Enabling Force Login adds reauth=1 to the login redirect. Is that a normal behavior?

https://localsite/wp-login.php?redirect_to=https%3A%2F%2Flocalsite%2F&reauth=1

reauth=1 sometimes causes loops when logging into into the admin area.

Enforcing login using other plugins does not add reauth=1 to the redirect.

It’s a fresh WP install with LP installed only. No other plugins installed or any customisation made.

Max

<Files login.php>
Order Deny,Allow
Deny from all
Allow from all
</Files>

still nothing. I believe I’ve tried more than that, but yet again, nothing. So i can only login via incognito but i have to change reauth=1 to reauth=0 and every couple of minutes the session expires and i have to relogin. I’d really appreciate it if anyone could help me.

Kind regards,
mark

A few weeks ago my login page stopped working. It seemed that my wp-admin was suddenly looping on the reCaptcha. I did everything I could find online to fix it but without result.

Eventually I decided to rebuild the site and complete re-upload it (sql database and files). This still doesn’t do the job. The homepage has changed after reuploading, but the wp-admin screen is still showing the same login screen as before (even without using a reCaptcha plugin on this new version). The login screen should go to the normal login screen directly and not show the reCaptcha it is showing now. It seems like there’s some kind of redirect on this page…?
Web address is also not showing the normal login url but: https://www.growyour420.com/wp-login.php?redirect_to=https%3A%2F%2Fwww.growyour420.com%2Fwp-admin%2F&reauth=1

Can anybody help me with this problem? I am feeling kind of desperate at the moment since I feel like I’ve tried everything. (Cache clearing, deleting cookies, plugins disabling in any way possible, rebuilding the website etc).

Hope anyone know what’s going on with the login screen.

Kind regards

I can’t remember but this may be when the problem started. After that, I performed the manual update. This seemed to work except that I couldn’t login without being redirected back to the login page.

What’s frustrating about this problem is that there are dozens of proposed solutions out there — clearly this is a common problem — and none of them have worked for me.

Here are the specific things I’ve tried.

• Clearing the browser cache, including cookies
• Logging in using Incognito mode
• Deleting session_tokens value from wp_usermeta table
• Turning on WP_DEBUG, WP_DEBUG_LOG, and WP_DEBUG_DISPLAY – these did nothing, no logs, no error messages
• Renaming the plugins folder
• Adding WP_HOME and WP_SITEURL values to wp-config.php file
• I am on a Windows host, so .htaccess solutions don’t apply
• Deleting all security related keys from the wp-config.php file, including AUTH_KEY, SECURE_AUTH_KEY, LOGGED_IN_KEY, and NONCE_KEY

I’m sure I’ve tried a few other things I can’t remember at the moment.

I’m out of ideas. Any suggestions would be appreciated.

This started happening a day or two ago.

I did switch from http to forced https but as far as I can see everything else works fine.

I also updated to latest version of WP

When I disable this plugin wp-login to wp-admin works fine as well.

Uninstalling and reinstalling plugin didn’t help (ps set options were still there as before after reinstall, How do I ‘clean’ them from database?).

Hope this can be solved. Been using this plugin for a long time, suits me perfectly.

https://www.ads-software.com/plugins/zm-ajax-login-register/

Upon logging in with correct credentials (I double checked first by resetting it, then manually changing it in PhpMyAdmin) I kept getting bounced back to the wp-login screen. The URL was each time appended as https://mysite/wp-login.php?redirect_to=http%3A%2F%2Fmysite%2Fwp-admin%2F&reauth=1. So I started mucking about the forums and googling fixes.

Here are all the things that I tried, but in my case, did not work:

• Clearing my cache, logging in in Incognito-mode, user other browsers, etc.
• Disabling all plugins by renaming the wp-content/plugins folder
• Disabling all themes except twentysomething
• Doing a complete re-upload of everything WP except wp-config.php and especially re-uploading wp-login.php
• Wiping the .htaccess file (Thank god I made a backup)
• Checking my database if it exceeded the allowed size (Mind you this has been a fix for several cases I encountered so make sure to check that!)
• Adding code to wp-login.php to re-specify my site URL, or, doing the same manually in PhpMyAdmin to wp_options under ‘home’ and ‘siteurl’ (Mind you this can be a fix if you’re using a different URL for your WP install than your server configuration, so that it bounces between https://www.yoursite and https://yoursite)

So then, like the hilarious amateur I am, I came to the enlightened idea of perhaps checking the debugger out!

