wp_redirect( string $location, int $status = 302, string $x_redirect_by = 'WordPress' ): bool
Redirects to another page.
Contents
Description
Note: wp_redirect() does not exit automatically, and should almost always be followed by a call to exit;
:
wp_redirect( $url );
exit;
Exiting can also be selectively manipulated by using wp_redirect() as a conditional in conjunction with the ‘wp_redirect’ and ‘wp_redirect_status’ filters:
if ( wp_redirect( $url ) ) {
exit;
}
Parameters
-
$location
string Required -
The path or URL to redirect to.
-
$status
int Optional -
HTTP response status code to use. Default
'302'
(Moved Temporarily).Default:
302
-
$x_redirect_by
string Optional -
The application doing the redirect. Default
'WordPress'
.Default:
'WordPress'
Return
bool False if the redirect was canceled, true otherwise.
Source
File: wp-includes/pluggable.php
.
View all references
function wp_redirect( $location, $status = 302, $x_redirect_by = 'WordPress' ) {
global $is_IIS;
/**
* Filters the redirect location.
*
* @since 2.1.0
*
* @param string $location The path or URL to redirect to.
* @param int $status The HTTP response status code to use.
*/
$location = apply_filters( 'wp_redirect', $location, $status );
/**
* Filters the redirect HTTP response status code to use.
*
* @since 2.3.0
*
* @param int $status The HTTP response status code to use.
* @param string $location The path or URL to redirect to.
*/
$status = apply_filters( 'wp_redirect_status', $status, $location );
if ( ! $location ) {
return false;
}
if ( $status < 300 || 399 < $status ) {
wp_die( __( 'HTTP redirect status code must be a redirection code, 3xx.' ) );
}
$location = wp_sanitize_redirect( $location );
if ( ! $is_IIS && 'cgi-fcgi' !== PHP_SAPI ) {
status_header( $status ); // This causes problems on IIS and some FastCGI setups.
}
/**
* Filters the X-Redirect-By header.
*
* Allows applications to identify themselves when they're doing a redirect.
*
* @since 5.1.0
*
* @param string $x_redirect_by The application doing the redirect.
* @param int $status Status code to use.
* @param string $location The path to redirect to.
*/
$x_redirect_by = apply_filters( 'x_redirect_by', $x_redirect_by, $status, $location );
if ( is_string( $x_redirect_by ) ) {
header( "X-Redirect-By: $x_redirect_by" );
}
header( "Location: $location", true, $status );
return true;
}
Hooks
-
apply_filters( 'wp_redirect',
string $location ,int $status ) -
Filters the redirect location.
-
apply_filters( 'wp_redirect_status',
int $status ,string $location ) -
Filters the redirect HTTP response status code to use.
-
apply_filters( 'x_redirect_by',
string $x_redirect_by ,int $status ,string $location ) -
Filters the X-Redirect-By header.
Changelog
Version | Description |
---|---|
5.4.0 | On invalid status codes, wp_die() is called. |
5.1.0 | The $x_redirect_by parameter was added. |
1.5.1 | Introduced. |
User Contributed Notes
You must log in before being able to contribute a note or feedback.
wp_redirect()
does not validate that the$location
is a reference to the current host. This means that this function is vulnerable to open redirects if you pass it a$location
supplied by the user. For this reason, it is best practice to always usewp_safe_redirect()
instead, since it will usewp_validate_redirect()
to ensure that the$location
refers to the current host. Only usewp_redirect()
when you are specifically trying to redirect to another site, and then you can hard-code the URL.Examples
Redirects can also be external, and/or use a “Moved Permanently” code :
The code below redirects to the parent post URL which can be used to redirect attachment pages back to the parent.
Unless this is patched to perform this natively in the future, be sure to include
nocache_headers();
before thewp_redirect
if you want to make sure the visitor’s browser doesn’t cache the redirect page result (can even happen when this is set to use a 302 redirect) which may cause the redirect to happen for longer than desired.For example, this can be problematic when used to redirect to a login page when trying to access protected content since the visitor can then log in to find that they’re still taken back to the login page when trying to go back to that page they were trying to go to due to the redirect having been potentially cached by their web browser (again, even with it being a 302 redirect.) Having
nocache_headers();
before the redirect prevents this potential issue.Top ↑
Feedback
Ticket #50422 is looking to address this natively for future versions of WordPress so this may not be required in the future, but this is advisable/required for now and shouldn’t be problematic if/when WordPress chooses to adopt the proposed update. — By KZeni —
This seems to fix an issue with a login page and protected content that was only happening in Firefox. I’m not sure if it caches more aggressively than Chrome and Edge, but adding this function call got the redirects going to the right place consistently. — By Sarah Lewis —
template_redirect Action
get_permalink() is only really useful for single pages and posts, and only works inside the loop.
WP Redirect to Current Page
Top ↑
Feedback
get_permalink()
expects an integer orWP_Post
object for its parameters, andhome_url()
returns a string (the home URL as the function name indicates). To perform the redirect, removeget_permalink()
call:— By crstauf —
This comment from @hkkcngz above has multiple problems & questionable aspects.
get_permalink()
can be used anywhere (not just in a loop like @hkkcngz incorrectly stated). It’s what’s then being passed as a parameter to that function (or is otherwise using the default paramenter[s]) that may be dependent on being in a loop or not. Also, @crstauf is correct in that the code from @hkkcngz is actually broken on top of everything since it isn’t usingget_permalink()
properly per it passing the wrong type of value for theget_permalink()
parameter withhome_url()
providing a URL rather than a post ID or object as specified on https://developer.wordpress.org/reference/functions/get_permalink/ (withget_permalink()
then actually not being required whatsoever perhome_url()
already getting the permalink/URL thatwp_redirect()
is wanting.) — By KZeni —