Skip to main content
WP HealthKit

wp_safe_redirect()

WordPress function that redirects to a URL only if it is on an allowed host, preventing open redirect attacks.

How it works

WordPress function that redirects to a URL only if it is on an allowed host, preventing open redirect attacks.

In WordPress

Always use wp_safe_redirect() instead of wp_redirect(). Add allowed hosts via allowed_redirect_hosts filter.

Related terms

Open Redirect

WP HealthKit checks for wp_safe_redirect()-related vulnerabilities automatically

Run a Free Audit
All terms
What Is wp_safe_redirect()? — WordPress Security Glossary | WP HealthKit