The login redirect loop happens when WordPress cannot verify the login cookie or cannot authenticate your session.

Common causes include:

• Corrupted cookies or browser cache
• Incorrect WordPress URL or Site URL
• Plugin conflicts (security plugins especially)
• Incorrect .htaccess rules
• Corrupted login/session files
• HTTPS mismatch (HTTP vs HTTPS)
• Cloudflare or CDN interference
• File permission issues

Clear the following:

• Browser cookies
• Browser cache
• Site-specific cookies for yourdomain.com

Now try logging in again in:

• Incognito mode
• A different browser
• A different device

If login works → cookie corruption was the issue.

If you can’t access admin, update URLs via wp-config.php:

define('WP_HOME', 'https://yourdomain.com');
define('WP_SITEURL', 'https://yourdomain.com');
    

Make sure:

• Both use HTTPS
• Both match www OR non-www
• No trailing slash mismatch

Incorrect URLs force continuous redirects.

If you cannot access dashboard:

1. Go to /wp-content/
2. Rename plugins → plugins-disabled
3. Try logging in again

If login works now → plugin conflict confirmed.

Plugin types that cause login loops:

• Wordfence
• iThemes Security
• All In One Security
• Limit Login Attempts
• Caching plugins
• Redirect plugins
• Force SSL plugins

Steps:

1. Rename .htaccess → .htaccess-old
2. Go to Settings → Permalinks
3. Click Save Changes to generate a new .htaccess file

This resets default WordPress rewrite rules.

Turn OFF temporarily:

• Cloudflare Proxy (Grey Cloud)
• Bot Fight Mode
• Under Attack Mode
• Rocket Loader

Add a Page Rule:

*yourdomain.com/wp-login.php*
Security: Off
Cache Level: Bypass
    

If login works → Cloudflare was interfering.

Check for multiple redirects from:

• Hosting panel (Force HTTPS)
• Cloudflare HTTPS rules
• .htaccess HTTPS rules
• Plugins enforcing SSL

Enable HTTPS from only one place (preferably hosting or Cloudflare).

Open wp-config.php and replace the AUTH keys/salts:

Get new keys from:

https://api.wordpress.org/secret-key/1.1/salt/

Copy & paste all new keys into wp-config.php.

This logs everyone out and resets sessions fully.

• Folders → 755
• Files → 644
• wp-config.php → 600

Fix especially:

• /wp-content/
• /wp-includes/
• /wp-admin/

Check and rename .htaccess inside:

• /wp-admin/
• /wp-includes/
• /wp-content/uploads/

These files can accidentally redirect login attempts.

1. Reactivate plugins one-by-one
2. Check login after each activation
3. Switch back to your main theme

If the issue returns → the last activated plugin/theme caused it.