Wordpress/nginx wp-admin stuck in refresh loop

Question

I'm at the end of my tether with this problem. I'd be ever so grateful for some guidance.

My single wordpress site is running on nginx, through a pre-built Vultr.com application OS. For some weeks now, the wp-admin and wp-login.php forms just refresh instead of logging in when using correct credentials.

When navigating to...

example.com/wp-admin

it redirects to...

/wp/wp-login.php?redirect_to=https%3A%2F%2Fwww.example.com%2Fwp%2Fwp-admin%2F&reauth=1

Logging in with correct credentials just refreshes the form. Logging in with incorrect credentials triggers the incorrect password error, which would suggest the site is connecting to the DB fine.

Also worth noting that the rest of the site is absolutely fine, it's just accessing the admin area that's the problem.

I've tried a long list of tutorials and have troubleshooted the following:

1) I've turned on WP debugger but the login form is generating no errors.

2) The site is running on HTTPS with Cloudflare enabled. I've disabled Cloudflare and have added define( 'FORCE_SSL_LOGIN', false ); and define( 'FORCE_SSL_ADMIN', false ); to wp-config.php

3) I've disabled all plugins to no avail.

4) I've tried disabling the define('ADMIN_COOKIE_PATH', '/'); line in wp-config.php

5) I've ensured wp-login and wp-admin are 644 perms.

6) I've ensured the entire filesystem is owned by nginx:nginx, which was ascertained using <?php exec('whoami'); ?> in a quick php file.

7) I've ensured that the site_url and wp_home parameters are up to date for the domain. Wordpress sits within a subdirectory of /wp. Therefore, the following is defined in wp-config.php;

define('WP_HOME', 'https://www.example.com'); define('WP_SITEURL', WP_HOME . '/wp' );

8) I've ensured both of the above fields are matching in the databases too, in the wp_options table.

9) I've removed session_tokens from the wp_users table in the database directly.

10) By inspecting the form itself on dev tools, I've checked that the POST of the form is actually pointing to https://www.example.com/wp/wp-login.php, rather than an incorrect domain.

I've tinkered with lots of other things to no avail, round and round and round the refresh goes... Contents of files are:

wp-config.php -> https://pastebin.com/K2M93xPX

nginx.conf -> https://pastebin.com/7KxSV8a5

wordpress_https.conf - > https://pastebin.com/uYydcE7K

Thanks in advance to anyone who might be able to help. I'm in over my depth with nginx and i'm out of ideas.

Answer 1

Now fixed!

I tried a combination of things:

1) Pulled the entire subdirectory install of wordpress in the /var/www/html/wp folder up to its parent, so everything was in the root for nginx.

2) Change CloudFlare from Flexible SSL to Full (strict) and reinstalled origin cert/key on the server.

Either, or a combination of, these steps has fixed the issue.