Have you ever tried to log in to WordPress and have the login page just refresh with no errors?
No, I don’t mean that Multisite Login Loop.
After upgrading a bajillion people to WordPress 4.0 on DreamHost, I noticed something a little weird. People couldn’t login and they didn’t get an error. They would put in their ID and password and the screen just refreshed. So I took a look and decided to start with the obvious tests.
Assuming that the username and password were correct, I checked what happened with a fake account and password. I put in ‘admin’ with a password of ‘areyouduckingme?’ (which no one but me would use) and expected to see a nice login error like this:
I did not. Right away I knew what was wrong. There was a miss-match with the home and site URLs!
At DreamHost, we allow you to pick if you want to force www or non-www or not at all for your domains, and I always go to check what the customer did there, just to see. If they picked ‘neither,’ then I’ll usually flip it to non-www because I hate www in your domain and I’m fixing things. Of course, if they have set it to www or no-www, I make a note and honor that.
Then I go check the home and site URL and make sure they’re both the same in so far as the domain does. If one is www.domain.com and the other is just domain.com, and 50% of the time, it was this all along. The other 50% is that WordPress thinks it should have www and the domain settings think it should not. The point here is that everything needs to match up nicely when it comes to your domains.
It’s also a good idea to check the .htaccess to see if they’re forcing it one way or the other in there (I do).
And you’re done. Refresh the page, see if you can login. Should be magic.
Of course the question is then why did this happen, and the answer is that WordPress is trying to make it harder for people to break into your site. Part of these means making sure that cookies match domains properly, and when you have an inconsistency like www.domain.com and domain.com, the cookie is invalid and WordPress doesn’t know where to go. It wants to go to one but gets tossed to the other.
Comments
2 responses to “Single Site Login Loop”
This is a very useful piece of knowledge to stash away. Thanks! 🙂
Great post. This is really a big used for future reference. Thanks for posting.