“Too many redirects” usually means WordPress thinks it’s HTTP while Cloudflare is serving HTTPS (or the reverse). This guide walks through what to align so the loop stops.
Symptoms
- Browser shows “too many redirects”
- Login or admin redirects in a loop
Quick checks
- Cloudflare SSL mode matches your origin setup
- WordPress Site URL and Home URL use the intended scheme (https if you’re serving over HTTPS)
- Apache is aware of the original scheme when behind a proxy (e.g.
X-Forwarded-Proto)
Fix pattern
- Align SSL mode and origin cert strategy
- Ensure WordPress URLs are consistent (no mixed http/https in the database)
- Purge Cloudflare cache after changes
FAQ
What Cloudflare SSL mode should I use with a valid origin cert?
“Full (strict)” when the origin has a valid TLS cert Cloudflare trusts. “Full” if the origin has a cert but you can accept Cloudflare not verifying it. Avoid “Flexible” when the origin expects HTTPS.
Do I need to change WordPress URLs?
If Site URL or Home URL are set to http:// but visitors hit https://, WordPress may redirect to HTTP and Cloudflare back to HTTPS. Update the URLs in the database (or via wp-config) to https:// and clear caches.
Related
- Cloudflare + WordPress origin basics — full origin and caching checklist