iThemes Security (formerly Better WP Security)
iThemes Security causing Redirect loop error (15 posts)

  1. keithvaugh
    Posted 1 year ago #

    Hi All

    Anytime I reactivate iThemes security on my site I get a "redirect loop error"

    Originally the site was working fine with ithemes security 4.0 (the initial few builds).

    Can someone advise what I need to do to resolve this issue.

    I have the plugin disabled ATM.


  2. iThemes Support
    Posted 1 year ago #

    Hi Keith,

    What version of the plugin are you on? The error you mentioned has been addressed and corrected in a previous released update. Please try downloading the current version of the plugin (4.1.3) and that should resolve your issue.


  3. keithvaugh
    Posted 1 year ago #

    I actually installed the latest version today, that today but I'm still getting the same result. It worked fine with the early builds of 4.x.x, then about two/three weeks ago (not sure which build) the redirect loop issue appeared.

  4. keithvaugh
    Posted 1 year ago #

    Still broken in version 4.1.5 and WP 3.9!

  5. Daniel Marquard
    Posted 1 year ago #

    I had this problem also. In my case, pages with SSL enforced would toggle back and forth between HTTP and HTTPS, creating an infinite loop, regardless of which protocol was used to access the page.

    It turns out that another plugin, WooCommerce, was causing it, even though it seemingly had nothing to do with any pages outside of the two it enforced SSL on. Disabling SSL in WooCommerce fixed the issue, and I just toggled SSL using iThemes by editing these two pages. Now my website is secure and conflict-free. :)

    Hope this helps.

  6. keithvaugh
    Posted 1 year ago #

    Thanks Daniel for the reply.

    I will investigate the WooCommerce connection - however I have an SSL site wide.

    Since posting I changed from a multisite installation of WP to a single site and that seems to have fixed the issue! Maybe it is a multisite issue that developers need to be examining.

  7. Garetii
    Posted 1 year ago #

    I am still having the same problem @iThemes Support, and all my plugins and version of WP are up to date.

    The only way I was able to get around this issue was by turning off the "Force SSL during checkout" and "unforce after checkout" option in Woocommerce. I then set each checkout and account page to force SSL using the iThemes Security per content Force SSL option.

    The problem is that now I have a red notification on the backend from Woocommerce saying that "customer's credit card data is at risk". Is there a way that you guys and Woocommerce can get together and figure out how get this conflict solved?

    I really appreciate all the work you guys do. iThemes Security and Woocommerce are AWESOME plugins. So I hope this doesn't come across as an annoying complaint. It's not. It's just an understandable bug that needs to be worked out somehow.

    Thanks for your attention to this.

  8. carpathia
    Posted 10 months ago #


    When installing iThemes Security 4.4.13 into a WP 4.0 Multisite installation it shut down two of the websites by causing https to default into their urls. The other sites within the multisite network were unaffected. With the plugin deactivated all sites run fine. There are no SSLs installed on any sites in the network.

    What iThemes Security settings should I adjust to get things to work correctly?

    Is there something else I should consider as well?

    Love the iThemes Security plugin.

    Tks - LN

  9. MattFI
    Posted 8 months ago #

    Having this same issue when activating iThemes Security 4.4.23 (most recent version) with WP 4.0.1, but ours is a single-site installation.

    Any ideas?

  10. Random Dev
    Posted 8 months ago #

    Same problem, also single site installation.

  11. iThemes Support
    Posted 8 months ago #


    If the SSL feature has been enabled and you don't have a SSL certificate you can delete the two lines referencing SSL in your wp-config.php.



  12. MattFI
    Posted 8 months ago #

    Thanks for the response.

    I don't know whether the SSL feature had been enabled (and I can't check to see if it is because every time I try to activate the plugin, it crashes the site).

    I hope you understand my reluctance to start deleting lines out of my wp-config without having any idea whether or not that's the causative issue. Especially in an attempt to correct an issue that would seem to be an addressable bug/issue with the plugin.

    I also know that I didn't change any settings in iThemes Security when this happened, so I'm still a little confused why it would all of the sudden go haywire?

  13. Daniel Marquard
    Posted 8 months ago #

    The SSL feature of this plugin has always been problematic. It's basically unusable when used with a Varnish front-end in my experience. You're better off following Google's recommendation of enforcing SSL across your entire website, which can be done by changing the protocol in your WordPress settings.

  14. MattFI
    Posted 8 months ago #

    @Daniel Marquard... can you explain in greater detail regarding changing the protocol in the WordPress settings?

  15. Random Dev
    Posted 8 months ago #

    In my case, SSL was never enabled, as we don't have that functionality on the server.

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic


No tags yet.