Understanding and Resolving the ‘Too Many Redirects’ Error in a HTTPS-Enabled WordPress Site Using Cloudflare

At its core, the “Too Many Redirects” error happens when a web page continually redirects between different URLs, forming an infinite loop. Now, in the case of a WordPress site using Cloudflare for SSL (https), the situation can be a little complex due to the interplay of settings between WordPress and Cloudflare.

Understanding the error

The initial condition is that your WordPress installation was configured with a base URL using http. You then set up Cloudflare, which effectively acts as a reverse proxy. What this means is that client requests go to Cloudflare, which then makes its own requests to your server. The client’s connection to Cloudflare is independent of Cloudflare’s connection to your server, allowing each to use different protocols.

When you configured Cloudflare to serve your site over https, it started changing requests it received over http to https. However, the connection from Cloudflare to your server was still over http, because your WordPress settings were still configured for http.

Then, when you changed your WordPress URL to https, WordPress started forcing all http traffic to https, including incoming connections from Cloudflare. But remember, from the perspective of your server, Cloudflare was still connecting via http.

This is where the infinite loop and the “Too Many Redirects” error comes in. Here’s what happens, step by step:

1. A client makes an https request to your site.
2. Cloudflare receives the https request and makes an http request to your server.
3. Your server, configured for https, sees the http request and issues a redirect to https.
4. Cloudflare, receiving the redirect, follows it and issues another http request to your server.
5. Repeat steps 3 and 4 ad infinitum.

So, each request gets stuck in this loop, with your server constantly telling Cloudflare to connect via https, and Cloudflare persistently connecting via http, as it doesn’t inherently know that your server can handle https connections. This is the root of the “Too Many Redirects” error.

Fix it

If you want to avoid using plugins and still want WordPress to keep https, then you have to make sure that WordPress correctly identifies the scheme used in incoming requests as https instead of http. As I mentioned, when Cloudflare connects to your server, it does so over http. To inform your server that the original request was https, Cloudflare adds the “HTTP_X_FORWARDED_PROTO” header, with the value “https”.

You need to instruct WordPress to recognize and respect this header. This can be done by adding a few lines to your WordPress’ wp-config.php file, located in the root directory of your WordPress installation.

Here are the steps:

1. Connect to your server via FTP or your hosting control panel’s file manager.
2. Locate the wp-config.php file in the root directory of your WordPress installation.
3. Open this file for editing.
4. Add the following code snippet just above the line that says “/* That’s all, stop editing! Happy publishing. */”:
5. Save the file and exit.

if (strpos($_SERVER['HTTP_X_FORWARDED_PROTO'], 'https') !== false)
$_SERVER['HTTPS']='on';

What this does is check if the “HTTP_X_FORWARDED_PROTO” header is set to ‘https’. If it is, it sets the ‘HTTPS’ environment variable to ‘on’, which is what WordPress uses to determine the scheme of incoming requests.

Now, WordPress should correctly identify incoming requests as https and not issue unnecessary redirects.