Redirect Loops

My website is in a redirect loop

When you experience a redirect loop, this can be caused by several things. Really Simple SSL adds two redirects: a javascript redirect, which you can disable in the SSL settings, and a .htaccess redirect. Redirects can also be caused by other plugins, or by a certificate issue.

Really Simple SSL first tests if a redirect rule works, before actually adding it to your .htaccess. So if it is added, your server seems to supports it. That you are experiencing a redirect loop would suggest there is a conflict with another plugin, or with something in your .htaccess files.

Most steps below can be done without access to the back-end. If these steps all fail, and you still have a redirect loop, you can always deactivate using the remove script, or manually.

You can try to track down the cause systematically by following these steps:

Check your certificate

In some cases a certificate with chain issues can cause issues. Check if your certificate is ok on https://ssllabs.com/ssltest. It should at least grade an A.

Check other plugins

Multilanguage plugins do a lot of redirects to get your visitor to the right language. Try re-saving the settings of your language plugin, or try what happens if you disable it. If you cannot access the admin as well, the easiest way to disable a plugin when you have a redirect loop, is to rename the plugin folder through FTP. But in most cases when a plugin causes a redirect conflict, you can still access the back-end.

Redirection plugins, security plugins and caching plugins might cause redirects as well: deactivate them to see if this helps. If that plugins redirects to a http link, obviously that will cause redirect issues. Update it so it redirects to the new https url.

CDN, like CloudFlare

It’s best to temporarily pause Cloudflare for your domain, and disable protocol rewriting to https when enabled. After successfully enabling CloudFlare, you can try if it works when you enable again.

Check if your .htaccess contains other redirects to https.

If you have other redirects in place, this could conflict with the redirect of Really Simple SSL. If you are using NGINX, check your nginx.conf for conflicting redirects.

Check if you have Varnish Cache active

Varnish often causes issues on SSL. Ask your hosting company if Varnish is active, and if they can disable it to see if that helps. With a service like www.redirect-checker.org/ you can see if your site uses Varnish Cache. If so, you should be able to deactivate Varnish in your webhosting dashboard, like CPanel.

Remove .htaccess redirect

If you are on NGINX, you can skip this step.

If the other steps didn’t help, you can try to remove the rewrite rule from your .htaccess file.

  1. Open your ftp client (for example filezilla)
  2. In the root of your website, look for the .htaccess file. If you cannot find it, make sure filezilla shows hidden files
  3. Open it in a texteditor, and look for # BEGIN rlrssslReallySimpleSSL
  4. Remove all lines between # BEGIN and # END, and save
  5. Prevent Really Simple SSL from editing the htaccess any further:
    1. Look for wp-config.php in the root of your site.
    2. Open the wp-config, and add at the top, but after  “<?php":
      define( 'RLRSSSL_DO_NOT_EDIT_HTACCESS', TRUE );
    3. Alternatively, if you have still access to the backend, you can disable .htaccess editing in the Really Simple SSL settings

If these steps didn’t help

If these steps all fail, and you still have a redirect loop, you can always deactivate using the remove script, or manually.

Related Articles

6 Comments

  • Eyal Oren

    This redirect loop is so frustrating.

    I literally can’t even save the settings to stop the plugin from writing to .htaccess before it writes to it and locks me out again. I keep removing the added text to the .htaccess file but am not fast enough to save the settings in the plugin.

    No idea why I’m in this look either. Could it be because I have set Settings/General/site address as https://…?

    • Rogier Lankhorst

      There is another way to prevent .htaccess from being edited.
      In the wp-config.php, add:
      define( 'RLRSSSL_DO_NOT_EDIT_HTACCESS', TRUE);

      • Eyal Oren

        Thanks for the quick reply but that did not work

        I added the line at the end of my wp-config file

        Clicked on the SSL Settings page and was back in a redirect loop

        I tried to change the Settings/General/site address to http:// thinking that was the problem but it did not change anything.

        I literally cannot update the plugin or go into the settings without ending up in a redirect loop.

        So strange.

        • Eyal Oren

          UPDATE: Looks like I actually had the Safari redirect issue

          Loaded in Chrome and was able to check the ‘stop editing htaccess file’

          All good now.

  • mark

    there are some problems with these instructions is
    1. Once you have a redirect loop you can’t login to disable other plugins
    2. Lots of people do not use .htaccess – nginx is pretty popular these days.

    Questions;
    How do I disable really simple ssl now that I have redirect loops given I don’t use .htaccess?
    Where is the javascript redirect installled (I’m assuming that’s the problem).
    What do I edit in other plugins to make them play nicely with this plugin (assuming disabling them fixes anything(?
    How do I remove this plugin without being able to login?

Leave a Comment