirect rules between a plugin and the server, or a reverse proxy that is not passing the correct HTTPS headers.

ERR_TOO_MANY_REDIRECTS - also called a redirect loop - means your browser kept following redirects until it hit the maximum limit and gave up. The page never loads. The error is consistent across Chrome, Firefox, and Safari, though the exact message differs:

  • Chrome: This page isn't working. yourdomain.com redirected you too many times.
  • Firefox: The page isn't redirecting properly
  • Safari: Safari can't open the page because too many redirects occurred

A redirect loop usually means something is sending the visitor from URL A to URL B, and something else is immediately sending them back to A - infinitely.

Step 1 - Clear browser cookies and cache

Before investigating server-side causes, rule out the simplest one: your browser has cached an old redirect. Open an incognito/private window and try the site. If it loads in incognito but not normally, clear your browser cache and cookies for that domain, then reload.

Also test from a different network or device - your corporate firewall or ISP DNS may be caching stale redirect responses.

Step 2 - Check WordPress URL settings

The most common cause on newly-migrated or recently-SSL'd sites: WordPress address and Site Address do not match the actual URL being requested, causing WordPress to redirect forever trying to reach its own configured URL.

In wp-config.php, check:

define( 'WP_HOME',    'https://yourdomain.com' );
define( 'WP_SITEURL', 'https://yourdomain.com' );

If you cannot access the admin to check these, look them up in the database:

wp option get siteurl
wp option get home

Or in MySQL:

SELECT option_name, option_value FROM wp_options
WHERE option_name IN ('siteurl', 'home');

Common mismatches:

  • One is HTTP, the other is HTTPS
  • One has www., the other does not
  • Migration leftover: old domain still set
  • Typo in the domain

Set both to exactly the same value and ensure it matches your SSL certificate's domain.

Step 3 - Fix the Cloudflare flexible SSL redirect loop

This is the single most common cause of redirect loops on WordPress sites. The setup goes:

  1. WordPress Site Address is set to https://...
  2. WordPress therefore redirects HTTP requests to HTTPS
  3. Cloudflare is set to "Flexible SSL" mode, which means Cloudflare talks to your origin server over HTTP
  4. Your origin server receives an HTTP request and redirects it to HTTPS
  5. Cloudflare re-fetches the HTTPS URL... over HTTP to your origin... which redirects... forever

The fix: in Cloudflare > SSL/TLS, change the encryption mode from Flexible to Full or Full (strict). Full means Cloudflare connects to your origin over HTTPS. Full (strict) additionally validates your origin certificate.

If you do not have an actual SSL certificate installed on your origin server, you cannot use Full (strict) - get a Let's Encrypt certificate first.

Alternatively, if you must use Flexible SSL temporarily, remove the HTTPS redirect from WordPress/your server config so there is no loop.

Step 4 - Check .htaccess redirect rules

Open your .htaccess file. Conflicting or incorrect rewrite rules are a common cause of loops, especially after migrations or plugin installations that write their own rewrite rules.

A healthy WordPress .htaccess looks like this:

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress

Remove anything outside this block that you did not intentionally add. Watch for:

  • Double HTTPS redirect rules (one from a security plugin, one manually added)
  • Redirect rules pointing to both www and non-www versions creating a loop
  • Old rules from a previous CMS or framework

To check for a loop without a browser, use curl which shows you every redirect in the chain:

curl -IL --max-redirs 10 http://yourdomain.com

-I fetches headers only, -L follows redirects, and --max-redirs 10 caps it at 10 redirects. You will see the full redirect chain:

HTTP/1.1 301 Moved Permanently
Location: https://yourdomain.com/

HTTP/1.1 301 Moved Permanently
Location: http://yourdomain.com/    <-- going back to HTTP = loop

Step 5 - Check reverse proxy headers

If your WordPress is behind Nginx as a reverse proxy (Nginx > Apache, or a load balancer > Nginx > PHP-FPM), WordPress needs to correctly detect that the connection is HTTPS.

Without the right header, WordPress sees an HTTP request (because the proxy communicates with the backend over HTTP) and redirects to HTTPS - which the proxy also sends as HTTP - causing a loop.

