I have a fresh install of wordpress in /var/www/html/, also we use CloudFlare(I think the problem can be here). All is okay when I try to use default site with one subdir. But as far as I enable subdir multisite define( 'MULTISITE', true ); site starts to loop with 302 error code(ERR_TOO_MANY_REDIRECTS) on every page I try to access, if I disable it all returns to normal conditions. ere is my wp-config.php: <?php /** * The base configuration for WordPress * * The wp-config.php creation script uses this file during the installation. * You don't have to use the website, you can copy this file to "wp-config.php" * and fill in the values. * * This file contains the following configurations: * * * Database settings * * Secret keys * * Database table prefix * * ABSPATH * * @link https://developer.wordpress.org/advanced-administration/wordpress/wp-config/ * * @package WordPress */ // ** Database settings - You can get this info from your web host ** // /** The name of the database for WordPress */ define( 'DB_NAME', 'db' ); /** Database username */ define( 'DB_USER', 'user' ); /** Database password */ define( 'DB_PASSWORD', 'pass' ); /** Database hostname */ define( 'DB_HOST', 'localhost' ); /** Database charset to use in creating database tables. */ define( 'DB_CHARSET', 'utf8mb4' ); /** The database collate type. Don't change this if in doubt. */ define( 'DB_COLLATE', '' ); /**#@+ * Authentication unique keys and salts. * * Change these to different unique phrases! You can generate these using * the {@link https://api.wordpress.org/secret-key/1.1/salt/ WordPress.org secret-key service}. * * You can change these at any point in time to invalidate all existing cookies. * This will force all users to have to log in again. * * @since 2.6.0 */ define( 'AUTH_KEY', '***' ); define( 'SECURE_AUTH_KEY', '***' ); define( 'LOGGED_IN_KEY', '***' ); define( 'NONCE_KEY', '***' ); define( 'AUTH_SALT', '***' ); define( 'SECURE_AUTH_SALT', '***' ); define( 'LOGGED_IN_SALT', '***' ); define( 'NONCE_SALT', '***' ); /**#@-*/ /** * WordPress database table prefix. * * You can have multiple installations in one database if you give each * a unique prefix. Only numbers, letters, and underscores please! */ $table_prefix = 'wp_'; /** * For developers: WordPress debugging mode. * * Change this to true to enable the display of notices during development. * It is strongly recommended that plugin and theme developers use WP_DEBUG * in their development environments. * * For information on other constants that can be used for debugging, * visit the documentation. * * @link https://developer.wordpress.org/advanced-administration/debug/debug-wordpress/ */ define( 'WP_DEBUG', true ); /* Add any custom values between this line and the "stop editing" line. */ //define('ADMIN_COOKIE_PATH', '/'); //define('COOKIE_DOMAIN', ''); //define('COOKIEPATH', ''); //define('SITECOOKIEPATH', ''); define('WP_ALLOW_MULTISITE', true); define( 'MULTISITE', true ); define( 'SUBDOMAIN_INSTALL', false ); define( 'DOMAIN_CURRENT_SITE', 'site.domain' ); define( 'PATH_CURRENT_SITE', '/' ); define( 'SITE_ID_CURRENT_SITE', 1 ); define( 'BLOG_ID_CURRENT_SITE', 1 ); define('FORCE_SSL_ADMIN', true); // in some setups HTTP_X_FORWARDED_PROTO might contain // a comma-separated list e.g. http,https // so check for https existence if (strpos($_SERVER['HTTP_X_FORWARDED_PROTO'], 'https') !== false) $_SERVER['HTTPS']='on'; define('WP_HOME', 'https://site.domain'); define('WP_SITEURL', 'https://site.domain'); /* That's all, stop editing! Happy publishing. */ /** Absolute path to the WordPress directory. */ if ( ! defined( 'ABSPATH' ) ) { define( 'ABSPATH', __DIR__ . '/' ); } /** Sets up WordPress vars and included files. */ require_once ABSPATH . 'wp-settings.php'; I had a problem with sending some requests using http instead of https so I added: define('FORCE_SSL_ADMIN', true); // in some setups HTTP_X_FORWARDED_PROTO might contain // a comma-separated list e.g. http,https // so check for https existence if (strpos($_SERVER['HTTP_X_FORWARDED_PROTO'], 'https') !== false) $_SERVER['HTTPS']='on'; here is my.htaccess: # BEGIN WordPress # The directives (lines) between "BEGIN WordPress" and "END WordPress" are # dynamically generated, and should only be modified via WordPress filters. # Any changes to the directives between these markers will be overwritten. Options +FollowSymLinks RewriteEngine On RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}] RewriteBase / RewriteRule ^index\.php$ - [L] # add a trailing slash to /wp-admin RewriteRule ^([_0-9a-zA-Z-]+/)?wp-admin$ $1wp-admin/ [R=301,L] RewriteCond %{REQUEST_FILENAME} -f [OR] RewriteCond %{REQUEST_FILENAME} -d RewriteRule ^ - [L] RewriteRule ^([_0-9a-zA-Z-]+/)?(wp-(content|admin|includes).*) $2 [L] RewriteRule ^([_0-9a-zA-Z-]+/)?(.*\.php)$ $2 [L] RewriteRule . index.php [L] # END WordPress photo of one of the many loop requests I think the problem can also be in my apache virtual host config: <VirtualHost *:80> ServerName site.domain DocumentRoot /var/www/html RewriteEngine on RewriteCond %{SERVER_NAME} =site.domain RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent] <Directory "/var/www/html"> AllowOverride All Order allow,deny Allow from all </Directory> </VirtualHost> <IfModule mod_ssl.c> <VirtualHost *:443> DocumentRoot /var/www/html ServerName site.domain SSLCertificateFile /etc/letsencrypt/live/site.domain/fullchain.pem SSLCertificateKeyFile /etc/letsencrypt/live/site.domain/privkey.pem Include /etc/letsencrypt/options-ssl-apache.conf </VirtualHost> </IfModule> so far I tried almost every solution with same title: adding define('ADMIN_COOKIE_PATH', '/'); ... clearing cache checking if mod_rewrite enabled change all permissions to files and directorys setting TLS/SSL Full encryption ...
