How to Fix the "Too Many Redirects" Error on Your Website

If you’ve landed on this article, your browser is probably showing some version of “too many redirects” or “ERR_TOO_MANY_REDIRECTS” when you try to load a page.

That message is the browser’s way of telling you it gave up after being bounced between URLs more times than it considered reasonable.

Almost always, it points to a misconfiguration somewhere in your hosting setup, your WordPress settings, or your CDN, and once you know where to look, the fix is usually straightforward.

In this guide, we’ll aim to fix that by walking you through:

What the too many redirects error actually means.
The most common causes.
Quick fixes you can try in your browser first.
How to diagnose the cause using browser dev tools or cURL.
How to fix the issue at the server, WordPress, and CDN levels.
How to prevent it from happening again with Kadence Security.

What does the “too many redirects” error mean?

A redirect tells a browser to load a different URL than the one originally requested. Redirects are useful for moving content between pages, forcing HTTPS, or switching between www and non-www versions of a domain. The too many redirects error appears when two or more redirects send the browser into a redirect loop, where loading URL A pushes the browser to URL B, which pushes it back to URL A.

Modern browsers will follow up to about 20 redirects before deciding the chain is broken and showing an error.

The exact message depends on the browser:

Google Chrome: “This page isn’t working. ERR_TOO_MANY_REDIRECTS.”
Mozilla Firefox: “The page isn’t redirecting properly.”
Safari: “Safari can’t open the page because too many redirects occurred.”
Microsoft Edge: “This page isn’t working right now.”

Different wording but same problem. The browser hit the redirect limit and stopped trying.

What causes the too many redirects error?

A redirect loop almost always comes down to two rules competing with each other. The most common scenarios are HTTPS conflicts (one rule forces HTTPS, another sends traffic back to HTTP) and www conflicts (one rule forces www, another forces non-www).

Common causes include:

A misconfigured .htaccess file with rewrite rules that conflict with each other or with your CMS settings.
Incorrect WordPress address settings stored in the database, especially after a domain migration or SSL installation.
A CDN encryption mode mismatch where Cloudflare or another CDN tries to connect to your origin server using a protocol the server doesn’t accept.
An expired or misconfigured SSL certificate that prevents HTTPS connections from completing.
Faulty plugins that add their own redirects (especially SEO plugins, security plugins, or caching plugins).
Recently changed redirect rules that haven’t propagated, where your browser is still working from cached cookies.

We’ll work through how to identify and fix each of these in the steps below.

Step 1: Try the quick fixes first

Before you start digging into server configuration, try a few quick checks. These solve the problem maybe 30% of the time and cost you nothing.

Clear your browser cache and cookies

If you recently changed a redirect rule on your site, your browser might be following an old cached version. Clearing your cache and cookies forces a fresh load.

In most browsers, the shortcut is Ctrl+Shift+Delete (Windows/Linux) or Cmd+Shift+Delete (Mac). Select “cookies and other site data” and “cached images and files” for the time range that covers when the issue started, then clear them.

Try incognito mode

Opening the site in an incognito or private browsing window bypasses your existing cookies and cache. If the site loads in incognito mode but breaks in regular browsing, the issue is local to your browser session and a cache clear should fix it.

Try a different browser

If incognito mode also fails, try the site in a different browser entirely. If it works elsewhere, the problem is browser-specific (often a corrupt browser profile or a misbehaving extension). Should you find it fails in every browser, the issue is server-side and you’ll need to keep going.

Disable browser extensions

Some browser extensions, particularly ad blockers and privacy tools, can interfere with redirect chains. Disable extensions one at a time to see if any of them are the cause.

Step 2: Diagnose the redirect loop

If the quick fixes don’t work, the next step is to figure out exactly which redirects are competing. There are two reliable ways to do this.

Use your browser’s developer tools

Every modern browser has a developer tools panel that shows you the request and response headers for every URL the browser loads. This is the fastest way to see a redirect loop in action.

To open developer tools:

Windows/Linux: Press F12 or Ctrl+Shift+I.
Mac: Press Cmd+Option+I.

Click the Network tab. Make sure the recording button is enabled (it’s usually red when active). Then reload the page that’s showing the error.

You’ll see a list of every request the browser made. The redirects will appear with status codes of 301 (permanent) or 302 (temporary), each with a “Location” header pointing to the next URL. In a redirect loop, you’ll see the same two URLs alternating until the browser gives up.