TIP: when things hit the fan, churn on that debugger and amaze at the amount of useful information it provides you!

Now the debugger gave me two pieces of info I could use:

1. An error stating MySQL server has gone away followed by something about usermeta, meta_value and a gigantic string of information it apparently tried and failed to write into the database
2. Several errors regarding Cannot modify header information – headers already sent

Because I suspected the errors came in in the right order, just like that, I finally discovered the problem: the database. It looked like a session token was being written into the database, but because it was gigantic, the database timed out, making WordPress fling me back to the login page again.

My Fix

1. Go into PhpMyAdmin to your WordPress database
2. Find the table named wp_usermeta
3. Find the rows titled session_token
4. Delete the value associated with it
5. (Mind you the value is huge and your browser might freak out. I did it by clicking ‘edit’ for that record first, then toggling the null value for the field on and off, selecting the empty field and pressing delete a couple of times to make sure, and then hit save)

And there you have it. A possible solution to that incessant and infuriating redirect loop problem that occurs when your database and WordPress stop playing together correctly. I’ve seen a lot of frustrated users in the forums with similar issues, so I hope this post will be of use to you. Good luck.

When I clic in “Edit page” in a top toolbar of WordPress always redirect to https://mydomain.es/mi-cuenta/your-profile/#038;reauth=1 instead https://mydomain.es/wp-admin/post.php?post=15537&action=edit

https://www.ads-software.com/plugins/theme-my-login/

I cant login to my admin account to multisiste WP. Some days ago everything works well, today I maked update using wordpress.com/plugins feature (by jetpack), and try to log in on one of my multisite subpages.. after that I have reauth=1 loop on all pages from this wordpress instalation.

This is adress returned after attempting to log on:

https://oop.org.pl/wp-login.php?redirect_to=http%3A%2F%2Foop.org.pl%2Fwp-admin%2F%3Fsucuriscan_lastlogin%3D1&reauth=1

[Large code excerpt removed by moderator per forum rules. Please use Pastebin or gist.github.com for all large code excerpts. It works better anyway.]

and my htaccess:

AuthName "Restricted Area"
AuthType Basic
AuthUserFile /home/xxxxxxxxxxxx
<Files wp-login.php>
require valid-user
</Files>

ErrorDocument 401 "Denied"
ErrorDocument 403 "Denied"

# BEGIN WordPress
<IfModule mod_rewrite.c>

RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]

# add a trailing slash to /wp-admin
RewriteRule ^([_0-9a-zA-Z-]+/)?wp-admin$ $1wp-admin/ [R=301,L]

RewriteCond %{REQUEST_FILENAME} -f [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^ - [L]
RewriteRule ^([_0-9a-zA-Z-]+/)?(wp-(content|admin|includes).*) oop/$2 [L]
RewriteRule ^([_0-9a-zA-Z-]+/)?(.*\.php)$ oop/$2 [L]
RewriteRule . index.php [L]

</IfModule>

# END WordPress

I read a lot of material on this problem and none of the solutions did not work … now I restored backup of FTP from yesterday and I do not know what to do next..

Please help

The format COMPLETELY changed, now I can’t even get back into my WordPress dashboard…..

I went to my hosting control panel to redirect it to my original URL but my site still is under this URL: https://luckyredinc.com/?redirect_to=http%3A%2F%2Fluckyredinc.com%2Fwp-admin%2F&reauth=1#/wp-login.php

Help Please!!!! I have tried removing/disabling plugins, changing theme names.

I am using the MyArcade Plugin and Arcade Pulse theme btw

Thanks,
Maggie

I am the administrator of https://engsoc.queensu.ca and when I try to save the menu, I get redirected to https://engsoc.queensu.ca/wp-login.php?redirect_to=http%3A%2F%2F&reauth=1

I have the GeneratePress theme installed. I am able to post, create/edit pages properly, but I am unable to save the menu.