To many redirects when trying to access wordpress dashboard


#1

Hello,

I am having issues since switching to Cloudflare, i can no longer log into my website wp-login.php i get the error (my domain) has redirected you to many times. All other parts of the website are fine just the logon page.

I have an SSL certificate installed on my host (go daddy) and i have the option Full (strict) set within my cloudflare control panel.

I have WP-rocket installed on my website with the cloudlfare addon and everything is configured correctly.

I have All in one WP-security too and i’ve also tried disabling that, but the problem still persists.

I have spent a good 4 hours looking into this before creating this thread. I have done the following to try and resolve the issue; purge the WP-rocket cache, purge the cloudflare cache. change the ssl setting within Cloudflare control panel to flexible, full, full -strict. i have tried disabling “always use https” and “https rewrites”. I have used chrome within incognito mode. i have checked my database within phpmyadmin WP options table to make sure https is set for option 1 and 2. I have tried white listing cloudflare ips within the .htacess file but i just get error 500 so i have to revert back.

I have noticed if i delete my .htaccess file i can get to the wp-login page, so i guess something within my .htaccess file is causing the issue, but i’m not sure what, please see below.

I have amended my domain to “mydomaindotuk” and IP address of host to 2.2.2.2 and my home wan ip to 1.1.1.1 for security purposes.

BEGIN WP Rocket v3.1.4

Use UTF-8 encoding for anything served text/plain or text/html

AddDefaultCharset UTF-8

Force UTF-8 for a number of file formats

AddCharset UTF-8 .atom .css .js .json .rss .vtt .xml

FileETag None is not enough for every server.

Header unset ETag

Since we’re sending far-future expires, we don’t need ETags for static content.

developer.yahoo.com/performance/rules.html#etags

FileETag None

Header set X-Powered-By "WP Rocket/3.1.4" Header unset Pragma Header append Cache-Control "public" Header unset Last-Modified

<FilesMatch “.(css|htc|js|asf|asx|wax|wmv|wmx|avi|bmp|class|divx|doc|docx|eot|exe|gif|gz|gzip|ico|jpg|jpeg|jpe|json|mdb|mid|midi|mov|qt|mp3|m4a|mp4|m4v|mpeg|mpg|mpe|mpp|otf|odb|odc|odf|odg|odp|ods|odt|ogg|pdf|png|pot|pps|ppt|pptx|ra|ram|svg|svgz|swf|tar|tif|tiff|ttf|ttc|wav|wma|wri|xla|xls|xlsx|xlt|xlw|zip)$”>

Header unset Pragma
Header append Cache-Control “public”


Expires headers (for better cache control)

ExpiresActive on

Perhaps better to whitelist expires rules? Perhaps.

ExpiresDefault “access plus 1 month”

cache.appcache needs re-requests in FF 3.6 (thanks Remy ~Introducing HTML5)

ExpiresByType text/cache-manifest “access plus 0 seconds”

Your document html

ExpiresByType text/html “access plus 0 seconds”

Data

ExpiresByType text/xml “access plus 0 seconds”
ExpiresByType application/xml “access plus 0 seconds”
ExpiresByType application/json “access plus 0 seconds”

Feed

ExpiresByType application/rss+xml “access plus 1 hour”
ExpiresByType application/atom+xml “access plus 1 hour”

Favicon (cannot be renamed)

ExpiresByType image/x-icon “access plus 1 week”

Media: images, video, audio

ExpiresByType image/gif “access plus 1 month”
ExpiresByType image/png “access plus 1 month”
ExpiresByType image/jpeg “access plus 1 month”
ExpiresByType video/ogg “access plus 1 month”
ExpiresByType audio/ogg “access plus 1 month”
ExpiresByType video/mp4 “access plus 1 month”
ExpiresByType video/webm “access plus 1 month”

HTC files (css3pie)

ExpiresByType text/x-component “access plus 1 month”

Webfonts

ExpiresByType application/x-font-ttf “access plus 1 month”
ExpiresByType font/opentype “access plus 1 month”
ExpiresByType application/x-font-woff “access plus 1 month”
ExpiresByType application/x-font-woff2 “access plus 1 month”
ExpiresByType image/svg+xml “access plus 1 month”
ExpiresByType application/vnd.ms-fontobject “access plus 1 month”