In wp-config.php:

if ( isset( $_SERVER['HTTP_X_FORWARDED_PROTO'] )
     && 'https' === $_SERVER['HTTP_X_FORWARDED_PROTO'] ) {
    $_SERVER['HTTPS'] = 'on';
}

Make sure your proxy is actually sending this header. In Nginx:

proxy_set_header X-Forwarded-Proto $scheme;

Or for FastCGI:

fastcgi_param HTTPS on;  # only if your site is HTTPS-only

Step 6 - Disable HTTPS redirect from a plugin

Some security plugins (Really Simple SSL, WP Force SSL, Solid Security) add HTTPS redirect functionality. If more than one plugin is enforcing HTTPS redirects, or if a plugin's redirect conflicts with a server-level redirect, you get a loop.

Deactivate all security and redirect plugins via FTP:

mv /wp-content/plugins/really-simple-ssl /wp-content/plugins/really-simple-ssl_disabled

If the loop stops, one of those plugins was the cause. Re-enable them one by one to identify which one.

If you already have server-level HTTPS redirects in Nginx or .htaccess, you do not need a plugin to force HTTPS. Disable the plugin's redirect feature and rely on the server rule alone.

Step 7 - www vs non-www redirect conflict

A redirect loop can occur when:

  1. Your server redirects yourdomain.com to www.yourdomain.com
  2. WordPress WP_HOME is set to https://yourdomain.com (no www)
  3. WordPress redirects www.yourdomain.com back to yourdomain.com
  4. Loop

Decide on one canonical domain (www or non-www) and ensure:

  • The server redirect points to the canonical domain
  • WP_HOME and WP_SITEURL match the canonical domain exactly
  • The SSL certificate covers the canonical domain

In Nginx, a clean www to non-www redirect:

server {
    listen 443 ssl;
    server_name www.yourdomain.com;
    return 301 https://yourdomain.com$request_uri;
}

Step 8 - Check for multisite misconfiguration

On WordPress multisite, incorrect DOMAIN_CURRENT_SITE or PATH_CURRENT_SITE constants in wp-config.php can cause specific subsites to redirect to themselves infinitely. Check:

define( 'DOMAIN_CURRENT_SITE', 'yourdomain.com' ); // no https://, no trailing slash
define( 'PATH_CURRENT_SITE',   '/' );

Also check whether the sub-site's URL in the Network Admin matches the actual domain it is being accessed at.

Diagnostic checklist

Work through this in order - the most common causes are first:

  1. Try in incognito - if it works, clear cookies/cache
  2. Check WP_HOME and WP_SITEURL in wp-config.php - must be identical and HTTPS
  3. Check Cloudflare SSL mode - must be Full or Full (strict), not Flexible
  4. curl -IL http://yourdomain.com - trace the redirect chain
  5. Check .htaccess for conflicting redirect rules
  6. Add HTTP_X_FORWARDED_PROTO check to wp-config.php
  7. Disable all redirect/security plugins via FTP
  8. Check www vs non-www consistency in server config and WordPress settings

Frequently Asked Questions

How do I fix too many redirects in WordPress?
Start by clearing your browser cache and testing in an incognito window — a cached redirect can mimic a loop. If the problem persists, open wp-config.php and add define('RELOCATE', true); temporarily to reset the site URL. Check Settings > General and ensure WordPress Address and Site Address both use the same protocol (both https:// or both http://) and the same domain. Deactivate all plugins via FTP if the admin is inaccessible, then reactivate one by one.
What causes WordPress redirect loops after enabling HTTPS?
The most common cause is conflicting redirect rules: your SSL plugin (Really Simple SSL, WP Force SSL) adds an HTTPS redirect while your .htaccess or Nginx config adds another, creating a loop. It can also happen when WordPress is behind a load balancer or reverse proxy that terminates SSL — WordPress sees the request as HTTP and redirects to HTTPS, which the proxy intercepts and strips back to HTTP again.
How do I fix ERR_TOO_MANY_REDIRECTS when I cannot access WordPress admin?
Connect via FTP or your hosting file manager and open wp-config.php. Add these two lines directly above the 'That's all, stop editing!' comment: define('WP_HOME', 'https://yourdomain.com'); and define('WP_SITEURL', 'https://yourdomain.com');. This overrides whatever is in the database. If the loop still occurs, rename the plugins folder to disable all plugins and identify if one is causing the redirect.
Can Cloudflare cause a WordPress redirect loop?
Yes. This is a very common cause. It happens when WordPress or your .htaccess forces HTTP to HTTPS, but Cloudflare's SSL mode is set to Flexible — which means Cloudflare connects to your origin server over HTTP, causing an infinite loop. Fix it by setting Cloudflare SSL mode to Full (Strict) in the Cloudflare dashboard under SSL/TLS, which tells Cloudflare to connect to your server over HTTPS.

Was this article helpful?