Use cURL from the command line

If you have SSH access to a server (or you’re comfortable with a terminal on your own machine), cURL is the most precise way to trace a redirect chain. The output shows you exactly what the server sends back, without any browser layer in the way.

Save this script as redirect-checker.sh:

#!/bin/bash
echo
for yourdomain in $@; do
    echo --------------------
    echo $yourdomain
    echo --------------------
    curl -sILk $yourdomain | grep -E 'HTTP|Loc' | sed 's/Loc/ -> Loc/g'
    echo
done

Make it executable:

chmod +x redirect-checker.sh

Then run it against your domain:

./redirect-checker.sh yourdomain.com

The output for a healthy domain looks something like this:

--------------------
yourdomain.com
--------------------
HTTP/1.1 301 Moved Permanently
 -> Location: https://yourdomain.com/
HTTP/2 200

The output for a domain stuck in a redirect loop looks like this:

--------------------
www.yourdomain.com
--------------------
HTTP/1.1 301 Moved Permanently
 -> Location: https://www.yourdomain.com/
HTTP/1.1 301 Moved Permanently
 -> Location: http://www.yourdomain.com/
HTTP/1.1 301 Moved Permanently
 -> Location: https://www.yourdomain.com/
HTTP/1.1 301 Moved Permanently
 -> Location: http://www.yourdomain.com/

Notice how the URL alternates between HTTP and HTTPS forever. That’s your loop.

A quick note on redirect types

Two HTTP status codes do most of the redirecting work on the web:

301 (permanent redirect): Tells the browser the content has permanently moved to a new URL. Used for forcing HTTPS, switching between www and non-www, and redirecting old pages to new ones.
302 (temporary redirect): Tells the browser the redirect is temporary. Often generated by your CMS or plugins for things like authentication flows.

Permanent redirects typically come from your .htaccess file or web server configuration. Temporary redirects usually originate inside your CMS or its plugins.

Step 3: Fix the issue at the server level

Most redirect loops can be fixed at one of three locations: your .htaccess file, your WordPress settings, or your CDN configuration. Start with .htaccess since that’s where the most aggressive redirects live.

Check your .htaccess file

The .htaccess file in your WordPress root directory controls Apache server rewrites. To inspect or edit it, connect to your server using SFTP or your hosting provider’s file manager and open .htaccess in a text editor.

Look for RewriteEngine On followed by RewriteCond and RewriteRule lines. These are your redirect rules. The most common patterns you’ll see:

Force HTTPS:

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

This sends any non-HTTPS request to the HTTPS version of the same URL.

Force HTTPS behind a CDN or load balancer (like Cloudflare):

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteCond %{HTTP:X-Forwarded-Proto} =http
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

The extra RewriteCond line is important. Without it, your server sees Cloudflare’s connection as HTTP (because Cloudflare terminates SSL on its own servers) and tries to redirect to HTTPS, which Cloudflare then redirects back, creating a loop. The X-Forwarded-Proto header check breaks the loop.

Force www:

RewriteEngine On
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule (.*) https://www.%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

Force non-www:

RewriteEngine On
RewriteCond %{HTTP_HOST} ^www\. [NC]
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

If you find conflicting rules (one forcing www and another forcing non-www, for example), remove or correct the duplicate. Save the file and try loading your site again.

If you’ve inherited a .htaccess file from another developer and you’re not sure what’s safe to remove, rename the current file to .htaccess.bak and let WordPress regenerate a clean version. Log into the WordPress admin dashboard, go to Settings > Permalinks, and click Save Changes without changing anything. WordPress writes a default .htaccess file with only the rules it needs.

Check your WordPress address settings

WordPress stores your site URL in two places in the database: the Site Address (URL) and the WordPress Address (URL) fields. If these are set incorrectly (HTTP when they should be HTTPS, www when they should be non-www, or pointing to an old domain), they’ll fight your .htaccess rules and create a loop.

To check and fix:

Log in to your WordPress dashboard.
Go to Settings > General.
Look at the values for WordPress Address (URL) and Site Address (URL).
Make sure both use the same protocol (both HTTPS, ideally) and the same www or non-www format.
Click Save Changes.

If you can’t access your WordPress dashboard because of the redirect loop, you can update these values directly in the database. The values are stored in the wp_options table under the siteurl and home rows.

If you have access to your database through phpMyAdmin (most hosting control panels include it), open the wp_options table, find the siteurl and home rows, and edit them directly. Make sure both values match and use the protocol and format you want.

