Really Simple SSL

My website is in a redirect loop

When you experience a redirect loop (the browser shows the “too many redirects” or ERR_TOO_MANY_REDIRECTS error), this can be caused by several things, I’ve listed the most common causes below.

Most checks can be done without access to the back-end. If these steps all fail, and you still have a redirect loop, you can try to activate Really Simple SSL in safe mode. This will activate Really Simple SSL without a redirect and without your site URL becoming https. If all fails you can always deactivate using the remove script, or manually.

A redirect back to http

This is the most likely cause, you can check if this is the case by typing in your URL with https (when Really Simple SSL is deactivated). If you get redirected back to http, there is a redirect to http active, which will cause redirect loops when a redirect to https is added.

  • Check other plugins
    • Multilanguage plugins,
    • Login plugins,
    • Redirect plugins
    • WooCommerce with certain settings can redirect to http.
    • iThemes SSL settings
  • Check if your .htaccess or nginx.conf contains redirects to http.
    If you have other redirects in place, this could conflict with the redirect of Really Simple SSL.

Re-save the permalinks

If you still have access to the back-end, saving the permalinks in settings/permalinks is a magic trick which will resolve a lot of 404 and loop issues. This is the first thing I do when there are issues.

Check if you have Varnish Cache active

Varnish often causes issues on SSL. Ask your hosting company if Varnish is active and if they can disable it, to see if that helps. With a service like, you can confirm if your site uses Varnish Cache. If so, you should be able to deactivate Varnish in your Webhosting dashboard (such as CPanel).

Check your certificate

In some cases, a certificate with chain issues can cause issues. Check if your certificate is ok on It should at least grade an A.

CDN, like CloudFlare

For the most common issues with CloudFlare, see the dedicated CloudFlare article

Redirect loop on multisite with domain mapping

The WPMU domain mapping plugin in combination with Really Simple SSL can cause redirect loops. In the cases that I investigated, this was caused by load balancing on some domains on the network. WordPress depends on the is_ssl() function to detect SSL. The is_ssl() function in turn only looks at the $_SERVER[‘https’] = ‘on’ variable. When a domain is served load balanced, or behind a CDN, this variable is not passed by the server. WordPress should instead look at another variable. A brute force fix is to just copy the $_SERVER[‘https’] = ‘on’; in the wp-config.php, but if you still have some sites on your network which are not https, this won’t work.

Really Simple SSL has a built-in mechanism to detect this, but in the current implementation it doesn’t allow for the possibility that some domains use load balancing, and some don’t. If the main site detects the $_SERVER[‘https’] variable, the wpconfig fix won’t get inserted.

You can check if this is the case on your site by opening this URL on both a domain with a redirect loop:

If it shows “load balancer”, you should add the wp-config.php


Two options, of which I personally prefer the first one:

  1. Follow the instructions in this article. In short: remove the WPMU domain mapping plugin, and map it using the built-in capabilities of WordPress.
  2. Add the wp-config.php fix manually, by inserting:
//Begin Really Simple SSL Load balancing fix
$server_opts = array("HTTP_CLOUDFRONT_FORWARDED_PROTO" => "https", "HTTP_CF_VISITOR"=>"https", "HTTP_X_FORWARDED_PROTO"=>"https", "HTTP_X_FORWARDED_SSL"=>"on", "HTTP_X_FORWARDED_SSL"=>"1");
foreach( $server_opts as $option => $value ) {
  if ((isset($_ENV["HTTPS"]) && ( "on" == $_ENV["HTTPS"] )) || (isset( $_SERVER[ $option ] ) && ( strpos( $_SERVER[ $option ], $value ) !== false )) ) {
    $_SERVER[ "HTTPS" ] = "on";
//END Really Simple SSL


Related articles

19 Responses

  1. This redirect loop is so frustrating.

    I literally can’t even save the settings to stop the plugin from writing to .htaccess before it writes to it and locks me out again. I keep removing the added text to the .htaccess file but am not fast enough to save the settings in the plugin.

    No idea why I’m in this look either. Could it be because I have set Settings/General/site address as https://…?

