26 Nov

Security Tip for WordPress Plugin Developers: Use wp_safe_redirect() Instead of wp_redirect()

Seeing as even a number of the 1,000 most popular WordPress plugin in the Plugin Directory are not doing things in a secure way we thought it would be a good idea to emphasize something from a previous post, which is that if you are using the function wp_redirect() to handle redirections that will only go to other pages on the same website you should instead use wp_safe_redirect(). That latter function makes sure that any attempt to redirect to another website else will not work, which can help you to avoid open redirect vulnerabilities in your plugins.