Unable to remove 301 redirect for wordpress wp-admin on nginx. The homepage seems fine
I’ve tried almost everything
- Disabling plugins by renaming the plugin directory
- Removing the redirect_canoncial in functions.php
- Even restored an ebs snapshot taken prior to change
The ouput for curl –I http://www.example.com/wp-admin is 301 moved permanently.
I’m using cloudfront and my server default file below
server {
listen 80 default_server;
listen [::]:80 default_server;
root /var/www/html;
# Add index.php to the list if you are using PHP
index index.php index.html index.htm index.nginx-debian.html;
server_name www.example.com;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
#try_files $uri $uri/ =404;
try_files $uri $uri/ /index.php?q=$uri&$args;
}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
location ~ \.php$ {
include snippets/fastcgi-php.conf;
# # With php7.0-cgi alone:
# fastcgi_pass 127.0.0.1:9000;
# # With php7.0-fpm:
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
location ~ /\.ht {
deny all;
}
}
Best Answer
This is a redirection to TLS i.e.
Location: https://www.example.com/wp-admin
. It isn't done in the server configuration, but infunction auth_redirect()
, found inwp-includes/pluggable.php
lines 997-1064, more specifically in lines 1012-1020:This is controlled by
force_ssl_admin()
, enabled by addingdefine('FORCE_SSL_ADMIN', true);
constant towp-config.php
. If the constant is not defined, it defaults tofalse
unless thesiteurl
hashttps://
(seewp_ssl_constants()
inwp-includes/default-constants.php
lines 284-304).Source code line numbers are from current WordPress 4.9.8 and may vary on future versions.
Admin & login page redirections to TLS are not harmful and you should have them enabled for security. Current best practice is to have all sites protected with TLS i.e.
https://www.example.com/
as the siteurl.