Fix WordPress login loop (keeps redirecting to login)

Fix WordPress login loop (keeps redirecting to login)

If you are trying to log into your WordPress admin dashboard but keep getting redirected back to the login page, you are stuck in a frustrating login loop. This issue, commonly known as the WordPress login loop keeps redirecting, prevents access to your site’s backend and can disrupt your workflow. Fortunately, there are straightforward fixes to resolve this problem quickly.

This article explains why the login loop happens and provides a quick copy/paste fix. It also walks you through detailed steps for different server environments like Nginx, Apache, cPanel, and Plesk.

Quick Fix

1. Clear your browser cookies and cache for your site.
2. Check and reset your WordPress site URL and home URL in wp-config.php:

define('WP_HOME','https://yourdomain.com');
define('WP_SITEURL','https://yourdomain.com');

3. Disable all plugins by renaming the wp-content/plugins folder via FTP or file manager.
4. Switch to a default theme by renaming your active theme folder in wp-content/themes.
5. Ensure your .htaccess file (Apache) or Nginx config is correct and not causing redirects.
6. Check your server’s PHP session and cookie settings.

Why this happens

The WordPress login loop usually occurs due to one or more of the following reasons:

• Incorrect site URL settings: If the WordPress Address (URL) and Site Address (URL) do not match or are misconfigured, WordPress redirects you back to login.
• Corrupted or conflicting plugins/themes: Plugins or themes that interfere with authentication or cookies can cause the loop.
• Browser cookies or cache issues: Old or corrupted cookies can prevent proper login sessions.
• Server misconfiguration: Incorrect rewrite rules in .htaccess or Nginx config files, or PHP session problems, can break login flow.
• HTTPS and SSL issues: Mixed content or forced HTTPS redirects without proper configuration can cause redirect loops.

Step-by-step

1. Clear Browser Cookies and Cache

Before making server changes, clear your browser’s cookies and cache for your site domain to eliminate stale session data.

2. Set Correct Site URL in wp-config.php

1. Access your site files via FTP, SFTP, or your hosting file manager.
2. Open wp-config.php in the root WordPress directory.
3. Add these lines just above the line that says /* That's all, stop editing! Happy blogging. */:

define('WP_HOME','https://yourdomain.com');
define('WP_SITEURL','https://yourdomain.com');

Replace https://yourdomain.com with your actual site URL including https if SSL is enabled.

3. Disable All Plugins

1. Rename the wp-content/plugins folder to plugins-disabled via FTP or file manager.
2. Try logging in again. If successful, a plugin is causing the issue.
3. Rename the folder back to plugins and reactivate plugins one by one to find the culprit.

4. Switch to a Default Theme

1. Rename your active theme folder in wp-content/themes (e.g., twentytwentyone to twentytwentyone-disabled).
2. WordPress will fallback to a default theme like Twenty Twenty-One.
3. Try logging in again.

5. Check and Reset .htaccess (Apache)

1. Backup and delete your current .htaccess file in the WordPress root directory.
2. Create a new .htaccess file with the default WordPress rules:

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress

3. Save and test login again.

6. Check Nginx Configuration

Ensure your Nginx config includes the correct rewrite rules for WordPress. A typical configuration looks like this:

location / {
    try_files $uri $uri/ /index.php?$args;
}

If you have forced HTTPS or redirects, verify they do not conflict with login URLs.

7. Verify PHP Session and Cookie Settings

• Make sure PHP sessions are enabled and writable on your server.
• Check php.ini for proper session.save_path and cookie parameters.
• Confirm your site uses consistent HTTP or HTTPS URLs to avoid cookie mismatches.

Works on

Server	Control Panel	Web Server
Shared Hosting, VPS, Dedicated	cPanel, Plesk, DirectAdmin	Apache, Nginx, LiteSpeed

This guide applies to most typical WordPress hosting environments including Apache and Nginx servers managed via cPanel or Plesk.

FAQ

Q1: Why does clearing cookies fix the login loop?

Cookies store your login session data. If they become corrupted or outdated, WordPress cannot validate your login, causing a redirect loop. Clearing cookies resets this data.

Q2: Can a plugin cause the login loop?

Yes. Plugins that handle authentication, security, or redirects can interfere with login sessions. Disabling all plugins helps identify if one is responsible