WordPress Too Many Redirects After SSL Certificate
What Is This Error?
When you install an SSL certificate and switch your site to HTTPS, WordPress can get stuck in an endless redirect loop. The browser and server keep bouncing the request back and forth — each one insisting the other handle the redirect — until the browser gives up and throws the ERR_TOO_MANY_REDIRECTS error.
The root cause is almost always a mismatch in where WordPress thinks it lives. WordPress stores your site URL in multiple places: the database, wp-config.php, and sometimes .htaccess. If one location says http:// while another enforces https://, you get a circular redirect chain. To make things trickier, many hosting providers terminate SSL at a load balancer before the request ever reaches PHP — so WordPress never detects the connection as secure and keeps redirecting.
The good news: this error is almost always fixable without a developer. You just need to know which config files to touch and in what order.
Get free WordPress & AI tips
Join 500+ readers. No spam, unsubscribe anytime.
Why Does This Happen?
- WordPress URL settings still point to HTTP: The WordPress Address and Site Address values stored in the database are still
http://, so WordPress keeps redirecting users away from the HTTPS version your server just sent them to. - SSL termination at a load balancer: Cloud and shared hosts often handle HTTPS before it reaches PHP. WordPress never sees the connection as secure, so it issues its own HTTPS redirect — creating a loop with the server’s redirect.
- Conflicting
.htaccessredirect rules: You may have both a server-level HTTPS redirect and a manualRewriteRulein.htaccess— two redirects chasing each other in circles. - A caching plugin serving a stale redirect: Your cache stored the old HTTP-to-HTTPS redirect response and keeps replaying it even after you’ve updated your settings.
- Plugin or theme enforcing its own HTTPS redirect: Security or redirection plugins sometimes add their own HTTPS enforcement that clashes with what your server or
wp-config.phpis already doing.
How to Fix It — Step by Step
-
Override WordPress URLs directly in
wp-config.php
Access your site via FTP or cPanel File Manager and openwp-config.phpin the root directory. Add these two lines directly above the/* That's all, stop editing! */comment:define('WP_HOME', 'https://yourdomain.com'); define('WP_SITEURL', 'https://yourdomain.com');You should see: Your site loads without a redirect loop. If it still loops, move to the next step — don’t skip it.
-
Add HTTPS detection for load balancers
Still inwp-config.php, add this block just above the lines you added in Step 1:if (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] === 'https') { $_SERVER['HTTPS'] = 'on'; }You should see: WordPress now correctly detects HTTPS even when your host terminates SSL at the edge, stopping the redundant redirect chain.
-
Audit and clean your
.htaccessfile
Open.htaccessfrom your WordPress root folder. Remove any duplicate HTTPS redirect rules — especially if your hosting panel already enforces HTTPS. Your file should contain only the standard WordPress block:# BEGIN WordPress <IfModule mod_rewrite.c> RewriteEngine On RewriteBase / RewriteRule ^index\.php$ - [L] RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule . /index.php [L] </IfModule> # END WordPressYou should see: No duplicate RewriteRule entries redirecting HTTP to HTTPS. One enforcement point only — either server or
.htaccess, never both. -
Update the URLs stored in the database
Once you can access wp-admin, go to Settings → General and update both WordPress Address (URL) and Site Address (URL) tohttps://yourdomain.com. Or run these WP-CLI commands via SSH:wp option update siteurl 'https://yourdomain.com' wp option update home 'https://yourdomain.com'You should see: Both fields display
https://after saving, and no redirect warning appears on the Settings page. -
Purge every cache layer
Clear your WordPress caching plugin (W3 Total Cache, LiteSpeed Cache, WP Super Cache), your CDN cache if you use Cloudflare or similar, and your own browser cache with a hard refresh (Ctrl+Shift+R/Cmd+Shift+R).You should see: The site loads cleanly at
https://with a valid padlock icon and no redirect error in any browser.
Common Mistakes When Fixing This
- Trying to fix Settings → General before touching wp-config.php: If your site is fully broken, you can’t even reach wp-admin. Always start with
wp-config.phpvia FTP — it overrides the database and gets you back in the door. - Enforcing HTTPS in both the server config AND
.htaccess: This is actually the most common cause of the loop itself. Choose a single enforcement point and remove the other. Double-redirecting is circular by design. - Skipping the cache purge after making changes: A perfect config fix is invisible if your caching plugin is still replaying the old redirect. Always purge cache as your final step — not an afterthought.
- Switching to
https://before the SSL certificate is active: Verify your certificate is fully installed at ssllabs.com/ssltest before changing any URLs. Swapping the URL too early trades one error for another.
Frequently Asked Questions
Will fixing this error affect my posts or media files?
No. This is a configuration and routing issue only. Your database content, uploaded images, posts, pages, and plugins are completely untouched by any of these fixes.
I’ve done every step and it’s still looping — what next?
Rename your plugins folder to /wp-content/plugins-disabled/ via FTP to deactivate everything at once. If the loop stops, you have a plugin conflict. Rename the folder back and reactivate plugins one at a time to find the culprit — security and redirect plugins are the usual suspects.
Do I need to update all my internal links after switching to HTTPS?
Yes. Images, scripts, and internal links hardcoded as http:// will trigger mixed content warnings even after the redirect loop is resolved. Use a plugin like Better Search Replace to do a database-wide find-and-replace from http://yourdomain.com to https://yourdomain.com.
Does this fix work on WordPress Multisite?
The wp-config.php steps apply, but Multisite stores individual site URLs in the wp_blogs table and per-site options tables. You may need to update each subsite’s URL separately, either through the Network Admin panel or with WP-CLI’s wp site list and wp option update commands targeting each blog ID.