      1. Thanks for the quick reply but that did not work

        I added the line at the end of my wp-config file

        Clicked on the SSL Settings page and was back in a redirect loop

        I tried to change the Settings/General/site address to http:// thinking that was the problem but it did not change anything.

        I literally cannot update the plugin or go into the settings without ending up in a redirect loop.

        So strange.

        1. UPDATE: Looks like I actually had the Safari redirect issue

          Loaded in Chrome and was able to check the ‘stop editing htaccess file’

          All good now.

  2. there are some problems with these instructions is
    1. Once you have a redirect loop you can’t login to disable other plugins
    2. Lots of people do not use .htaccess – nginx is pretty popular these days.

    How do I disable really simple ssl now that I have redirect loops given I don’t use .htaccess?
    Where is the javascript redirect installled (I’m assuming that’s the problem).
    What do I edit in other plugins to make them play nicely with this plugin (assuming disabling them fixes anything(?
    How do I remove this plugin without being able to login?

  3. Hello today I purchased the Really Simple SSL per page to secure just 2 pages in my WP installation. I bought it to avoid errors to the whole installation. So if i enable SSL for this 2 pages they are caught in that famous ssl loop. Woocommerce checkout process works with ssl so there might be no problem with the ssl certificate. Outside the woocommerce checkout i do not use ssl just the 2 pages I want to secure. So how can I avoid that loop for these 2 pages?

    1. If you type in the url of one of these pages with https, does it redirect to http? If a redirect loop is generated something else is redirecting back to http. This might be a plugin, or a .htaccess rule.

      1. If I type in the page with https it will be shown without! There is a normal page. If I use the plugin and set the page to ssl there is the loop with http and with https.

        1. If you type the url with https, and you get a http page in return, there is a redirect to http on your site. This explains the redirect loop. So you need to remove the redirect first.

  4. hello ,
    i have a problem, i use the your plugin Really Simple SSL and the website is seen by google search in https
    but for a page (bubble foot) the page is displayed with no https and since this moment the rank of this page is now very very low. you can see for exemple on google search when you type” sportigoo bubble foot”
    the page is displayed as just and not with the https like the others
    i have looked the canonical url it is good
    i don’t understand , have you an idea? now this page has lost power
    thanks to let me know

    1. Hi Francois,

      I’ve done the search and indeed, the result is shown without https://. There is however a 301 permanent redirect on the page. This issue should resolve itself, give it a little time and the result should show with https://.


  5. thanks Mark
    but before a week ago the page was seen with the https, and now no, but i will wait and hope this will be solved, have a nice day, don’t hesitate if you have another thinking about this problem

  6. New Pro buyer. Everything looks OK until I went to log in to my WP acct.
    When WP login receives the password, the page that shows up is just a rectangle with “This has been disabled”.
    Not the end of the world as a previously open page to my website gets activated for editing so I can get to my Dashboard.
    This happened on two machines in two locations the same way.
    A third machine did not have my site open and although I got the same dialog, when I opened the site, it also showed edit capability.
    In WP Google Analytics, the site is still shown as http://rooducts even though the two Google sites were updated to https.

    1. Hi Randy, If I’m not mistaken, the ‘this has been disabled’ message is from iThemes Security. Did you change the URL to https in the Google Analytics settings?

      1. I am using iThemes.
        I didn’t change it in GAnalytics but added it so both http and https are there.
        It wasn’t allowing a change that I could see.
        So I have both listed there.

        I’m also confused with the tracking stuff – do I remove the old tracking and add the new?

        1. Sorry, I just checked and both columns are changed to https and the tracking number is the one shown on WP. It was the other Google page that I added to.

        2. Hi Randy, As this page is about redirect loops, I understand it you have a redirect loop? Did you try disabling the force SSL option in Ithemes?

Leave a Reply

Join our mailing list - 8 Tips & Tricks in your inbox over the next 8 weeks!

Integrate with Really Simple SSL

Really Simple SSL offers a Free SSL Certificate from Let’s Encrypt. Do you want to integrate with Really Simple SSL as a hosting provider? Let us know!

Choose the answer that most closely resembles your proposed integration. Additional information can be entered below.
After sending the form. The pop-up will close automatically.