Loupely’s authentication and session failure capture is relevant for login problems that happen after you enter your credentials: you submit the form and get redirected back to the login page (redirect loop), you log in and immediately get logged out when you navigate to another page (session failure), or the login form appears to process but nothing changes (silent authentication failure).
For problems where you can’t get to the login form at all (site is down, database error), or where you’re completely locked out of WordPress Admin, Loupely can’t help directly because there’s no session available for the extension to work with. Those scenarios need FTP access or hosting provider support.
The redirect loop #
The classic WordPress login redirect loop: you enter your credentials, click Log In, and the page refreshes back to the login screen. No error message. Just the login page again.
The most common causes:
- Browser cookies blocked or corrupted. WordPress uses cookies to maintain your login session. If your browser is blocking cookies for the site, or has a corrupted cookie from a previous session, authentication fails silently. Fix: clear cookies for the site specifically (not your whole browser history), then try again in an incognito window as a test.
- WordPress URL mismatch. If the WordPress Address (URL) and Site Address (URL) in Settings > General don’t match, authentication cookies get set on the wrong domain and are rejected. This is common after a site migration or domain change.
- Caching plugin caching the login page. A caching plugin stored a static version of the login page including a stale nonce. When you submit, the nonce fails. Fix: exclude wp-login.php and wp-admin from caching in your caching plugin settings, then clear all caches.
- Security plugin blocking the login. Some security plugins have aggressive rate limiting or IP blocking that can silently redirect login attempts. Temporarily deactivate your security plugin to test whether it’s the cause.
To capture a login redirect loop with Loupely: open Loupely before attempting login (so the extension is active), submit the login form, and when you’re redirected back to the login page, immediately click Run Diagnosis. The authentication failure data will be in the capture.
Session failures after successful login #
You log in successfully, land on the dashboard, click to navigate somewhere, and WordPress asks you to log in again. The session isn’t persisting.
This is usually a mismatch between the WordPress authentication salts (random strings used to generate cookies) and the cookies stored in your browser. Common after a site migration, a database restore, or a security plugin that rotated the salts. The fix: update the authentication salts in wp-config.php (WordPress.org provides a salt generation tool) or ask your hosting provider to help if you’re not comfortable editing wp-config.php.