Using WordPress HTTPS and the Rename wp-login.php plugin may have you going in circles when trying to log in. This happened to me, but there was an easy solution. First, the error is caused when WP HTTPS is configured with BOTH Force SSL Administration AND Force SSL Exclusively options are selected.

Why does this happen?

The Rename wp-login plugin creates a non-existent page that you load to display the WP login form. Since you cannot edit this page, you cannot force it to SSL by selecting that option in the WP editor. When you log in, it triggers a security warning from WordPress that your login information is unencrypted. The two most commonly used WP HTTPS options in play are suddenly in conflict: You cannot force the renamed login page to SSL and you cannot login without doing so.

How can you fix  the problem?

First, you’ll probably be locked out when you discover the problem.  Therefore, you’ll need to deactivate the Rename wp-login.php plugin by TEMPORARILY moving the plugin files out of the plugin folder in CPanel OR by deactivating it manually in the WordPress database using PHPMyAdmin.

I used the database method because it’s faster, but I wouldn’t advise doing so unless you know your way around MySQL WP databases. To use this method, open PHYMyAdmin and select the wp_options table. Then enter the following SQL query:

SELECT * FROM 'wp_options' WHERE 'option_name' = 'active_plugins';

Edit the ‘option_value’ to decrement the number of options by 1 and delete the option for Rename wp-login.php:

a:18:{i:0;s:29:"gravityforms/gravityforms.php";i:1;s:29:"antispam-bee/antispam_bee.php";i:2;s:21:"backwpup/backwpup.php";i:3;s:39:"bad-behavior/bad-behavior-wordpress.php";i:4;s:42:"bwp-google-xml-sitemaps/bwp-simple-gxs.php";i:5;s:49:"elegant-themes-updater/elegant-themes-updater.php";i:6;s:45:"enable-media-replace/enable-media-replace.php";i:7;s:31:"et-shortcodes/et-shortcodes.php";i:8;s:21:"exec-php/exec-php.php";i:9;s:40:"media-library-alt-fields/mlaf-plugin.php";i:10;s:25:"raw-html-pro/raw_html.php";i:11;s:35:"rename-wp-login/rename-wp-login.php";i:12;s:41:"rvg-optimize-database/rvg-optimize-db.php";i:13;s:43:"testimonials-widget/testimonials-widget.php";i:14;s:29:"widget-logic/widget_logic.php";i:15;s:23:"wordfence/wordfence.php";i:16;s:35:"wordpress-https/wordpress-https.php";i:17;s:22:"wp-editor/wpeditor.php";}

In the above example, I would change “18” to “17” and delete the text string shown in red.

Now you can log in using the regular WordPress wp-login.php page. After logging in, activate and edit WordPress HTTPS plugin options to prevent a recurrence of the problem.

Forcing SSL Administration is a good thing, so leave it selected, but we need to tell the WP-HTTPS plugin to always make the renamed login page secure. To do that, scroll down to the option, URL Filters / Secure Filters and type the name of your renamed login page in the box. If you are using Permalinks that display the post name followed by a forward slash, you would enter /login/, replacing “login” with your custom page name. The first forward slash indicates your web’s root folder.

If you’re not sure about the URL you’re using for Rename wp-login.php, open Permalinks in wp-admin and scroll down to see it underneath your regular Permalink settings.

As you can see, it’s possible to Force SSL Administration and Force SSL Exclusively using the following WordPress HTTPS plugin settings:

screenshot

Force SSL Administration

screenshot

URL Filters / Secure Filters