WordPress Login Page Refresh/Redirect Loop: How to Fix

Sometimes when you try to log into WordPress, you enter your credentials but the page simply refreshes or redirects you back to the login form. This “login loop” can prevent access to the admin area and is usually caused by misconfigurations or conflicts. Here’s how to fix it step by step.

Common Causes

• Incorrect Site URL or Home URL in settings or wp-config.php.
• Corrupted cookies or cached sessions in the browser.
• Plugin or theme conflicts that override login behavior.
• .htaccess or server misconfiguration affecting redirects.
• HTTPS/SSL misconfiguration (mixed protocol issues).

Step-by-Step Fix Guide

1) Clear Browser Cookies and Cache

WordPress authentication relies on cookies. If they’re outdated or corrupted:

• Clear cookies and cache in your browser.
• Try logging in again, or use another browser/incognito mode.

2) Check and Fix Site URL and Home URL

If your WordPress Address (URL) and Site Address (URL) are mismatched, login can fail. Add these lines to wp-config.php above /* That's all, stop editing! */:

define('WP_HOME', 'https://example.com');
define('WP_SITEURL', 'https://example.com');

Be sure to match your actual domain and protocol (http vs https, www vs non-www).

3) Disable Plugins Temporarily

A faulty or security plugin may cause a login redirect loop.

• Rename the wp-content/plugins folder to plugins.off.
• Try logging in again.
• If it works, rename back to plugins and reactivate plugins one by one to identify the culprit.

4) Switch to a Default Theme

The active theme may contain custom login redirects. Switch to a default WordPress theme:

• Rename your current theme folder inside wp-content/themes.
• WordPress will fall back to a default theme like Twenty Twenty-Five.

5) Regenerate the .htaccess File

Corrupted rewrite rules can block login. Reset .htaccess to default:

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress

Then visit Settings → Permalinks and click Save to regenerate rules.

6) Force HTTPS Correctly

If you recently enabled SSL, make sure WordPress uses HTTPS consistently. In wp-config.php add:

define('FORCE_SSL_ADMIN', true);

Also check that your hosting or CDN isn’t forcing HTTP/HTTPS redirects inconsistently.

7) Increase PHP Memory Limit

Low memory can sometimes break sessions. In wp-config.php add:

define('WP_MEMORY_LIMIT', '256M');

Advanced Checks

• Database options: Confirm siteurl and home values in wp_options table are correct.
• Session storage: Some security plugins override sessions. Reset their settings if needed.
• Hosting restrictions: Ask your host if ModSecurity or firewalls are blocking logins.

Summary

1. Clear cookies and cache.
2. Ensure Site URL and Home URL match.
3. Disable plugins and test themes.
4. Reset .htaccess and check HTTPS configuration.
5. Increase PHP memory if needed.

By carefully following these steps, you can break out of the WordPress login refresh/redirect loop and regain access to your admin dashboard without losing data.

👉 Need more help? Explore our WordPress Troubleshooting Guide for step-by-step solutions to the most common errors.