Introduction

A WordPress domain change can leave the site looking mostly normal while logins, admin sessions, and form actions quietly stop working. In many cases, the browser is rejecting or mis-scoping the site’s cookies because WordPress still thinks it lives on the old hostname or scheme. The fix is to make sure WordPress, the browser, and any proxy layer all agree on the new public domain and how session cookies should be issued.

Symptoms

  • Users can load the site but get logged out repeatedly
  • Logging in refreshes the page without creating a working session
  • WordPress admin, custom forms, or carts behave as if cookies are missing
  • The issue started after moving from one hostname to another or enabling HTTPS
  • Incognito tests or another browser behave differently from older sessions

Common Causes

  • WordPress home and site URLs still point to the old domain or wrong scheme
  • Cookie scope no longer matches the current hostname
  • Reverse proxy or CDN settings cause WordPress to detect HTTP instead of HTTPS
  • Cached redirects or stale browser cookies interfere with the new session flow
  • Plugins or custom config force outdated cookie-related settings

Step-by-Step Fix

  1. Confirm the intended public hostname and scheme so there is one clear source of truth for the site.
  2. Review WordPress URL settings in the database and wp-config.php for stale domain or protocol values.
  3. Check the browser developer tools to see whether login cookies are being set, rejected, or scoped to the wrong host.
  4. Verify WordPress receives the correct host and HTTPS information if the site sits behind Cloudflare, a load balancer, or another reverse proxy.
  5. Inspect any hardcoded cookie domain, custom auth settings, or security plugin rules that may still reference the old environment.
  6. Clear old browser cookies for the site and re-test so stale sessions do not hide the effect of the config change.
  7. Confirm page caching, CDN caching, and redirect rules are not serving responses that break the login or cookie flow.
  8. Re-test login, admin navigation, and front-end forms after the URL and cookie scope are aligned.
  9. Keep future domain-change runbooks explicit about URL settings, HTTPS detection, and session validation so the issue does not repeat.