Wordpress /wp-admin/ not login just refresh

Dear community,

I know, this issue was posted several times, but didn’t find solution for me.

So i have wordpress website with cPanel and connected to cloudflare. I have noticed 2 weeks ago, when i try login, wp-login just refreshed, when i login with wrong password i get info: “password is wrong”.

What i’ve do:

deleted .htaccess
disabled all plugins and restore default wordpress theme

Issue is still occures

my page rules in cloudflare account:

domain.com/* → always use https
domain.com/wp-admin/* → disable security, cache level: bypass, disable prefomance

Do You have any tips witch can help me? I will be grateful for each of them.

Try open F12 Developer Tools - Network tab and see what response you get when you try to login with a valid credential?

HI erictung,

In developer Tools - network tab

in wp-admin section i have Status

Request URL: https://domain.com/wp-admin/
Request Method: GET
Status Code: 302 
Remote Address: 104.21.6.11:443
Referrer Policy: strict-origin-when-cross-origin

I suspect header response 302 temporary redirection it’s not normal behevior

Do you have any other Page Rules? Or are you using APO?

Is your server’s SSL certificate still valid?

Do you use any caching plugin with WordPress?
Any security plugins installed and activated?

Because for example W3 Total Cache can either cache your wp-login page. Moreover, if having a cache setting also on Cloudflare with an option of “Cache Everything”, there is a reason why you could not successfully log in to your WordPress Admin dashboard.

You would need to use 3 Page rules to configure caching and allow yourself to login and not being “redirected” all-around when you click the “submit/login” button (if using W3TC and Cache Everything option).

Moreover, you say you use cPanel, so I assume you already have an AutoSSL certificate generated and provided by cPanel and also using the “Full SSL” option at Cloudflare dashboard?
Otherwise, you are using Flexible SSL at Cloudflare dashboard as an option?

Also, do you have a define('force_ssl_admin', true); in your wp-config.php file or not?

It is normal for WordPress to redirect you to the wp-login.php when you try to access via yourwebsite.com/wp-admin/ if not already logged-in.

It is also possible, you could either deny the request to /login which redirects you to wp-login using in your theme functions.php file using
remove_action('template_redirect', 'wp_redirect_admin_locations', 1000); //To prevent redirect to login page when people type "login" at end of home URL

Try setting your Page Rules as follows (in this example I have “Cache Everything” at Cloudflare dashboard, also use W3 Total Cache plugin with a combination of Wordfence and BBQ Firewall plugins too and including custom Firewall rules at Cloudflare dashboard)

wordpress_cloudflare_pagerules_using_w3tc_and_cache_everything1049×792 45.3 KB

And try to purge cache “Everything” for your domain after the tries provided from the above.

cache_settings_cloudflare_wordpress1085×936 37.8 KB

Hello,

I set page rules like fritexvz did.
I dont use any cache plugin for WP. I disabled litespeed plugin few days ago searching solution for my problem.

Moreover, you say you use cPanel, so I assume you already have an AutoSSL certificate generated and provided by cPanel and also using the “Full SSL” option at Cloudflare dashboard?
Otherwise, you are using Flexible SSL at Cloudflare dashboard as an option?

I have autossl generated in cpanel but only to subdomains like: webmail, webdisk, calendars.

In Cloudflare i use SSL/TLS full option.

Also, do you have a define('force_ssl_admin', true); in your wp-config.php file or not?

In wp-config i have define('force_ssl_admin', true); should I delete it?

It is also possible, you could either deny the request to /login which redirects you to wp-login using in your theme functions.php file using
remove_action(‘template_redirect’, ‘wp_redirect_admin_locations’, 1000); //To prevent redirect to login page when people type “login” at end of home URL

I dont have this remove_action in functions.php

After set page rules and purge all i still have this issue.

Does some different result come out if you put “false” instad of “true” define('force_ssl_admin', false);?

Have you tried checking the value for siteurl and homeurl in your phpMyAdmin? They both should be with “https”.

A different approach would be:

May we know what is your domain name?
If you have SSL certificate that does not cover yourdomain.com and www.yourdomain.com, saying:

That could also posses some other issues too because it would want to connect to SSL but there is no connection, so would go back to HTTP, but if Cloudflare has “always use HTTPS” and “automatic https redirection” option enabled the request could go back to HTTPS, and that’s more in complex redirection loop if your siteurl and homeurl are not set correctly.

For a temporarly solution try switching to “Flexible SSL” if that makes any difference.

When change force ssl admin true to false nothing change. I cannot login to my dashboard, wp-login only refresh

In database siteurl and home url are the same with https://

When i change SSL/TLS option in cloudflare options, i cannot acces to my site → error too many redirects in chrome.

May we know what is your domain name?

cpsystem.pl

But finally i figured out, where error comes

I turned on debuging in wp-config and after refresh login on screen was printed this error:

Database error WordPressa: [Duplicate entry '0' for key 'PRIMARY']
INSERT INTO `wp_usermeta` (`user_id`, `meta_key`, `meta_value`) VALUES (1, 'session_tokens', 'a:1:{s:64:\"a07eec2ac1805e5c2c9e9a1650fc64927910c7adff9642c16fe9f173f62bbbbf\";a:4:{s:10:\"expiration\";i:1613481161;s:2:\"ip\";s:15:\"141.101.104.227\";s:2:\"ua\";s:115:\"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.150 Safari/537.36\";s:5:\"login\";i:1613308361;}}')

So i loged into phpmyadmin and in wp_usermeta table finded umeta_id column and added auto_increment.

This solved my issue. I’m sorry for my problem was not bound with cloudflare, but very grateful for your willingness to help.

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.