Alternatively, you can override them by adding two lines to your wp-config.php file just above the /* That's all, stop editing! */ comment:

define( 'WP_HOME', 'https://yourdomain.com' );
define( 'WP_SITEURL', 'https://yourdomain.com' );

Replace yourdomain.com with your actual domain. These values take precedence over whatever is in the database, which is useful for getting back into your admin dashboard.

Check your CDN configuration

If you use a CDN like Cloudflare, your CDN’s encryption mode is another common source of redirect loops. CDNs handle the SSL connection between visitors and the CDN, then connect to your origin server separately. If the CDN-to-origin connection settings don’t match what your server expects, you can get a loop.

The three main CDN encryption modes:

Flexible. The CDN connects to your origin over HTTP, but visitors see HTTPS. If your server has an HTTP-to-HTTPS redirect in .htaccess, the CDN’s HTTP request gets redirected to HTTPS, which the CDN handles itself, which creates a loop. Either disable the server-level HTTPS redirect or switch to Full or Full (strict) mode.
Full. The CDN connects to your origin over HTTPS but doesn’t validate the SSL certificate. This works with self-signed certificates but isn’t as secure.
Full (strict). The CDN connects to your origin over HTTPS and validates the SSL certificate. This is the recommended mode for production sites and requires a valid CA-signed certificate on your origin server.

To check your Cloudflare encryption mode, log in to the Cloudflare dashboard, select your domain, and go to SSL/TLS > Overview. The current mode is shown there. If you’re seeing a redirect loop and you’re on Flexible mode, switching to Full or Full (strict) will often fix it immediately, assuming you have a valid SSL certificate installed on your origin server.

Check your SSL certificate

An expired or invalid SSL certificate can cause cascading problems, including redirect loops. If your server is trying to redirect to HTTPS but can’t complete the HTTPS connection because the certificate is invalid, the browser keeps trying.

Use a free SSL checker like SSL Labs or the Qualys SSL Test to verify your certificate is valid and properly installed. If it’s expired, renew it. If your auto-renewal failed, check whether your CDN is interfering with the renewal process (Let’s Encrypt and some other CAs need direct access to your origin server to complete domain validation).

Step 4: Check for plugin and theme conflicts

If the issue persists after checking your server, WordPress, and CDN settings, the next suspect is your plugins or theme. Some WordPress plugins add their own redirect rules, and a faulty plugin can override your server-level configuration.

To test for plugin conflicts:

Connect to your site via SFTP or your file manager.
Navigate to /wp-content/.
Rename the plugins folder to something like plugins-disabled. This deactivates all plugins at once.
Try loading your site.

If the site loads, one of your plugins was the cause. Rename the folder back to plugins, then deactivate each plugin one at a time through your WordPress dashboard until you find the culprit. The most common offenders are SEO plugins (especially anything that handles redirects), security plugins, and caching plugins.

You can do the same with your theme by switching to a default WordPress theme (like Twenty Twenty-Five) temporarily. If the redirect loop disappears, your theme is adding the problem.

How to prevent redirect loops with Kadence Security

Most of the redirect loops you’ll run into come from a small set of issues: bad plugin behavior, accidental changes to your WordPress address settings, expired SSL certificates, or CDN misconfigurations introduced by someone who didn’t realize what they were changing.

Kadence Security closes off a few of these vectors directly. The plugin includes file change detection that flags unexpected modifications to your .htaccess file, your wp-config.php, and your theme files. If a malicious plugin or a compromised admin account starts adding redirect rules you didn’t authorize, you’ll know about it within hours rather than weeks.

For the parts Kadence Security doesn’t cover directly, choosing a host with strong WordPress-specific infrastructure matters. Managed WordPress hosting includes automated SSL certificate management (so you don’t get caught out by an expired cert), server-level rate limiting that catches some misbehaving CDN configurations early, and 24/7 support that can dig into redirect issues for you when the troubleshooting steps above don’t resolve them.

Learn more about Kadence Security.

FAQs about the too many redirects error

Common questions about diagnosing and fixing redirect loops.

How do I fix too many redirects?

Start with the quick browser-level fixes: clear your cache and cookies, try incognito mode, try a different browser. If those don’t work, use your browser’s developer tools or cURL to diagnose the redirect chain, then fix the underlying cause. The most common causes are misconfigured .htaccess rules, incorrect WordPress address settings, CDN encryption mode mismatches, or expired SSL certificates.

What is the ERR_TOO_MANY_REDIRECTS error?