Jese Leos
12 hours ago
Verified user
Hi, I hope you're doing well. I’ve reviewed your setup, and since you’re using Apache WebServer, here’s a detailed guide to resolve the redirect loop issue in your WordPress multisite configuration. 1. CDN Setting Overview Please verify Cloudflare's SSL settings and switch to Full (strict) in the Cloudflare Dashboard: Navigate to Cloudflare Dashboard > SSL/TLS > Overview. Ensure the SSL setting is set to Full (strict). 2. Update wp-config.php for Subdirectory Multisite Ensure the following configuration is present in your wp-config.php for a subdirectory-based multisite setup: define('MULTISITE', true); define('SUBDOMAIN_INSTALL', false); // Subdirectory-based install define('DOMAIN_CURRENT_SITE', 'yourdomain.com'); // Replace with your actual domain define('PATH_CURRENT_SITE', '/'); define('SITE_ID_CURRENT_SITE', 1); define('BLOG_ID_CURRENT_SITE', 1); // Cloudflare Flexible SSL handling if (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] === 'https') { $_SERVER['HTTPS'] = 'on'; } 3. Check .htaccess for Multisite Rewrite Rules Ensure your .htaccess file contains the correct rewrite rules for WordPress subdirectory-based multisite: # BEGIN WordPress <IfModule mod_rewrite.c> RewriteEngine On RewriteBase / RewriteRule ^index\.php$ - [L] RewriteRule ^wp-admin$ wp-admin/ [R=301,L] RewriteCond %{REQUEST_FILENAME} -f [OR] RewriteCond %{REQUEST_FILENAME} -d RewriteRule ^ - [L] RewriteRule ^(wp-(content|admin|includes).*) $1 [L] RewriteRule ^(.*\.php)$ $1 [L] RewriteRule . index.php [L] </IfModule> # END WordPress 4. Verify WordPress Site URL and Home URL Check that the siteurl and home fields are correctly set in the WordPress database: Run this SQL query to verify the values: SELECT option_name, option_value FROM wp_options WHERE option_name IN ('siteurl', 'home'); 5. Clear Browser and Cloudflare Cache Clear your browser cache and purge Cloudflare’s cache to ensure old redirect rules are not applied: Browser Cache: Clear your browser cache. Cloudflare Cache: Navigate to Cloudflare Dashboard > Caching > Purge Everything and clear the cache. 6. Ensure Proper Virtual Host Configuration Verify that the mod_rewrite module is enabled and your virtual host is configured correctly. Enable mod_rewrite: sudo a2enmod rewrite sudo systemctl restart apache2 Example Virtual Host Configuration: <VirtualHost *:80> ServerAdmin webmaster@yourdomain.com DocumentRoot /var/www/html ServerName yourdomain.com ServerAlias www.yourdomain.com <Directory /var/www/html> Options FollowSymLinks AllowOverride All Require all granted </Directory> ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined </VirtualHost> <VirtualHost *:443> ServerAdmin webmaster@yourdomain.com DocumentRoot /var/www/html ServerName yourdomain.com ServerAlias www.yourdomain.com SSLEngine on SSLCertificateFile /etc/ssl/certs/your_certificate.crt SSLCertificateKeyFile /etc/ssl/private/your_key.key <Directory /var/www/html> Options FollowSymLinks AllowOverride All Require all granted </Directory> ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined </VirtualHost> Let me know if you need further assistance with any of these steps. Note: Please Update your own PORT and domain Name to fix this problem.