Really Simple SSL

WordPress website keeps logging me out in back-end after I switched to SSL

Every once in a while, I come across this annoying issue: a user has switched the website to SSL, and afterwards the website logs the user off on each page reload.

In most cases, the cause is that somewhere in the code the domain is forced to an http domain. For example, in the latest case, the theme’s functions.php contained the following code:

update_option( 'siteurl', 'http://domain.com' );

update_option( 'home', 'http://domain.com' );

As a result, on every page load, the site was forced back to http. Because WordPress keeps you logged in on a specific domain, and a https URL is a different domain, this causes you to get logged out: your log in cookie is not valid anymore for the site's domain. 

The solution is of course simple: just remove those lines! It was probably put there to quickly change the domain. 

It's also possible the domain is set in the wp-config, with this code:
define( 'WP_HOME', 'http://example.com' );
define( 'WP_SITEURL', 'http://example.com' );
But this will be picked up by Really Simple SSL automatically. So, searching in your files for “update_option( ‘siteurl'” should quickly show you where it is located.
Rogier

Rogier

Related articles

Leave a Reply

Subscribe