ERR_TOO_MANY_REDIRECTS is Google Chrome’s specific error message for a redirect loop. The browser followed redirects until it hit the limit of 20 and gave up. The cause is the same regardless of which browser shows the error: two or more redirect rules are sending the browser in circles.

Why am I getting a “too many redirects” error on my website?

The most common reasons are a misconfigured .htaccess file (often with conflicting HTTPS or www rules), incorrect WordPress Site Address or WordPress Address settings, a CDN like Cloudflare set to Flexible SSL mode while your server forces HTTPS, an expired SSL certificate, or a faulty plugin adding its own redirect rules.

Can plugins cause redirect loops?

Yes, and they’re a common culprit. SEO plugins, security plugins, and caching plugins are the most frequent offenders because they often add their own redirect rules. To test if a plugin is the cause, rename your /wp-content/plugins/ folder via SFTP to deactivate all plugins at once. If the site loads, reactivate plugins one at a time until you find the one causing the issue.

What if I can’t access my WordPress admin dashboard to fix the error?

You can override your WordPress URL settings by editing your wp-config.php file directly through SFTP. Add these two lines just above the /* That's all, stop editing! */ comment, replacing the domain with your actual URL: define( ‘WP_HOME’, ‘https://yourdomain.com’ );
define( ‘WP_SITEURL’, ‘https://yourdomain.com’ ); This overrides whatever is in the database and usually lets you log back in. You can also update the values directly in the wp_options table via phpMyAdmin if your host gives you database access.

How do I clear redirects?

To clear redirects on a WordPress site, look in three places. First, check your .htaccess file for RewriteRule lines and remove any rules you don’t recognize (rename the file to .htaccess.bak and let WordPress regenerate a clean one if you’re not sure). Second, check Settings > General in your WordPress dashboard and make sure your Site Address and WordPress Address are correct. Third, check any redirect plugins you have installed and review their stored redirects through the plugin’s interface.

What causes redirects in WordPress?

Redirects in WordPress come from three main places. First, server configuration (your .htaccess file or your hosting provider’s settings). Second, WordPress itself, which uses the Site Address and WordPress Address settings to enforce protocol and domain consistency. Third, plugins (SEO plugins like Yoast or Rank Math, redirect-specific plugins, and security plugins all add their own rules). When one of these conflicts with another, you get a redirect loop.

Why can’t I delete my search history on Safari?

This isn’t directly about the too many redirects error, but Safari sometimes stores corrupted website data that triggers redirect errors even after you clear your history. To fully clear data for a specific site in Safari, go to Safari > Settings > Privacy > Manage Website Data, search for the affected domain, and click Remove. If that doesn’t work, try Safari > Clear History and select “All History” from the dropdown.

Will clearing cookies fix too many redirects?

Sometimes. If the redirect loop is caused by stale cookies from a recently changed redirect rule, clearing cookies for the affected domain will let your browser load the site fresh. If the loop is a server-side issue (.htaccess conflicts, CDN misconfiguration, expired SSL), clearing cookies won’t help, and you’ll need to fix the underlying cause.

Are 301 and 302 redirects different in causing redirect loops?

The cause of the loop is the same either way: two rules sending the browser in circles. The only practical difference is where the rules tend to come from. 301 redirects are typically permanent server-level rules in your .htaccess file or web server configuration. 302 redirects are usually temporary and often come from WordPress plugins or your application code. When diagnosing a loop, knowing which type you’re seeing in the developer tools or cURL output tells you where to look for the source.

Get redirect issues under control before they become outages

Most too many redirects errors are minor misconfigurations that take five to ten minutes to fix once you know where to look. The trickier cases (CDN encryption mismatches, expired SSL certificates that took out auto-renewal, plugin conflicts that only show up under load) take longer, but they’re all solvable with the right diagnostic approach.

The most reliable way to avoid these errors is to keep your configuration simple. Choose one location for your redirect rules (either .htaccess or your CDN) and avoid stacking redirects across multiple layers. Keep your WordPress address settings in sync with your actual domain. Use Full (strict) SSL mode on your CDN with a valid certificate on your origin. And use a security plugin like Kadence Security to flag unauthorized changes to your configuration files before they cause problems.

If you’re running a business-critical site and would rather not spend time diagnosing redirect chains, Liquid Web’s managed WordPress hosting includes 24/7 expert support that can troubleshoot these issues for you. Contact our team if you’d like help setting up a hosting environment that prevents these errors in the first place.

Explore server options

Build now