Title: Infinite redirect loop
Last modified: August 21, 2016

---

# Infinite redirect loop

 *  [liorchaga](https://wordpress.org/support/users/liorchaga/)
 * (@liorchaga)
 * [12 years, 2 months ago](https://wordpress.org/support/topic/infinite-redirect-loop-2/)
 * Hey,
 * Could be that I’m missing something, but there seems to be a bug when forcing
   admin SSL.
    The scenario is opening the admin, previewing a draft (I’m not sure
   it must be a draft, but since I use permalinks for published posts, it only happened
   with drafts). The draft preview link is a secured link, e.g. [https://mydomain.com/mysite?post_type=portfolio&p=3405&preview=true](https://mydomain.com/mysite?post_type=portfolio&p=3405&preview=true)
 * Now what happens is there is an infinite redirect (301) loop for the same url.
 * The code that causes it is in inc\secure.php lines 1025-1030:
 *     ```
       if ( ( $requiressl == true && ! $this->checkssl() ) || ( $requiressl != true && $this->checkssl() ) ) {
   
         $href = ( $_SERVER['SERVER_PORT'] == '443' ? 'http' : 'https' ) . '://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'];
         wp_redirect( $href, 301 );
   
       }
       ```
   
 * for the draft preview, $requiressl is false, but checkssl() return true, and 
   so the condition is met, and the $href is reconstructed with https (because we
   accessed it in port 443).
 * Replacing the code with the following solved me the bug:
 *     ```
       if ( $requiressl == true && ! $this->checkssl() ) {
   
         $href = 'https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'];
         wp_redirect( $href, 301 );
   
       }
       else{
         if ( $requiressl != true && $this->checkssl() ){
           $href = 'http://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'];
           wp_redirect( $href, 301 );
         }
       }
       ```
   
 * Lior
 * [https://wordpress.org/plugins/better-wp-security/](https://wordpress.org/plugins/better-wp-security/)

The topic ‘Infinite redirect loop’ is closed to new replies.

 * ![](https://ps.w.org/better-wp-security/assets/icon.svg?rev=3529351)
 * [Kadence Security – Password, Two Factor Authentication, and Brute Force Protection](https://wordpress.org/plugins/better-wp-security/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/better-wp-security/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/better-wp-security/)
 * [Active Topics](https://wordpress.org/support/plugin/better-wp-security/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/better-wp-security/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/better-wp-security/reviews/)

 * 0 replies
 * 1 participant
 * Last reply from: [liorchaga](https://wordpress.org/support/users/liorchaga/)
 * Last activity: [12 years, 2 months ago](https://wordpress.org/support/topic/infinite-redirect-loop-2/)
 * Status: not resolved