You log into your WordPress site with the correct username and password, but instead of reaching the dashboard, the page refreshes or redirects you back to the login screen. It is one of the most frustrating issues WordPress users face, and it can feel like you are locked out of your own website.

This problem usually happens because of cached data in your browser, plugin conflicts, mismatched WordPress URL settings, or corrupted core files. In some cases, a misconfigured server or a faulty .htaccess file can also cause the endless login loop.

The positive side is that this issue can be resolved with a few straightforward fixes. In this guide, you will find step-by-step methods to troubleshoot and fix the WordPress login page refreshing and redirecting issue, so you can regain access to your website without unnecessary stress.

1. Clear Browser Cache and Cookies

One of the most common reasons behind the WordPress login page refreshing or redirecting issue is corrupted or outdated browser data. When your browser stores cached versions of your site or old cookies, it may interfere with WordPress authentication. As a result, even if your login details are correct, the browser continues looping you back to the login screen.

The solution is simple: clear your browser cache and cookies to ensure the login page loads with fresh data. Below are the steps for the most widely used browsers.

How to Clear Cache and Cookies in Google Chrome

1. Open Chrome and click on the three-dot menu in the top-right corner.
2. Select Settings and then navigate to Privacy and Security.
3. Click Clear browsing data.
4. Choose Cookies and other site data, and Cached images and files.
5. Select a time range (for best results, choose All time).
6. Click Clear data and restart your browser.

How to Clear Cache and Cookies in Mozilla Firefox

1. Open Firefox and click the three-line menu in the top-right corner.
2. Go to Settings and select Privacy & Security.
3. Scroll down to the Cookies and Site Data section.
4. Click Clear Data.
5. Check both Cookies and Site Data and Cached Web Content.
6. Click Clear, then close and reopen Firefox.

How to Clear Cache and Cookies in Microsoft Edge

1. Open Edge and click the three-dot menu in the top-right corner.
2. Select Settings and go to Privacy, search, and services.
3. Under Clear browsing data, click Choose what to clear.
4. Select Cookies and other site data and Cached images and files.
5. Choose a time range such as All time for a complete reset.
6. Click Clear now and restart Edge.

Once you have cleared your cache and cookies, try logging into WordPress again. In most cases, this simple fix resolves the login loop immediately.

2. Check and Update WordPress Site URL Settings

Another common cause of the WordPress login page refreshing or redirecting problem is a mismatch between the WordPress Address (URL) and the Site Address (URL). These two values tell WordPress where your website is located and how it should handle login sessions. If they are not the same, WordPress may fail to authenticate your login and send you back to the login screen.

Normally, you can update these settings from the WordPress dashboard under Settings > General. However, if you cannot log in, you will need to fix them manually using either the wp-config.php file or phpMyAdmin.

Fix WordPress URL Settings via wp-config.php

1. Access your website files using FTP or your hosting control panel’s File Manager.
2. Locate the wp-config.php file in the root directory of your WordPress installation.
3. Download a backup copy of this file before making any changes.
4. Open the file in a text editor and add the following lines just before the line that says “That’s all, stop editing! Happy publishing.”:

              define(‘WP_HOME’,’https://yourdomain.com’);

              define(‘WP_SITEURL’,’https://yourdomain.com’);

Replace https://yourdomain.com with your actual website URL. Make sure to include https if your site uses SSL.

5. Save the file and upload it back to your server.

6. Try logging into your WordPress site again to check if the issue is resolved.

Fix WordPress URL Settings via phpMyAdmin

1. Log in to your hosting control panel and open phpMyAdmin.
2. Select your WordPress database from the list on the left.
3. Find and open the wp_options table (the prefix may vary depending on your installation).
4. Locate the rows named siteurl and home.
5. Edit both values to match your correct domain, for example: https://yourdomain.com.
6. Save the changes and close phpMyAdmin.
7. Clear your browser cache and attempt to log in again.

Making sure the WordPress Address and Site Address are correctly set often resolves the login refresh issue instantly. If the values are not aligned, WordPress cannot create a stable session, which results in the frustrating redirect loop.

3. Disable Problematic Plugins

Plugin conflicts are one of the most frequent causes of the WordPress login page refreshing or redirecting issue. Even a single plugin that is outdated, incompatible with your WordPress version, or poorly coded can interfere with login authentication. Identifying and disabling the problematic plugin often resolves the issue immediately.

If you cannot access the WordPress dashboard, you can disable plugins manually using FTP or your hosting control panel’s File Manager.

How to Disable Plugins via FTP

1. Connect to your website using an FTP client such as FileZilla.
2. Navigate to the wp-content folder in your WordPress installation.
3. Open the plugins folder.
4. To disable all plugins temporarily, rename the folder to something like plugins-disabled.
5. Attempt to log in to your WordPress site. If the login works, a plugin conflict is confirmed.
6. Rename the folder back to plugins and then rename individual plugin folders one by one to identify the culprit.

