wp_redirect( string $location, int $status = 302, string $x_redirect_by = 'WordPress' )

Redirects to another page.


Description Description

Note: wp_redirect() does not exit automatically, and should almost always be followed by a call to exit;:

wp_redirect( $url );
exit;

Exiting can also be selectively manipulated by using wp_redirect() as a conditional
in conjunction with the ‘wp_redirect’ and ‘wp_redirect_location’ filters:

if ( wp_redirect( $url ) ) {
    exit;
}

Parameters Parameters

$location

(string) (Required) The path or URL to redirect to.

$status

(int) (Optional) HTTP response status code to use. Default '302' (Moved Temporarily).

Default value: 302

$x_redirect_by

(string) (Optional) The application doing the redirect.

Default value: 'WordPress'


Top ↑

Return Return

(bool) False if the redirect was cancelled, true otherwise.


Top ↑

Source Source

File: wp-includes/pluggable.php

	function wp_redirect( $location, $status = 302, $x_redirect_by = 'WordPress' ) {
		global $is_IIS;

		/**
		 * Filters the redirect location.
		 *
		 * @since 2.1.0
		 *
		 * @param string $location The path or URL to redirect to.
		 * @param int    $status   The HTTP response status code to use.
		 */
		$location = apply_filters( 'wp_redirect', $location, $status );

		/**
		 * Filters the redirect HTTP response status code to use.
		 *
		 * @since 2.3.0
		 *
		 * @param int    $status   The HTTP response status code to use.
		 * @param string $location The path or URL to redirect to.
		 */
		$status = apply_filters( 'wp_redirect_status', $status, $location );

		if ( ! $location ) {
			return false;
		}

		$location = wp_sanitize_redirect( $location );

		if ( ! $is_IIS && PHP_SAPI != 'cgi-fcgi' ) {
			status_header( $status ); // This causes problems on IIS and some FastCGI setups
		}

		/**
		 * Filters the X-Redirect-By header.
		 *
		 * Allows applications to identify themselves when they're doing a redirect.
		 *
		 * @since 5.1.0
		 *
		 * @param string $x_redirect_by The application doing the redirect.
		 * @param int    $status        Status code to use.
		 * @param string $location      The path to redirect to.
		 */
		$x_redirect_by = apply_filters( 'x_redirect_by', $x_redirect_by, $status, $location );
		if ( is_string( $x_redirect_by ) ) {
			header( "X-Redirect-By: $x_redirect_by" );
		}

		header( "Location: $location", true, $status );

		return true;
	}

Top ↑

Changelog Changelog

Changelog
Version Description
5.1.0 The $x_redirect_by parameter was added.
1.5.1 Introduced.


Top ↑

User Contributed Notes User Contributed Notes

  1. Skip to note 1 content
    Contributed by J.D. Grimes

    wp_redirect() does not validate that the $location is a reference to the current host. This means that this function is vulnerable to open redirects if you pass it a $location supplied by the user. For this reason, it is best practice to always use wp_safe_redirect() instead, since it will use wp_validate_redirect() to ensure that the $location refers to the current host. Only use wp_redirect() when you are specifically trying to redirect to another site, and then you can hard-code the URL.

    // We don't know for sure whether this is a URL for this site,
    // so we use wp_safe_redirect() to avoid an open redirect.
    wp_safe_redirect( $url );
    
    // We are trying to redirect to another site, using a hard-coded URL.
    wp_redirect( 'https://example.com/some/page' );
    
  2. Skip to note 2 content
    Contributed by Codex

    Examples

    <?php wp_redirect( home_url() ); exit; ?>
    

    Redirects can also be external, and/or use a “Moved Permanently” code :

    <?php wp_redirect( 'http://www.example.com', 301 ); exit; ?>
    

    The code below redirects to the parent post URL which can be used to redirect attachment pages back to the parent.

    <?php wp_redirect( get_permalink( $post->post_parent ) ); exit; ?>
    

You must log in before being able to contribute a note or feedback.