CSS and JavaScript

ExpiresByType text/css “access plus 1 year”
ExpiresByType application/javascript “access plus 1 year”

Gzip compression

# Active compression SetOutputFilter DEFLATE # Force deflate for mangled headers SetEnvIfNoCase ^(Accept-EncodXng|X-cept-Encoding|X{15}|~{15}|-{15})$ ^((gzip|deflate)\s*,?\s*)+|[X~-]{4,13}$ HAVE_Accept-Encoding RequestHeader append Accept-Encoding "gzip,deflate" env=HAVE_Accept-Encoding # Don’t compress images and other uncompressible content SetEnvIfNoCase Request_URI \ \.(?:gif|jpe?g|png|rar|zip|exe|flv|mov|wma|mp3|avi|swf|mp?g|mp4|webm|webp|pdf)$ no-gzip dont-vary

Compress all output labeled with one of the following MIME-types

AddOutputFilterByType DEFLATE application/atom+xml \ application/javascript \ application/json \ application/rss+xml \ application/vnd.ms-fontobject \ application/x-font-ttf \ application/xhtml+xml \ application/xml \ font/opentype \ image/svg+xml \ image/x-icon \ text/css \ text/html \ text/plain \ text/x-component \ text/xml Header append Vary: Accept-Encoding

END WP Rocket

BEGIN All In One WP Security

#AIOWPS_BLOCK_WP_FILE_ACCESS_START


Require all denied

<IfModule !mod_authz_core.c>
Order deny,allow
Deny from all




Require all denied

<IfModule !mod_authz_core.c>
Order deny,allow
Deny from all




Require all denied

<IfModule !mod_authz_core.c>
Order deny,allow
Deny from all


#AIOWPS_BLOCK_WP_FILE_ACCESS_END
#AIOWPS_BASIC_HTACCESS_RULES_START
<Files .htaccess>

Require all denied

<IfModule !mod_authz_core.c>
Order deny,allow
Deny from all


ServerSignature Off
LimitRequestBody 10240000


Require all denied

<IfModule !mod_authz_core.c>
Order deny,allow
Deny from all


#AIOWPS_BASIC_HTACCESS_RULES_END
#AIOWPS_BLOCK_SPAMBOTS_START

RewriteEngine On
RewriteCond %{REQUEST_METHOD} POST
RewriteCond %{REQUEST_URI} ^(.)?wp-comments-post.php(.) RewriteCond %{HTTP_REFERER} !^http(s)?://(.*)?\.mydomain\ dotuk [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^
RewriteRule .* http://127.0.0.1 [L]

#AIOWPS_BLOCK_SPAMBOTS_END
#AIOWPS_LOGIN_WHITELIST_START
<FilesMatch “^(wp-login.php)”>
<IfModule !mod_authz_core.c>
Order Allow,Deny
Allow from www.mydomaindotuk
Allow from 2.2.2.2
Allow from 1.1.1.1


Require all denied
Require local
Require ip 127.0.0.1
Require host www.mydomaindotuk
Require ip 1.1.1.1


#AIOWPS_LOGIN_WHITELIST_END

END All In One WP Security

BEGIN WordPress

RewriteEngine On RewriteBase / RewriteRule ^index\.php$ - [L] RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule . /index.php [L] # END WordPress

#2

I have managed to fix it, thanks anyways.

Turned out to be an issue with All in one WP Security and WP-Rocket, after deleting .htaccess file using FTP client and logging back into my website’s control panel, i re-copied across the original .htaccess file from a backup i had, whilst i stayed logged into my website’s control panel. I then proceeded to deactivate WP-Rocket followed by All in one WP-Security plugins, I attempted to browse to my sites wp-login page, which then successfully appeared whilst using chrome in incognito mode. i re-enabled WP-Rocket followed by All in one WP-Security, the .htaccess file was re-written by the WP-Rocket, but not All in One WP-Security (not sure why even after re-enabling it and clicking yes to re-write the config) but it works anyway.


#3

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.