How to Disable Plugins via File Manager

1. Log in to your hosting control panel and open File Manager.
2. Go to the root directory of your WordPress installation and open the wp-content folder.
3. Locate the plugins folder and rename it to plugins-disabled.
4. Try logging into WordPress again. Successful login indicates a plugin conflict.
5. Rename the folder back to plugins and disable plugins individually to find the one causing the issue.

Disabling problematic plugins is usually the quickest way to resolve login loops. Once you identify the conflicting plugin, you can either update it, replace it with a reliable alternative, or contact the plugin developer for support.

4. Switch to a Default Theme

Sometimes the WordPress login page refreshing or redirecting issue is caused by your active theme. Custom themes or outdated theme files can interfere with WordPress authentication and create a login loop. Temporarily switching to a default WordPress theme can help determine whether the theme is the source of the problem.

If you cannot access your dashboard, you can switch themes manually using FTP or the database.

How to Activate a Default Theme via FTP

1. Connect to your website using an FTP client such as FileZilla or your hosting File Manager.
2. Navigate to the wp-content/themes folder.
3. Locate the folder of your active theme and rename it to something like theme-name-disabled.
4. WordPress will automatically revert to a default theme such as Twenty Twenty-Four if it is installed.
5. Try logging in again to see if the issue is resolved.

How to Activate a Default Theme via Database (phpMyAdmin)

1. Log in to your hosting control panel and open phpMyAdmin.
2. Select your WordPress database from the list.
3. Open the wp_options table (the prefix may vary).
4. Locate the rows named template and stylesheet.
5. Change both values to the name of a default theme installed on your site, for example: twentytwentyfour.
6. Save the changes and attempt to log in to your site.

Switching to a default theme helps identify whether the issue originates from your theme files. If login works after the switch, the problem lies within your previous theme, and you can update, repair, or replace it as needed.

5. Regenerate the .htaccess File

A corrupt or misconfigured .htaccess file is another common reason why the WordPress login page keeps refreshing or redirecting. This file controls important server instructions, including redirects and permalinks. If it contains incorrect rules, WordPress may fail to handle login sessions properly and push you back to the login screen.

Thankfully, regenerating a new .htaccess file is straightforward and often resolves the issue quickly.

How to Regenerate the .htaccess File from the WordPress Dashboard

If you still have limited access to your dashboard:

1. Go to Settings > Permalinks.
2. Without making any changes, scroll down and click Save Changes.
3. WordPress will automatically create a fresh .htaccess file with default rules.
4. Attempt to log in again to check if the issue is fixed.

How to Regenerate the .htaccess File Manually

If you cannot access the dashboard:

1. Log in to your hosting control panel or connect via FTP.
2. Navigate to the root directory of your WordPress installation.
3. Locate the .htaccess file and download a backup copy to your computer.
4. Delete the existing .htaccess file from the server.
5. Create a new file named .htaccess and add the following default WordPress rules:

# BEGIN WordPress

<IfModule mod_rewrite.c>

RewriteEngine On

RewriteBase /

RewriteRule ^index\.php$ – [L]

RewriteCond %{REQUEST_FILENAME} !-f

RewriteCond %{REQUEST_FILENAME} !-d

RewriteRule . /index.php [L]

</IfModule>

# END WordPress

6. Save the file and upload it to the root directory.

7. Try logging into your WordPress site again.

Regenerating the .htaccess file is often the solution when redirect problems stem from broken server rules. If login works after this step, you can be confident the issue was caused by the old configuration.

6. Check Cookie and Session Settings in wp-config.php

WordPress relies on cookies to manage user sessions and authenticate logins. If cookie handling is misconfigured, your site may fail to store login data properly, causing the login page to refresh instead of granting access. This often happens when the cookie domain is set incorrectly in the wp-config.php file.

Fortunately, adjusting the cookie settings in this file usually resolves the issue.

Why Cookie Settings Matter

When you log in, WordPress sets cookies that tell the browser you are authenticated. If the cookie domain does not match your actual site domain, the session cannot be maintained. As a result, WordPress treats you as if you never logged in, leading to the frustrating redirect loop.

How to Fix Cookie Settings in wp-config.php

1. Access your website files using an FTP client or the File Manager in your hosting control panel.
2. Locate the wp-config.php file in the root directory of your WordPress installation.
3. Download a backup copy of the file before making any edits.
4. Open the file in a text editor.
5. Add the following line of code just before the line that says “That’s all, stop editing! Happy publishing.”:

define(‘COOKIE_DOMAIN’, ”);

6. Save the file and upload it back to your server.

7. Clear your browser cache and cookies, then attempt to log in again.

By resetting the cookie domain to an empty value, you allow WordPress to handle cookies dynamically based on your site URL. This eliminates mismatches and often restores normal login functionality.

