For days I've been trying to fix this issue. Tweaking this and that with help from my host. Today I escalated my methodology and decided to do a clean install of the core files:
1) downloaded the latest zip from wordpress.org
2) deleted all the directories and files within public_html except for: wp-content and wp-config.php
3) SFTP to public_html and transferred all the clean WordPress files to the server.
4) Tested the site which is working fine
5) Tested the wp-admin and it still redirects to http://www.mysite.com/wp-login.php?redirect_to=http%3A%2F%2Fwww.mysite.com%2Fwp-admin%2Findex.php&reauth=1
6) Setup BulletProof Security settings again in the WordPress admin dashboard.
7) Tested site and it's working fine
8) Password locked the wp-admin directory via cpanel > password protect directories
9) Tested wp-admin and get a "This page has a redirect loop" warning
10) Cleared browser cache
11) tested wp-admin and get a "This page has a redirect loop" warning
12) turned off wp-admin password lock via cpanel > password protect directories
13) tested wp-admin and it goes to http://www.mysite.com/wp-admin/ (again note no trailing php file as I would expect it should)