Title: 403 (not authorized) on login form submit when using https
Last modified: October 5, 2021

---

# 403 (not authorized) on login form submit when using https

 *  [hmd9261](https://wordpress.org/support/users/hmd9261/)
 * (@hmd9261)
 * [4 years, 8 months ago](https://wordpress.org/support/topic/403-not-authorized-on-login-form-submit-when-using-https/)
 * I have recently set up SSL on my site. Accessing the page via https works just
   fine. However logging in to the Dashboard only works via http. If logging in 
   via https I get a 403 (not authorized).
 * If I just open the ‘wp-admin’ URL while not yet authenticated and then tweak 
   the redirect parameter in the login page’s URL, I can access the dashboard even
   if the login page has been accessed via https.
 * Once I’m in the dashboard I can now change the URL back to https, and everything
   works fine.
 * Hence it seems like there is a problem when changing from the login page to the
   wp-admin base page, but only when the latter is opened via https.
 * Here’s a bit information on my setup:
 * I am using WP 5.8.1 (but the problem has been the same with the previous version).
 * The site runs on a managed server, i.e. I do not have access to the Apache webserver
   configuration.
 * In my wp-config.php file I have added this setting:
 *     ```
       if (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https') {
           $_SERVER['HTTPS']='on';
       }
       ```
   
 * My .htaccess looks like this (at the top I have commented out the automatic redirect
   for obvious reasons):
 *     ```
       # RewriteEngine On
       # RewriteCond %{HTTP:X-Forwarded-Proto} !https
       # RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301,NE]
       # Header always set Content-Security-Policy "upgrade-insecure-requests;"
   
       # BEGIN WordPress
       <IfModule mod_rewrite.c>
       RewriteEngine On
       RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
       RewriteBase /
       RewriteRule ^index\.php$ - [L]
       RewriteCond %{REQUEST_FILENAME} !-f
       RewriteCond %{REQUEST_FILENAME} !-d
       RewriteRule . /index.php [L]
       </IfModule>
       # END WordPress
       ```
   
 * In the wp_options DB table I have set siteurl and home to the http URLs, because
   otherwise I would not have access to my dashboard then.
 * Several things I have tried with no success:
 * 1. rename theme and plugins folder.
    2. go over the file permissions, they all
   seem OK to me. 3. go through my wp-config.php file again and again.
 * I have also tried to obtain more information by activating WP_DEBUG, display_errors,
   setting error_reporting to “E_ALL | E_STRICT”. The error_log file exists and 
   is written from time to time, but nothing of interest in there.
 * Anything else I can try? It looks like in the past some others have had similar
   problems but I never found a solution working for me in those threads…

Viewing 4 replies - 1 through 4 (of 4 total)

 *  [Samuel O.](https://wordpress.org/support/users/wpcoworker/)
 * (@wpcoworker)
 * [4 years, 8 months ago](https://wordpress.org/support/topic/403-not-authorized-on-login-form-submit-when-using-https/#post-14939334)
 * There must be some instances with http in the database. Did you try search replace
   all http URLs with https? You can do that using any search replace plugin or 
   with WP CLI command like below:
 * `wp search-replace "http://example.com" "https://example.com" --dry-run --report-
   changed-only`
 * Once you see the number of replaces to be made then remove the –dry-run flag:
 * `wp search-replace "http://example.com" "https://example.com" --report-changed-
   only`
 *  Thread Starter [hmd9261](https://wordpress.org/support/users/hmd9261/)
 * (@hmd9261)
 * [4 years, 8 months ago](https://wordpress.org/support/topic/403-not-authorized-on-login-form-submit-when-using-https/#post-14939956)
 * [@wpcoworker](https://wordpress.org/support/users/wpcoworker/) thank you for 
   your reply. I quickly tried this, but the effect is the same as before (only 
   that, of course, I can no longer enforce an unencrypted http connection when 
   accessing the Dashboard). Changing the `siteurl` and `home` URLs back to http
   now allows me to access the Dashboard without encryption again (as before).
 * As you have mentioned a possible http URL I have now tried to login having the
   Firefox development tools open looking at the network tab. I see this here:
 *     ```
       302 POST 🔒 <my-site-url> wp-login.php
       403 GET 🔒 <my-site-url> /wp-admin/
       ```
   
 * So no redirect to any http URL.
    -  This reply was modified 4 years, 8 months ago by [hmd9261](https://wordpress.org/support/users/hmd9261/).
 *  Thread Starter [hmd9261](https://wordpress.org/support/users/hmd9261/)
 * (@hmd9261)
 * [4 years, 8 months ago](https://wordpress.org/support/topic/403-not-authorized-on-login-form-submit-when-using-https/#post-14940002)
 * One more observation: I have just tried overriding `siteurl` and `home` in `functions.
   php` to https URLs without the `www.` prefix to the host name. Now it works, 
   but of course the page will always be redirected to that host name without the`
   www.`. While this does not make the page function worse, it is still going to
   be confusing for users. But maybe this finding helps to localise the problem?
 *  [Samuel O.](https://wordpress.org/support/users/wpcoworker/)
 * (@wpcoworker)
 * [4 years, 8 months ago](https://wordpress.org/support/topic/403-not-authorized-on-login-form-submit-when-using-https/#post-14940088)
 * Glad you are getting closer. When you make such changes, please retry after clearing
   browser history, cache and cookies. That will give you proper results.

Viewing 4 replies - 1 through 4 (of 4 total)

The topic ‘403 (not authorized) on login form submit when using https’ is closed
to new replies.

## Tags

 * [dashboard](https://wordpress.org/support/topic-tag/dashboard/)
 * [HTTPS](https://wordpress.org/support/topic-tag/https/)
 * [login](https://wordpress.org/support/topic-tag/login/)
 * [SSL](https://wordpress.org/support/topic-tag/ssl/)

 * In: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/)
 * 4 replies
 * 2 participants
 * Last reply from: [Samuel O.](https://wordpress.org/support/users/wpcoworker/)
 * Last activity: [4 years, 8 months ago](https://wordpress.org/support/topic/403-not-authorized-on-login-form-submit-when-using-https/#post-14940088)
 * Status: not resolved

## Topics

### Topics with no replies

### Non-support topics

### Resolved topics

### Unresolved topics

### All topics