7. Clear WordPress and Server Cache

Caching is designed to improve website performance, but in some cases, it can cause login issues. When caching plugins or server-level caching store outdated files, your browser may be served an old version of the login page. This prevents WordPress from recognising your session correctly and often results in a refresh or redirect loop.

Clearing both WordPress plugin cache and server-side cache helps ensure that your login page loads with the most up-to-date data.

Clear Cache from WordPress Plugins

If you are using a caching plugin such as WP Rocket, W3 Total Cache, or WP Super Cache, follow these steps:

WP Rocket

1. Log in to your WordPress dashboard.
2. Go to Settings > WP Rocket.
3. Click the Clear Cache button at the top of the page.

W3 Total Cache

1. From your dashboard, go to Performance > Dashboard.
2. Click empty all caches to clear stored files.

WP Super Cache

1. Navigate to Settings > WP Super Cache.
2. Under the Easy tab, click Delete Cache.

Once the cache is cleared, log out and attempt to log back into WordPress.

Clear Server-Side Cache

Some hosting providers, especially managed WordPress hosts, use server-level caching that can also interfere with logins. To clear it:

1. Log in to your hosting control panel.
2. Look for caching options under performance settings or site management.
3. Select Purge Cache or Clear Cache for your site.
4. Restart your browser and try logging in again.

Clear CDN Cache (if applicable)

If your site uses a Content Delivery Network (CDN) such as Cloudflare, old cached files may also be responsible.

1. Log in to your CDN account.
2. Go to the caching section of your dashboard.
3. Select Purge Everything to clear all cached files.

Refreshing all caches ensures WordPress delivers the latest version of your login page and prevents the redirect loop caused by outdated data.

8. Check File Permissions

Incorrect file and folder permissions can also prevent WordPress from working as expected. If your server is unable to read or write essential files because of restrictive permissions, it may fail to process the login request and push you back to the login screen. Ensuring that file permissions are set correctly is an important step in troubleshooting the login refreshing or redirecting issue.

Why File Permissions Matter

WordPress relies on specific permissions to allow the server to access and execute files. If the permissions are too strict, the system cannot run necessary scripts for login authentication. On the other hand, overly loose permissions may compromise your site’s security. Striking the right balance keeps your site both functional and safe.

Recommended WordPress File Permissions

• Folders should be set to 755
• Files should be set to 644
• The wp-config.php file, which contains sensitive information, can be tightened further to 600 or 640

These values are recommended by WordPress for most hosting environments.

How to Check and Update File Permissions

1. Log in to your hosting control panel or connect to your website via FTP.
2. Navigate to your WordPress root directory.
3. Right-click on a folder such as wp-content and select File Permissions or Change Permissions.
4. Set the numeric value to 755 for folders and apply it recursively to all subdirectories.
5. Do the same for files but set the value to 644.
6. Locate the wp-config.php file in the root directory and set its permission to 600 or 640 for extra security.
7. Save the changes and attempt to log in to WordPress again.

Correcting file permissions ensures WordPress has the proper access to execute login scripts while keeping your site secure. If permissions were the root cause, this adjustment will allow you to log in without further redirects.

9. Disable Security or Firewall Plugins and Server Rules

Security plugins and server-level firewall rules are essential for protecting your WordPress site, but sometimes they can interfere with the login process. Overly strict configurations may block WordPress cookies or redirect authentication requests, leading to the login page refresh or redirect loop. Temporarily disabling these security measures helps confirm whether they are responsible for the issue.

How Security and Firewall Rules Cause Login Loops

Security plugins such as Wordfence, Sucuri, or iThemes Security monitor login activity to prevent unauthorized access. In certain cases, they may mistakenly block legitimate login attempts due to aggressive settings, incorrect IP detection, or conflicts with other plugins. Similarly, server-level firewalls or hosting security rules may redirect login requests if they detect suspicious behaviour, even when the credentials are correct.

How to Temporarily Disable Security Plugins

If you cannot access your dashboard:

1. Connect to your website using FTP or open File Manager in your hosting control panel.
2. Navigate to the wp-content/plugins folder.
3. Locate the folder of the security plugin (for example, Wordfence or sucuri-scanner).
4. Rename the folder, for instance, wordfence-disabled.
5. Try logging in to WordPress again. If the login works, the plugin configuration was likely causing the problem.

How to Check Server Firewall Rules

1. Log in to your hosting control panel.
2. Look for security or firewall settings under server management tools.
3. Temporarily disable rules related to login protection or brute-force prevention.
4. Save the changes and attempt to log in again.
5. If the login works after disabling, you can re-enable the firewall with adjusted rules.

