My website is in a redirect loop

When you experience a redirect loop (the browser shows the “too many redirects” or ERR_TOO_MANY_REDIRECTS error), this can be caused by several things, I’ve listed the most common causes below.

Most checks can be done without access to the back-end. If these steps all fail, and you still have a redirect loop, you can try to activate Really Simple SSL in safe mode. This will activate Really Simple SSL without a redirect and without your site URL becoming https. If all fails you can always deactivate using the remove script, or manually.

A redirect back to http

This is the most likely cause, you can check if this is the case by typing in your URL with https (when Really Simple SSL is deactivated). If you get redirected back to http, there is a redirect to http active, which will cause redirect loops when a redirect to https is added.

  • Check other plugins
    • Multilanguage plugins,
    • Login plugins,
    • Redirect plugins
    • WooCommerce with certain settings can redirect to http.
    • iThemes SSL settings
  • Check if your .htaccess or nginx.conf contains redirects to http.
    If you have other redirects in place, this could conflict with the redirect of Really Simple SSL.

Re-save the permalinks

If you still have access to the back-end, saving the permalinks in settings/permalinks is a magic trick which will resolve a lot of 404 and loop issues. This is the first thing I do when there are issues.

Check if you have Varnish Cache active

Varnish often causes issues on SSL. Ask your hosting company if Varnish is active and if they can disable it, to see if that helps. With a service like www.redirect-checker.org/, you can confirm if your site uses Varnish Cache. If so, you should be able to deactivate Varnish in your Webhosting dashboard (such as CPanel).

Check your certificate

In some cases, a certificate with chain issues can cause issues. Check if your certificate is ok on https://ssllabs.com/ssltest. It should at least grade an A.

CDN, like CloudFlare

For the most common issues with CloudFlare, see the dedicated CloudFlare article

Redirect loop on multisite with domain mapping

The WPMU domain mapping plugin in combination with Really Simple SSL can cause redirect loops. In the cases that I investigated, this was caused by load balancing on some domains on the network. WordPress depends on the is_ssl() function to detect SSL. The is_ssl() function in turn only looks at the $_SERVER[‘https’] = ‘on’ variable. When a domain is served load balanced, or behind a CDN, this variable is not passed by the server. WordPress should instead look at another variable. A brute force fix is to just copy the $_SERVER[‘https’] = ‘on’; in the wp-config.php, but if you still have some sites on your network which are not https, this won’t work.

Really Simple SSL has a built-in mechanism to detect this, but in the current implementation it doesn’t allow for the possibility that some domains use load balancing, and some don’t. If the main site detects the $_SERVER[‘https’] variable, the wpconfig fix won’t get inserted.

You can check if this is the case on your site by opening this URL on both a domain with a redirect loop:

https://your-subsite.com/wp-content/plugins/really-simple-ssl/ssl-test-page.php

If it shows “load balancer”, you should add the wp-config.php

Solution

Two options, of which I personally prefer the first one:

  1. Follow the instructions in this article. In short: remove the WPMU domain mapping plugin, and map it using the built-in capabilities of WordPress.
  2. Add the wp-config.php fix manually, by inserting:
//Begin Really Simple SSL Load balancing fix
$server_opts = array("HTTP_CLOUDFRONT_FORWARDED_PROTO" => "https", "HTTP_CF_VISITOR"=>"https", "HTTP_X_FORWARDED_PROTO"=>"https", "HTTP_X_FORWARDED_SSL"=>"on", "HTTP_X_FORWARDED_SSL"=>"1");
foreach( $server_opts as $option => $value ) {
  if ((isset($_ENV["HTTPS"]) && ( "on" == $_ENV["HTTPS"] )) || (isset( $_SERVER[ $option ] ) && ( strpos( $_SERVER[ $option ], $value ) !== false )) ) {
    $_SERVER[ "HTTPS" ] = "on";
  }
}
//END Really Simple SSL
Lightweight plugin, Heavyweight Security features. Get Pro and leverage your SSL certificate for WordPress security standards.