I know, this issue was posted several times, but didn’t find solution for me.
So i have wordpress website with cPanel and connected to cloudflare. I have noticed 2 weeks ago, when i try login, wp-login just refreshed, when i login with wrong password i get info: “password is wrong”.
What i’ve do:
deleted .htaccess
disabled all plugins and restore default wordpress theme
Do you use any caching plugin with WordPress?
Any security plugins installed and activated?
Because for example W3 Total Cache can either cache your wp-login page. Moreover, if having a cache setting also on Cloudflare with an option of “Cache Everything”, there is a reason why you could not successfully log in to your WordPress Admin dashboard.
You would need to use 3 Page rules to configure caching and allow yourself to login and not being “redirected” all-around when you click the “submit/login” button (if using W3TC and Cache Everything option).
Moreover, you say you use cPanel, so I assume you already have an AutoSSL certificate generated and provided by cPanel and also using the “Full SSL” option at Cloudflare dashboard?
Otherwise, you are using Flexible SSL at Cloudflare dashboard as an option?
Also, do you have a define('force_ssl_admin', true); in your wp-config.php file or not?
It is normal for WordPress to redirect you to the wp-login.php when you try to access via yourwebsite.com/wp-admin/ if not already logged-in.
It is also possible, you could either deny the request to /login which redirects you to wp-login using in your theme functions.php file using remove_action('template_redirect', 'wp_redirect_admin_locations', 1000); //To prevent redirect to login page when people type "login" at end of home URL
Try setting your Page Rules as follows (in this example I have “Cache Everything” at Cloudflare dashboard, also use W3 Total Cache plugin with a combination of Wordfence and BBQ Firewall plugins too and including custom Firewall rules at Cloudflare dashboard)
I set page rules like fritexvz did.
I dont use any cache plugin for WP. I disabled litespeed plugin few days ago searching solution for my problem.
Moreover, you say you use cPanel, so I assume you already have an AutoSSL certificate generated and provided by cPanel and also using the “Full SSL” option at Cloudflare dashboard?
Otherwise, you are using Flexible SSL at Cloudflare dashboard as an option?
I have autossl generated in cpanel but only to subdomains like: webmail, webdisk, calendars.
In Cloudflare i use SSL/TLS full option.
Also, do you have a define('force_ssl_admin', true); in your wp-config.php file or not?
In wp-config i have define('force_ssl_admin', true); should I delete it?
It is also possible, you could either deny the request to /login which redirects you to wp-login using in your theme functions.php file using
remove_action(‘template_redirect’, ‘wp_redirect_admin_locations’, 1000); //To prevent redirect to login page when people type “login” at end of home URL
I dont have this remove_action in functions.php
After set page rules and purge all i still have this issue.
May we know what is your domain name?
If you have SSL certificate that does not cover yourdomain.com and www.yourdomain.com, saying:
That could also posses some other issues too because it would want to connect to SSL but there is no connection, so would go back to HTTP, but if Cloudflare has “always use HTTPS” and “automatic https redirection” option enabled the request could go back to HTTPS, and that’s more in complex redirection loop if your siteurl and homeurl are not set correctly.
For a temporarly solution try switching to “Flexible SSL” if that makes any difference.
