Login Loop with multiple root domains

  • Resolved nautic

    (@nautic)


    9 years, 1 month ago

    I setup wordpress multisite using subdomains, orgainally with domain1.com and subdomain.domain1.com. Then I changed subdomain.domain.com to https://www.domain2.com, so there are two root level domains. When I go to the second site dashboard it directs me to a login and just takes me back to the login whenever I try logging in. Here is the WPConfig and htaccess with passwords, database name, etc and actual domains replaced.

    .HTACCESS

    RewriteEngine On
RewriteCond %{HTTP_HOST} ^domain2.com$ [NC]
RewriteRule ^(.*)$ http://www.domain2.com/$1 [L,R=301]
RewriteCond %{HTTP_HOST} ^domain1.com$ [NC]
RewriteRule ^(.*)$ http://www.domain1.com/$1 [L,R=301]

# BEGIN WordPress
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]

# add a trailing slash to /wp-admin
RewriteRule ^wp-admin$ wp-admin/ [R=301,L]

RewriteCond %{REQUEST_FILENAME} -f [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^ - [L]
RewriteRule ^(wp-(content|admin|includes).*) $1 [L]
RewriteRule ^(.*\.php)$ $1 [L]
RewriteRule . index.php [L]

# END WordPress

# Wordfence WAF
<IfModule mod_php5.c>
	php_value auto_prepend_file '/var/www/clients/nautic/wordfence-waf.php'
</IfModule>
<Files ".user.ini">
<IfModule mod_authz_core.c>
	Require all denied
</IfModule>
<IfModule !mod_authz_core.c>
	Order deny,allow
	Deny from all
</IfModule>
</Files>

# END Wordfence WAF

<IfModule mod_headers.c>
  Header set X-XSS-Protection "1; mode=block"
  Header always append X-Frame-Options SAMEORIGIN
  Header set X-Content-Type-Options nosniff
</IfModule>

    WP-CONFIG.PHP

    <?php
/**
 * The base configuration for WordPress
 *
 * The wp-config.php creation script uses this file during the
 * installation. You don't have to use the web site, you can
 * copy this file to "wp-config.php" and fill in the values.
 *
 * This file contains the following configurations:
 *
 * * MySQL settings
 * * Secret keys
 * * Database table prefix
 * * ABSPATH
 *
 * @link https://codex.ww.wp.xz.cn/Editing_wp-config.php
 *
 * @package WordPress
 */

// ** MySQL settings - You can get this info from your web host ** //
/** The name of the database for WordPress */
define('DB_NAME', 'REMOVED');

/** MySQL database username */
define('DB_USER', 'REMOVED');

/** MySQL database password */
define('DB_PASSWORD', 'REMOVED');

/** MySQL hostname */
define('DB_HOST', 'localhost');

/** Database Charset to use in creating database tables. */
define('DB_CHARSET', 'utf8mb4');

/** The Database Collate type. Don't change this if in doubt. */
define('DB_COLLATE', '');

define('DISALLOW_FILE_EDIT', TRUE); // Sucuri Security: Sun, 05 Mar 2017 20:08:22 +0000
define('FORCE_SSL_ADMIN', true);
define( 'WP_ALLOW_MULTISITE', true );

/**#@+
 * Authentication Unique Keys and Salts.
 *
 * Change these to different unique phrases!
 * You can generate these using the {@link https://api.ww.wp.xz.cn/secret-key/1.1/salt/ ww.wp.xz.cn secret-key service}
 * You can change these at any point in time to invalidate all existing cookies. This will force all users to have to log in again.
 *
 * @since 2.6.0
 */
KEYS & SALTS WERE PREVIOUSLY HERE BUT REMOVED FOR SECURITY

/**#@-*/

/**
 * WordPress Database Table prefix.
 *
 * You can have multiple installations in one database if you give each
 * a unique prefix. Only numbers, letters, and underscores please!
 */
$table_prefix  = 'th_';

/**
 * For developers: WordPress debugging mode.
 *
 * Change this to true to enable the display of notices during development.
 * It is strongly recommended that plugin and theme developers use WP_DEBUG
 * in their development environments.
 *
 * For information on other constants that can be used for debugging,
 * visit the Codex.
 *
 * @link https://codex.ww.wp.xz.cn/Debugging_in_WordPress
 */
define('WP_DEBUG', false);

define('MULTISITE', true);
define('SUBDOMAIN_INSTALL', true);
define('DOMAIN_CURRENT_SITE', 'www.domain1.com');
define('PATH_CURRENT_SITE', '/');
define('SITE_ID_CURRENT_SITE', 1);
define('BLOG_ID_CURRENT_SITE', 1);

define( ‘COOKIE_DOMAIN’, $_SERVER[ ‘HTTP_HOST’ ] );

/* That's all, stop editing! Happy blogging. */

/** Absolute path to the WordPress directory. */
if ( !defined('ABSPATH') )
	define('ABSPATH', dirname(__FILE__) . '/');

/** Sets up WordPress vars and included files. */
require_once(ABSPATH . 'wp-settings.php');
    • This topic was modified 9 years, 1 month ago by nautic.
Viewing 2 replies - 1 through 2 (of 2 total)
  • jkhongusc

    (@jkhongusc)

    9 years, 1 month ago

    Looks good to me. Nothing wrong that I can see from the information that you have provided.

    Thread Starter nautic

    (@nautic)

    9 years, 1 month ago

    Resolved by replacing define( ‘COOKIE_DOMAIN’, $_SERVER[ ‘HTTP_HOST’ ] ); with define(‘COOKIE_DOMAIN’, false);

Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘Login Loop with multiple root domains’ is closed to new replies.