I'm in the process of setting up WordPress over HTTPS, which is hosted on a Digital Ocean VPS, managed by Serverpilot (though the HTTPS is set up manually, rather than through Serverpilot). The server has a number of WordPress installations, but there is one in particular I wanted to run securely. WordPress in itself is running in a subfolder (so it's located in domain/subfolder/).
I've managed to get SSL certificate up and running, as going to the main URL of the site domain and sticking a plain HTML on it works over SSL and the padlock's show.
However the WordPress installation enters a redirect loop.
I've done the following:-
Switched all plugins off
Switched to a default theme (Twenty Thirteen)
Updated everything to their latest versions
Changed to default permalinks
I've then changed the siteurl and WordPress URL to https, and then the site gets caught in a Redirect Loop. I use a Redirect Path plugin for Chrome, and it's effectively getting redirected to itself (so / goes through to /). Oddly this redirect appears to switch between a 301 and 302 redirect, without any rhyme or reason.
I also had a bit of a play around with WordPress HTTPS, but that wasn't successful either.
Any ideas? Not entirely sure where to go here...
I'm in the process of setting up WordPress over HTTPS, which is hosted on a Digital Ocean VPS, managed by Serverpilot (though the HTTPS is set up manually, rather than through Serverpilot). The server has a number of WordPress installations, but there is one in particular I wanted to run securely. WordPress in itself is running in a subfolder (so it's located in domain.com/subfolder/).
I've managed to get SSL certificate up and running, as going to the main URL of the site domain.com and sticking a plain HTML on it works over SSL and the padlock's show.
However the WordPress installation enters a redirect loop.
I've done the following:-
Switched all plugins off
Switched to a default theme (Twenty Thirteen)
Updated everything to their latest versions
Changed to default permalinks
I've then changed the siteurl and WordPress URL to https, and then the site gets caught in a Redirect Loop. I use a Redirect Path plugin for Chrome, and it's effectively getting redirected to itself (so https://domain.com/subfolder/ goes through to https://domain.com/subfolder/). Oddly this redirect appears to switch between a 301 and 302 redirect, without any rhyme or reason.
I also had a bit of a play around with WordPress HTTPS, but that wasn't successful either.
Any ideas? Not entirely sure where to go here...
The answer to this came in part from this answer, which linked to the Codex, advising the following snippet to be placed at the top of the wp-config file:
if (strpos($_SERVER['HTTP_X_FORWARDED_PROTO'], 'https') !== false)
$_SERVER['HTTPS']='on';
Unfortunately, this didn't quite solve it for me, but I noticed it worked if I removed the if and just always set $_SERVER['HTTPS']='on';. If you want to always force SSL on your site, then that should do the trick.
If you want to allow both http and https, however, you'll need to adjust your nginx config. Add the following line:
proxy_set_header X-Forwarded-Proto $scheme;
That's the header the if condition above is looking for. By setting nginx to pass the requested scheme (either http or https) along as the X-Forwarded-Proto, you're letting WordPress see what that original scheme was so that it knows how to behave.
Once you've done that, your WP site should work properly over both http and https.
I had to put $_SERVER['REQUEST_SCHEME']='https';
along side $_SERVER['HTTPS']='on'; to do the trick. Thanks.
Try regenerating salt codes.
Edit wp-config.php and search for a block like this one with different codes obviously.
define( 'AUTH_KEY', 'r8m9;w=^7;sr527-pKUo%8S.ZZd[83fF9s<A!8>T=Bxuh`Ao2 zjvK9-;mjJ5$J(' );
define( 'SECURE_AUTH_KEY', '25SY0[<xSY;P7o*eE62/PE3qZ^]jC(_dlD,Yw[+M}qiqlZm@-&x:e ]2uBoN4KoX' );
define( 'LOGGED_IN_KEY', '( [H.nR@G>H%$C7HiNJ/n?Dm>o}+#`18-:NH_}~KpjU[,6snKyYpXAQT7_wsG0Jm' );
define( 'NONCE_KEY', ',-_2hQv][~`.5v<1:)GofWH|:a*|9t>;5BC1L~b(|2ms<:KmWi:m `qxpSr#}tI%' );
define( 'AUTH_SALT', '2]kSYo2^/g$c;SoVeKjQvfhH|pvxZJ:3@&<N%_A[o<eJmv?|eg9j}3@6b&3R& 3@' );
define( 'SECURE_AUTH_SALT', 'p||=*m,Mg-A!2FW#A=bIvfk&QRo4){Rl2u?N}Hv$~$Hv_la|DOPkpltjcPsEkVp}' );
define( 'LOGGED_IN_SALT', '/n)zKVOVb!,}E5Zg,s ``psS[J/Q`vzE[tvh7}f1=&E[*C-0rG@:MU}n,CLH9OfV' );
define( 'NONCE_SALT', '#?TKo)W9+(o13JMoM^c5OvD*xR41q2]P~FD&i(nu;Y;OF{3A>VPnzvRb-Hs*zNc0' );
Go to this website https://api.wordpress.org/secret-key/1.1/salt/
Delete the old block of defines in your wp-config.php and copy the block of defines of the previous website into your wp-config.php.
Try to log in your admin panel.
If all the above does not work, you should check the following:
The login page is actually correct, sometimes logging in from /wp-admin does not work, try the following URLs: /login, /log-in. In my case the correct link to login was site.com/log-in, after logging in with this link I was able to access the admin account then click on dashboard. I tried many different things, and they all failed until I used the correct page /log-in to access the admin account then dashboard from the top menu that appears.
Username/password are correct (use PhpMyAdmin to set admin password with MD5 hash option) or use the login page reset password feature.
.htaccess file: make sure this is not causing the redirects
database is not full and not corrupted, check size on server cPanel and run repair table MySQL command on database.