iThemes Security causing Redirect loop error

Hi Keith,

What version of the plugin are you on? The error you mentioned has been addressed and corrected in a previous released update. Please try downloading the current version of the plugin (4.1.3) and that should resolve your issue.

Thanks-R.S.

I actually installed the latest version today, that today but I’m still getting the same result. It worked fine with the early builds of 4.x.x, then about two/three weeks ago (not sure which build) the redirect loop issue appeared.

Still broken in version 4.1.5 and WP 3.9!

I had this problem also. In my case, pages with SSL enforced would toggle back and forth between HTTP and HTTPS, creating an infinite loop, regardless of which protocol was used to access the page.

It turns out that another plugin, WooCommerce, was causing it, even though it seemingly had nothing to do with any pages outside of the two it enforced SSL on. Disabling SSL in WooCommerce fixed the issue, and I just toggled SSL using iThemes by editing these two pages. Now my website is secure and conflict-free. ??

Hope this helps.

Thanks Daniel for the reply.

I will investigate the WooCommerce connection – however I have an SSL site wide.

Since posting I changed from a multisite installation of WP to a single site and that seems to have fixed the issue! Maybe it is a multisite issue that developers need to be examining.

I am still having the same problem @ithemes Support, and all my plugins and version of WP are up to date.

The only way I was able to get around this issue was by turning off the “Force SSL during checkout” and “unforce after checkout” option in Woocommerce. I then set each checkout and account page to force SSL using the iThemes Security per content Force SSL option.

The problem is that now I have a red notification on the backend from Woocommerce saying that “customer’s credit card data is at risk”. Is there a way that you guys and Woocommerce can get together and figure out how get this conflict solved?

I really appreciate all the work you guys do. iThemes Security and Woocommerce are AWESOME plugins. So I hope this doesn’t come across as an annoying complaint. It’s not. It’s just an understandable bug that needs to be worked out somehow.

Thanks for your attention to this.

Hi:

When installing iThemes Security 4.4.13 into a WP 4.0 Multisite installation it shut down two of the websites by causing https to default into their urls. The other sites within the multisite network were unaffected. With the plugin deactivated all sites run fine. There are no SSLs installed on any sites in the network.

What iThemes Security settings should I adjust to get things to work correctly?

Is there something else I should consider as well?

Love the iThemes Security plugin.

Tks – LN

Having this same issue when activating iThemes Security 4.4.23 (most recent version) with WP 4.0.1, but ours is a single-site installation.

Any ideas?

Same problem, also single site installation.

Hi,

If the SSL feature has been enabled and you don’t have a SSL certificate you can delete the two lines referencing SSL in your wp-config.php.

Thanks,

Gerroald

Thanks for the response.

I don’t know whether the SSL feature had been enabled (and I can’t check to see if it is because every time I try to activate the plugin, it crashes the site).

I hope you understand my reluctance to start deleting lines out of my wp-config without having any idea whether or not that’s the causative issue. Especially in an attempt to correct an issue that would seem to be an addressable bug/issue with the plugin.

I also know that I didn’t change any settings in iThemes Security when this happened, so I’m still a little confused why it would all of the sudden go haywire?

The SSL feature of this plugin has always been problematic. It’s basically unusable when used with a Varnish front-end in my experience. You’re better off following Google’s recommendation of enforcing SSL across your entire website, which can be done by changing the protocol in your WordPress settings.

@daniel Marquard… can you explain in greater detail regarding changing the protocol in the WordPress settings?

In my case, SSL was never enabled, as we don’t have that functionality on the server.