wp_redirect( string $location, int $status = 302, string $x_redirect_by = 'WordPress' )

Redirects to another page.

Contents

Description Description

Note: wp_redirect() does not exit automatically, and should almost always be followed by a call to exit;:

wp_redirect( $url );
exit;

Exiting can also be selectively manipulated by using wp_redirect() as a conditional
in conjunction with the ‘wp_redirect’ and ‘wp_redirect_location’ filters:

if ( wp_redirect( $url ) ) {
    exit;
}

Parameters Parameters

$location

(string) (Required) The path or URL to redirect to.

$status

(int) (Optional) HTTP response status code to use. Default '302' (Moved Temporarily).

Default value: 302

$x_redirect_by

(string) (Optional) The application doing the redirect.

Default value: 'WordPress'

Top ↑

Return Return

(bool) False if the redirect was cancelled, true otherwise.

Top ↑

Source Source

File: wp-includes/pluggable.php 

	function wp_redirect( $location, $status = 302, $x_redirect_by = 'WordPress' ) {
		global $is_IIS;

		/**
		 * Filters the redirect location.
		 *
		 * @since 2.1.0
		 *
		 * @param string $location The path or URL to redirect to.
		 * @param int    $status   The HTTP response status code to use.
		 */
		$location = apply_filters( 'wp_redirect', $location, $status );

		/**
		 * Filters the redirect HTTP response status code to use.
		 *
		 * @since 2.3.0
		 *
		 * @param int    $status   The HTTP response status code to use.
		 * @param string $location The path or URL to redirect to.
		 */
		$status = apply_filters( 'wp_redirect_status', $status, $location );

		if ( ! $location ) {
			return false;
		}

		$location = wp_sanitize_redirect( $location );

		if ( ! $is_IIS && PHP_SAPI != 'cgi-fcgi' ) {
			status_header( $status ); // This causes problems on IIS and some FastCGI setups
		}

		/**
		 * Filters the X-Redirect-By header.
		 *
		 * Allows applications to identify themselves when they're doing a redirect.
		 *
		 * @since 5.1.0
		 *
		 * @param string $x_redirect_by The application doing the redirect.
		 * @param int    $status        Status code to use.
		 * @param string $location      The path to redirect to.
		 */
		$x_redirect_by = apply_filters( 'x_redirect_by', $x_redirect_by, $status, $location );
		if ( is_string( $x_redirect_by ) ) {
			header( "X-Redirect-By: $x_redirect_by" );
		}

		header( "Location: $location", true, $status );

		return true;
	}

Expand full source code Collapse full source code View on Trac

Top ↑

Changelog Changelog

Changelog
Version Description
5.1.0 The $x_redirect_by parameter was added.
1.5.1 Introduced.

Top ↑

Top ↑

Uses Uses

Uses
Uses Description
wp-includes/pluggable.php: x_redirect_by

Filters the X-Redirect-By header.
wp-includes/pluggable.php: wp_sanitize_redirect()

Sanitizes a URL for use in a redirect.
wp-includes/pluggable.php: wp_redirect

Filters the redirect location.
wp-includes/pluggable.php: wp_redirect_status

Filters the redirect HTTP response status code to use.
wp-includes/functions.php: status_header()

Set HTTP status header.
wp-includes/plugin.php: apply_filters()

Calls the callback functions that have been added to a filter hook.
Show 1 more use Hide more uses

Top ↑

Used By Used By

Used By
Used By Description
wp-includes/class-wp-recovery-mode-link-service.php: WP_Recovery_Mode_Link_Service::handle_begin_link()

Enters recovery mode when the user hits wp-login.php with a valid recovery mode link.
wp-admin/includes/theme.php: resume_theme()

Tries to resume a single theme.
wp-admin/includes/plugin.php: resume_plugin()

Tries to resume a single plugin.
wp-admin/includes/media.php: wp_media_attach_action()

Encapsulate logic for Attach/Detach actions
wp-admin/includes/class-wp-list-table.php: WP_List_Table::set_pagination_args()

An internal method that sets all the necessary pagination arguments
wp-admin/includes/dashboard.php: wp_dashboard_setup()

Registers dashboard widgets.
wp-admin/includes/plugin.php: activate_plugin()

Attempts activation of plugin in a “sandbox” and redirects on success.
wp-admin/includes/post.php: redirect_post()

Redirect to previous page.
wp-admin/update-core.php: do_dismiss_core_update()

Dismiss a core update.
wp-admin/update-core.php: do_undismiss_core_update()

Undismiss a core update.
wp-includes/class-wp-customize-manager.php: WP_Customize_Manager::after_setup_theme()

Callback to validate a theme once it is loaded
wp-includes/cron.php: spawn_cron()

Sends a request to run cron through HTTP request that doesn’t halt page loading.
wp-includes/pluggable.php: wp_safe_redirect()

Performs a safe (local) redirect, using wp_redirect().
wp-includes/pluggable.php: auth_redirect()

Checks if a user is logged in, if not it redirects them to the login page.
wp-includes/query.php: wp_old_slug_redirect()

Redirect old slugs to the correct permalink.
wp-includes/load.php: wp_not_installed()

Redirect to the installer if WordPress is not installed.
wp-includes/canonical.php: wp_redirect_admin_locations()

Redirects a variety of shorthand URLs to the admin.
wp-includes/canonical.php: redirect_canonical()

Redirects incoming links to the proper URL based on the site url.
wp-includes/ms-functions.php: maybe_redirect_404()

Correct 404 redirects when NOBLOGREDIRECT is defined.
wp-includes/ms-deprecated.php: wpmu_admin_do_redirect()

Redirect a user based on $_GET or $_POST arguments.
Show 15 more used by Hide more used by

Top ↑

User Contributed Notes User Contributed Notes

  1. Skip to note 1 content
    You must log in to vote on the helpfulness of this noteVote results for this note: 23You must log in to vote on the helpfulness of this note
    Contributed by J.D. Grimes

    wp_redirect() does not validate that the $location is a reference to the current host. This means that this function is vulnerable to open redirects if you pass it a $location supplied by the user. For this reason, it is best practice to always use wp_safe_redirect() instead, since it will use wp_validate_redirect() to ensure that the $location refers to the current host. Only use wp_redirect() when you are specifically trying to redirect to another site, and then you can hard-code the URL.

    // We don't know for sure whether this is a URL for this site,
// so we use wp_safe_redirect() to avoid an open redirect.
wp_safe_redirect( $url );

// We are trying to redirect to another site, using a hard-coded URL.
wp_redirect( 'https://example.com/some/page' );
  2. Skip to note 2 content
    You must log in to vote on the helpfulness of this noteVote results for this note: 7You must log in to vote on the helpfulness of this note
    Contributed by Codex

    Examples

    <?php wp_redirect( home_url() ); exit; ?>

    Redirects can also be external, and/or use a “Moved Permanently” code :

    <?php wp_redirect( 'http://www.example.com', 301 ); exit; ?>

    The code below redirects to the parent post URL which can be used to redirect attachment pages back to the parent.

    <?php wp_redirect( get_permalink( $post->post_parent ) ); exit; ?>

You must log in before being able to contribute a note or feedback.