Disabling security features should only be temporary. If a security plugin or firewall is causing the login loop, update its configuration rather than leaving it off. For example, whitelist your IP address, adjust brute-force protection limits, or update plugin rules to allow WordPress authentication to run smoothly without compromising site security.

10. Check SSL and HTTPS Redirection Issues

SSL certificates are vital for securing data between your website and its visitors. However, incorrect HTTPS redirection rules or mixed content issues can trigger login refresh loops in WordPress. If the site is forcing HTTPS improperly, WordPress may not correctly handle authentication cookies, leading to repeated redirects back to the login page.

Why HTTPS Redirection Can Cause Login Problems

When HTTPS is not configured correctly, several issues can arise:

• Forced HTTPS conflicts: Redirect rules in the .htaccess file or server configuration may create a loop between HTTP and HTTPS.
• Mixed content errors: Some resources might still load over HTTP, which can interfere with secure sessions.
• Incorrect WordPress settings: If the WordPress Address (URL) and Site Address (URL) do not match the SSL configuration, logins can fail.

How to Properly Configure SSL in WordPress

1. Verify SSL Installation
   • Check with your hosting provider or SSL certificate provider that the certificate is correctly installed.
   • Visit your site using https:// to confirm the certificate is valid and shows no warnings.
2. Update WordPress URL Settings
   • Log in to your WordPress dashboard.
   • Go to Settings > General.
   • Ensure both WordPress Address (URL) and Site Address (URL) start with https://.
   • Save changes and test the login page.
3. Update .htaccess or Server Rules
   • If using Apache, check the .htaccess file for redirect rules. A proper HTTPS redirect should look like this:

RewriteEngine On

RewriteCond %{HTTPS} !=on

RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

1. If using Nginx, confirm that the server block is redirecting traffic to HTTPS correctly without looping.
2. Fix Mixed Content Issues

4. Use a plugin like Really Simple SSL to automatically detect and correct mixed content.
5. Manually update hardcoded links in your theme, database, or widgets to ensure they load via HTTPS.

Best Practices for HTTPS Setup

• Always redirect all traffic to HTTPS using a single set of rules to prevent conflicts.
• Keep your SSL certificate renewed and up to date.
• Test your site using tools like Why No Padlock or SSL Labs to identify misconfigurations.

Correctly setting up SSL ensures a secure, seamless login process and avoids frustrating redirect loops that prevent you from accessing the WordPress dashboard.

11. Manually Reset .htaccess and wp-login.php

If you have tried all other troubleshooting methods and the login loop issue persists, a last-resort option is to manually reset or restore critical WordPress files. Sometimes a corrupted .htaccess file or a modified wp-login.php can block proper authentication, making it impossible to log in.

Why These Files Matter

• .htaccess file: Controls how WordPress handles redirects, permalinks, and security rules. If corrupted or misconfigured, it can cause endless login refresh issues.
• wp-login.php file: Handles the login form and authentication process. Any unauthorized edits or malware injections can prevent login attempts from working.

Steps to Reset the .htaccess File

1. Connect to your website using FTP or your hosting File Manager.
2. Locate the .htaccess file in the root WordPress directory.
3. Download a backup copy to your computer for safety.
4. Delete the .htaccess file from the server.
5. Log in to your WordPress dashboard (if the loop is resolved) and go to Settings > Permalinks.
6. Click Save Changes without modifying anything. This automatically generates a fresh .htaccess file with default WordPress rules.

If you cannot access the dashboard, manually create a new .htaccess file with the default code:

# BEGIN WordPress

<IfModule mod_rewrite.c>

RewriteEngine On

RewriteBase /

RewriteRule ^index\.php$ – [L]

RewriteCond %{REQUEST_FILENAME} !-f

RewriteCond %{REQUEST_FILENAME} !-d

RewriteRule . /index.php [L]

</IfModule>

# END WordPress

Steps to Restore wp-login.php

1. Download a fresh copy of WordPress from the official repository at wordpress.org.
2. Extract the package on your computer.
3. Locate the wp-login.php file in the fresh WordPress files.
4. Connect to your server using FTP or File Manager.
5. Navigate to the root WordPress directory and rename the existing wp-login.php file to something like wp-login-old.php (for backup).
6. Upload the clean wp-login.php file from the fresh WordPress download.

• Only use this method if you are confident in handling WordPress core files.
• Always take a full backup of your website before replacing files.
• If malware is suspected, run a complete security scan using a trusted plugin like Wordfence or request help from your hosting provider.

Resetting these files often resolves stubborn login loops that stem from corruption or malicious edits. Since this approach involves direct file replacement, treat it as a last resort after exploring safer troubleshooting methods.