SSL redirect loop using WordPress HTTPS Plugin

I recently struggled with a similar issue, so I’ll offer a couple of additional pieces of information for people who search for this question.

  1. The first step you should take when trying to force SSL for Admin of your site is to follow the directions in the codex . This means defining the FORCE_SSL_ADMIN option in your wp-config.php file.
  2. Be sure to take note of the warning in the codex that this edit needs to be above the /* That's all, stop editing! Happy blogging. */ line.
  3. There are many possible reasons why this could give you a redirect loop, but they all boil down the fact that WordPress’ is_ssl() function is returning false. For example, you may be running behind a reverse proxy that is doing SSL offloading. If that’s the case, then your users enter https://yourwordpresssite, but the SSL offloader handles the decryption and by the time your server receives the request, the request is no longer SSL, and your server sees http://yourwordpresssite. If you’re stuck here, again the codex has good advice, assuming your reverse proxy is properly configured. See the instructions here: (http://codex.wordpress.org/Administration_Over_SSL#Using_a_Reverse_Proxy).

If that still doesn’t work, then your reverse proxy may not be setting the HTTP_X_FORWARDED_PROTO header. Unfortunately, none of this stuff is standardized, and there’s more than one way to indicate that SSL offloading has taken place. The way used by our load balancer (Citrix Netscaler) is with the header Microsoft created called Front-End-Https. You can see this header as one of the common non-standard response headers listed on wikipedia here: (http://en.wikipedia.org/wiki/List_of_HTTP_header_fields#Common_non-standard_response_headers). Note that by the time your server sees this header, it will look like HTTP_FRONT_END_HTTPS. Note also that Netscaler doesn’t send this header by default — you have to configure it to add the header. This is documented here, and there’s a nice video demo of how to do it here.

In the end, because we’re doing our entire site with HTTPS only, I elected to use the wordpress-https plugin, which does a good job of handling edge cases (like other wordpress plugins that have hard coded http:// URLs that will cause warnings on your secure pages). I patched the plugin to recognize the HTTP_FRONT_END_HTTPS header and am submitting a patch to the author, so at some point this should be support by that plugin.

Good luck!

Related Posts:

