Fix Error Too Many Redirects on WordPress Admin page or Blog

There are several cases for the cause and multiple solutions also:

1 Add these 2 lines in wp-config.php file

if (strpos($_SERVER['HTTP_X_FORWARDED_PROTO'], 'https') !== false)
$_SERVER['HTTPS']='on';

2 Edit these settings in database directly using PhpMyAdmin in table options or wp_options in option_id, option_name (1,siteurl) and (2,home)

wp_options table

3 You can do the same by Editing wp-config.php and adding these 2 lines

define('WP_HOME','https://example.com');
define('WP_SITEURL','https://example.com');

4 Fix your .htaccess file with default one
Check here for default .htaccess for wordpress

Common PHP.ini directives list for Apache htaccess files

Maximum Execution Time and Maximum Input Time

php_value max_execution_time 300
php_value max_input_time 300

Max Upload file size and Max POST data size

php_value upload_max_filesize 20M
php_value post_max_size 21M

Output buffering toggle

php_value output_buffering on
# OR
php_value output_buffering 16384

Expose PHP signature – toggle

php_value expose_php on

Maximum Input variables

php_value max_input_vars 1500

Maximum Memory Limit for PHP

php_value memory_limit 1256M

Magic Quotes toggle

php_value magic_quotes_gpc on

Register Global Variables – useless now

register_globals = off  
#removed as of php 5.4

Allow remote URL in fopen

php_value allow_url_fopen on

Max Execution Time for php scripts

php_value max_execution_time 1000

Set Timezone for PHP datetime functions

php_value date.timezone "Europe/Paris"
php_value date.timezone "Asia/Kolkata"

More at: http://www.php.net/manual/en/timezones.php

Error Logging Settings

php_value log_errors On
php_value error_log /path/filename
php_value display_errors on
php_value display_startup_errors on

Complete List of INI directives:

http://www.php.net/manual/en/ini.list.php

Default .htaccess file for wordpress with compression and caching tweaks

Here is the default .htaccess file for wordpress

If you are using cpanel, before you proceed make sure that you don’t have htaccess file already. Default File Manager settings in cpanel make it hidden

Default Settings in cPanel File Manager

.htaccess file – default code for wordpress

# BEGIN WordPress
<ifmodule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</ifmodule>
# END WordPress

If your WordPress Installation is inside a directory say knowledge, which means your wordpress url is https://abcd.com/knowledge/ then htaccess code would be

# BEGIN WordPress
<ifmodule mod_rewrite.c>
RewriteEngine On
RewriteBase /knowledge/
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /knowledge/index.php [L]
</ifmodule>
# END WordPress

Add the following code for Leverage Browser Caching

<ifmodule mod_expires.c>
ExpiresActive On
</ifmodule>

# Images
ExpiresByType image/jpeg "access plus 1 year"
ExpiresByType image/gif "access plus 1 year"
ExpiresByType image/png "access plus 1 year"
ExpiresByType image/webp "access plus 1 year"
ExpiresByType image/svg+xml "access plus 1 year"
ExpiresByType image/x-icon "access plus 1 year"

# Video
ExpiresByType video/mp4 "access plus 1 year"
ExpiresByType video/mpeg "access plus 1 year"

# CSS, JavaScript
ExpiresByType text/css "access plus 1 month"
ExpiresByType text/javascript "access plus 1 month"
ExpiresByType application/javascript "access plus 1 month"

# Others
ExpiresByType application/pdf "access plus 1 month"
ExpiresByType application/x-shockwave-flash "access plus 1 month"

Add the following code for GZip Compression

<ifmodule mod_deflate.c>
# Compress HTML, CSS, JavaScript, Text, XML and fonts
AddOutputFilterByType DEFLATE application/javascript
AddOutputFilterByType DEFLATE application/rss+xml
AddOutputFilterByType DEFLATE application/vnd.ms-fontobject
AddOutputFilterByType DEFLATE application/x-font
AddOutputFilterByType DEFLATE application/x-font-opentype
AddOutputFilterByType DEFLATE application/x-font-otf
AddOutputFilterByType DEFLATE application/x-font-truetype
AddOutputFilterByType DEFLATE application/x-font-ttf
AddOutputFilterByType DEFLATE application/x-javascript
AddOutputFilterByType DEFLATE application/xhtml+xml
AddOutputFilterByType DEFLATE application/xml
AddOutputFilterByType DEFLATE font/opentype
AddOutputFilterByType DEFLATE font/otf
AddOutputFilterByType DEFLATE font/ttf
AddOutputFilterByType DEFLATE image/svg+xml
AddOutputFilterByType DEFLATE image/x-icon
AddOutputFilterByType DEFLATE text/css
AddOutputFilterByType DEFLATE text/html
AddOutputFilterByType DEFLATE text/javascript
AddOutputFilterByType DEFLATE text/plain
AddOutputFilterByType DEFLATE text/xml
</ifmodule>

# Remove browser bugs (only needed for really old browsers)
BrowserMatch ^Mozilla/4 gzip-only-text/html
BrowserMatch ^Mozilla/4\.0[678] no-gzip
BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
Header append Vary User-Agent

.htaccess redirect from http to https and from non-www to www redirect – Make site permanently SSL secured

put this in your htaccess file:

RewriteCond %{HTTP_HOST} !^www\.(.*)
RewriteRule (.*) https://www.%{HTTP_HOST}/$1 [R=301,L]
RewriteCond %{HTTPS} !=on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

Forcing website to https and www using htaccess on apache servers

To first force HTTPS, you must check the correct environment variable %{HTTPS} off, but your rule above then prepends the www. Since you have a second rule to enforce www., don’t use it in the first rule.

RewriteCond %{HTTPS} off
# First rewrite to HTTPS:
# Don't put www. here. If it is already there it will be included, if not
# the subsequent rule will catch it.
RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
# Now, rewrite any request to the wrong domain to use www.
# [NC] is a case-insensitive match
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule .* https://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

How to secure a folder by whitelisting one IP using HTACCESS and denying all others

The process involves matching all requests for an IP, if the IP does not match redirect all secured directory requests.

RewriteCond %{REMOTE_ADDR} !^120\.120\.120\.120
RewriteRule ^admin/.* - [L,R=403] 
RewriteCond %{REMOTE_ADDR} ^120\.120\.120\.120
RewriteRule ^admin$ - [L,R=403]

If you want to control this IP using a script, you can add 2 lines

###CUSTOM RULES###
# your rules will appear here using php script
###CUSTOM RULES###

Now add a script, say happy.php
and use the following code:

$htaccess = file_get_contents('.htaccess');
$ip= str_replace(".","\.",$_SERVER['REMOTE_ADDR']);
$rules="RewriteCond %{REMOTE_ADDR} !^".$ip."
RewriteRule ^admin/.* - [L,R=403]
RewriteCond %{REMOTE_ADDR} !^".$ip."
RewriteRule ^admin$ - [L,R=403]";
$problem="###CUSTOM RULES###\r\n".$rules.
"\r\n###CUSTOM RULES###";
#please copy the next line carefully, no extra spaces or new lines
$solution=preg_replace('/###CUSTOM RULES###.*?###CUSTOM RULES###/sm',$problem,$htaccess);
file_put_contents('.htaccess', $solution);

you can also specify your error page for specific http code: 403
ErrorDocument 403 /er.htm