ERR_TOO_MANY_REDIRECTS in WordPress: Fast 2026 Fix Guide

Your WordPress site loads, then suddenly Chrome shows “ERR_TOO_MANY_REDIRECTS” and refuses to display the page. Reloading does nothing. Trying a different browser does nothing. The error keeps coming back, and every time you fix one redirect, another seems to trigger it.

The good news is that this error has only seven real causes in WordPress, and you can usually fix it in under 10 minutes once you know which cause to attack. This 2026 guide walks through each of them in priority order, with the exact steps for cPanel, Hostinger, Bluehost, and Cloudflare users.

What ERR_TOO_MANY_REDIRECTS actually means

Your browser hit a URL, the server responded with a redirect, the new URL also responded with a redirect, and the cycle never ended. After about 20 redirects, Chrome gives up and shows the error. The browser is not broken. The configuration on your server, in WordPress, or at Cloudflare is sending visitors in a loop.

The cycle is almost always between HTTP and HTTPS, between www and non-www, or between two SEO plugins fighting over canonical URLs.

Cause 1: Mismatched WordPress site URL

If WordPress thinks its address is http://yoursite.com but the server is forcing HTTPS, every page request triggers a redirect that WordPress immediately tries to undo. Open wp-config.php via FTP or File Manager and check or add:

define('WP_HOME', 'https://yoursite.com');
define('WP_SITEURL', 'https://yoursite.com');

Both lines must match what shows in your browser’s address bar (HTTPS, with or without www). Save and reload. This single change fixes most ERR_TOO_MANY_REDIRECTS reports we see.

Cause 2: Cloudflare set to Flexible SSL

This is the second most common cause and the most painful to debug. Cloudflare’s Flexible SSL mode encrypts only between visitor and Cloudflare, not Cloudflare and your server. WordPress sees an HTTP connection from Cloudflare, redirects to HTTPS. Cloudflare loops it back as HTTP. Repeat forever.

Fix it in 30 seconds:

1. Log in to Cloudflare
2. Pick your domain
3. Go to SSL/TLS → Overview
4. Change the encryption mode from “Flexible” to “Full” or “Full (strict)”

“Full” requires any valid certificate on your origin. “Full (strict)” requires a trusted certificate (Let’s Encrypt counts). Both stop the loop.

Cause 3: Conflicting htaccess redirects

Multiple plugins or manual edits can stack up redirect rules in .htaccess. Common culprits: Really Simple SSL, an SEO plugin, a security plugin, and a hand-written rule all telling Apache to do similar things in slightly different ways.

Open .htaccess and look for any block that contains RewriteRule pointing at HTTPS or www. There should be only one such block. Comment out duplicates by adding # at the start of each line, save, and test. The minimum WordPress redirect block looks like:

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress

If your site uses HTTPS forcing, add only the redirect block from our free SSL setup guide above this WordPress block. No other redirect rules.

Cause 4: Two SSL plugins or settings fighting

If you installed Really Simple SSL plus also added redirect lines manually plus also enabled “Always Use HTTPS” in Cloudflare, you have three things doing the same job. They overlap and create loops.

Pick one, disable the rest:

• Recommended for beginners: Use Really Simple SSL only. Remove manual htaccess HTTPS rules and turn off Cloudflare’s “Always Use HTTPS”.
• For developers: Use only the manual htaccess rule. Uninstall Really Simple SSL.
• For Cloudflare users: Use Cloudflare’s “Always Use HTTPS” toggle and skip Really Simple SSL.

Cause 5: Cookie domain mismatch

If your wp-config.php has a COOKIE_DOMAIN defined and it does not match the domain you are visiting, login attempts can spiral into redirects. Look for any line like:

define('COOKIE_DOMAIN', '.yoursite.com');

If the line exists and you are not running a multisite or subdomain setup, comment it out (add // in front) and save. WordPress will use a sensible default.

Cause 6: WWW vs non-WWW conflict

Your site might redirect yoursite.com to www.yoursite.com, and then WordPress redirects back to non-www, infinite loop. Check Settings → General if you can reach wp-admin. Both URLs must agree (both with or both without www). Then in .htaccess have only one direction of redirect:

RewriteCond %{HTTP_HOST} ^www\.yoursite\.com [NC]
RewriteRule ^(.*)$ https://yoursite.com/$1 [L,R=301]

Pick the version (with or without www) and stick to it everywhere: WordPress settings, htaccess, Cloudflare DNS, Search Console.

Cause 7: Caching showing the old broken version

You fixed the cause but the loop is still showing? You are probably looking at a cached redirect chain. Clear in this order:

1. WordPress cache plugin (WP Rocket, LiteSpeed, W3 Total Cache)
2. Server cache (Hostinger LiteSpeed cache, SiteGround Dynamic Cache, Cloudways Varnish)
3. Cloudflare → Caching → Configuration → Purge Everything
4. Browser cookies and cache for the affected domain (Chrome DevTools → Application → Storage → Clear site data)

Specifically clearing cookies for the domain matters because redirect loops also save loop state in cookies, and stale cookies will resurrect the loop.

Quick recovery checklist

If you are locked out of wp-admin completely:

1. FTP into the server
2. Rename .htaccess to .htaccess-backup
3. Edit wp-config.php to set the correct site URLs
4. Try wp-admin in incognito
5. Inside wp-admin, go to Settings → Permalinks and click Save (regenerates a clean htaccess)
6. Re-add only your essential redirect block

This sequence gets your dashboard back even when the htaccess is the broken file itself.

FAQ

Why did the error suddenly appear when nothing changed?

Often it follows an SSL renewal, a Cloudflare setting change, or an auto-update of a plugin like Really Simple SSL. Check your hosting and Cloudflare dashboards for any recent automated changes in the last 24 hours.

Will clearing cookies fix the redirect loop?

It clears the symptom for one browser. The actual server-side loop must still be fixed. But always test in incognito after fixing because regular browser cookies can keep showing the old loop even after the server is repaired.

Is ERR_TOO_MANY_REDIRECTS bad for SEO?

Yes, very much. Google sees the loop, gives up, and may temporarily drop the page from the index. Fix it within 24 hours and recovery is usually quick. Leave it for a week and you can lose rankings on the affected URLs.

Can a security plugin cause redirect loops?

Yes. Wordfence, iThemes Security, and similar can trigger loops if their SSL or login security rules conflict with your htaccess. Temporarily disable the security plugin and retest. If the loop disappears, recheck the plugin’s SSL settings.

Does this error happen on subdomains too?

Yes, especially on multisite installs where each subdomain has its own SSL. Make sure each subdomain has a valid certificate and the same SSL mode in Cloudflare. Mixed modes between sub.example.com and example.com cause loops.

How do I test redirects without hitting the cache?

Use a free tool like httpstatus.io. Paste your URL, see the exact redirect chain. A healthy site shows zero or one redirect, ending in 200 OK. Anything with 4 or more 301s in a row is your loop.

Final word

ERR_TOO_MANY_REDIRECTS is one of the more confusing WordPress errors because it can be triggered from so many places. Use the priority order above: site URL first, Cloudflare SSL mode second, htaccess third. Fix it once, then standardise on one HTTPS mechanism (Really Simple SSL or Cloudflare or htaccess, never all three) and you will not see this error again.