  1. www redirects to another directory in wordpress
  2. Redirection plugin – how to let the editor access the ‘redirection’ menu?
  3. How can I make an Ajax login form work with FORCE_SSL_ADMIN enabled?
  4. Redirection Plugin: Redirect all URLs with a regular expression
  5. Is the WordPress HTTPS Plugin Still Safe To Use? [closed]
  6. flush_rewrite_rules not working on plugin deactivation, invalid URLs not showing 404
  7. Can Not Redirect from Plugin-Registered Admin Page
  8. Detecting $_GET parameters from any page + Cookie
  9. How to send “Location” header on plugin form submit event?
  10. Custom url structure for custom template
  11. wordpress custom login successful redirect hook
  12. Can’t access my WP dashboard: fatal error? [closed]
  13. How to redirect Old Post URL to new Post and keep Old post Comments?
  14. What’s the _wp_desired_post_slug value for?
  15. Redirect all blog links from WordPress.com site to new domain
  16. Enable Full SSL for WordPress
  17. how can I link to a PlugIn admin-sub-menu page after processing a formular
  18. How can I make uploaded images in the editor load with HTTPS?
  19. How does automatic redirection for the redirection plugin work?
  20. Changed permalink structure. Need help with redirecting old posts
  21. WordPress Redirect Not Working – AJAX Callback Response Not Picked Up
  22. Landing Page Redirect Chain | http->https->https www
  23. How can I check if on specific plugin generated page or child
  24. Redirection based on location but without affecting search bots
  25. Page Restriction and Redirect for Particular Levels or user
  26. how to create site exit messages with destination url displayed
  27. How can I force users to a particular subdomain to log in for MU (Multisite)?
  28. How to redirect a URL with parameters?
  29. WordPress Shortcode to get URL Parameters $_GET[‘name’] redirects for no reason at all
  30. Redirecting a buddyboss profile tab to a different tab if not subscribed to a specific membership
  31. Redirect already logged in users away from a page to a specific page base on user role
  32. How to fix the woocommerce – adaranth.com redirection issue [closed]
  33. How can I fix the mixed content problems of the kk star ratings plugin?
  34. Redirecting thousands of posts that currently have no category in their permalink when changing permalink structure to include category
  35. How to use login_redirect with a user capability
  36. Removing Automatic Redirects Without Plugin
  37. redirected you too many times
  38. WordPress 4.3 broke meta redirect (with url params plugin)
  39. Edit Permalink Structure For Custom Post Type or Modify .htaccess?
  40. Mask and Track Outbound Links
  41. How can I redirect some pages to new subdomain? [closed]
  42. Add to array, redirect and display
  43. How do I convert my WordPress website to be domain agnostic?
  44. Conditional custom redirect
  45. Making the ‘add to cart’ button redirect to PayPal
  46. PHP mobile redirect Endless loop
  47. How to force load a page in plugin?
  48. wp redirect 301 not working in wordpress page
  49. Preserve Search engine index while shifting to new Domain
  50. Is it safe to use Web Invoice 2.1.0 without SSL?
  51. Janrain/Simple Modal under Redirected Domain
  52. Redirect unloggedin users
  53. login form should redirect to register page for in 1st login next time it should redirected to home page
  54. Identify User Language, Redirect to the corresponding page and Save the chosen language as Cookie
  55. Hidden permalink different from displayed permalink
  56. redirect to homepage once action is completed
  57. Display value of the GET parameter in a new URL page
  58. Redirect to a page while maintaining search query parameters without causing an infinite loop
  59. Mixed content error after adding SSL certificate
  60. Can’t add new plugin or themes on a wordpress multisite network from the primary site as administrator. Error: ERR_TOO_MANY_REDIRECTS
  61. How to update all in-site redirect URLs to destination URLs at once
  62. How to send new visitor to a splash page for only one time in wordpress?
  63. WordPress Admin login redirect to homepage
  64. Why is my site still showing insecure icon even if I have SSL certificate?
  65. Reverse count page view and show on other page
  66. Site navigation from Google not using HTTPS for some resources, causing redirect loop
  67. Why my multisite is this slow? (stats inside)
  68. redirect to a custom page
  69. .htaccess file doesn’t work, with hundred tries
  70. How do I locate specific part of code that affects ssl?
  71. Identify if the_post hook is being called from the admin post list
  72. Infinite 301 redirects after definitions in “Redirections” plugin?
  73. Clone a Post Tite and Custom Field into Custom Post type
  74. Direct URL to a template via plugin
  75. How to redirect from plugin page
  76. How do I secure a subdomain using UCC SSL?
  77. Template redirect inside of plugin not redirecting
  78. Can’t redirect to previous page after using GET
  79. Need to change contact email depending where user is from
  80. Redirect url in plugin to somewhere else?
  81. How do I to override login redirect on specific pages?
  82. How do I locate specific file in a post that affects ssl?
  83. How to link that “logged in” in “you must be logged in to post a comment” with custom login page on WordPress?
  84. Simple WordPress function / plugin to redirect a site
  85. Theme causing SSL break on chrome
  86. Generate all urls with https
  87. SSL not working for checkout
  88. URL Redirect on GoDaddy platform [closed]
  89. Redirecting to page on form submit – Revue plugin
  90. how to make wordpress remember my choice
  91. Page with redirect
  92. Using the media uploader in a custom plugin
  93. Theme and Plugins sharing common libraries
  94. White page by using filter template_include
  95. Basics of changing plugin output
  96. Page takes on two different formats
  97. Creating a comments voting system
  98. Why are only inactive plugins showing?
  99. how to add “alt” for all image in wordpress
  100. Seo Problems in My meta Discription [closed]

Leave a Comment