?redirect_to is not working

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Support Emma

    (@emma24)

    2 months, 3 weeks ago

    Hi @chelminski,

    That’s the default behavior of WordPress to redirect subscribers to the administration panel (wp-profile.php).

    LoginPress has a paid add-on, Login Redirects, to control redirects after login and logout for specific users and roles. You can learn more about this add-on here.

    Thread Starter chelminski

    (@chelminski)

    2 months, 3 weeks ago

    Hi πŸ˜€
    From what I understand, I can set permanent redirects using a plugin add-on. The problem is that the “?redirect_to” parameter is always different. I don’t want to set the redirection relative to the role, but to have it done dynamically. Unfortunately, after activating your plugin, the native redirect function of the “?redirect_to” parameter doesn’t work in WordPress. πŸ™

    Greetings,
    chelminski

    Plugin Support Emma

    (@emma24)

    2 months, 3 weeks ago

    Hi

    Unfortunately or fortunately πŸ˜€, I found no such issue with redirect_to parameter on my end. It is working fine with LoginPress installed.

    For example, I used /wp-login.php?redirect_to=hello-world. After logging in, I was redirected to the Hello World post. Let me explain to you how the redirect_to parameter works in WordPress.

    WordPress enforces strict validation rules for security reasons, which can affect how the redirect_to parameter behaves based on the URL format.

    Relative vs Absolute URLs in redirect_to

    If you use a relative URL like /hello-world in the redirect_to parameter, WordPress appends this to the site’s base URL (as configured in Settings β†’ General). For example:

    • Login URL:
      /wp-login.php?redirect_to=/hello-world
      After login, WordPress will redirect to:
      https://your-site.com/hello-world

    If you use an absolute URL, such as https://your-site.com/hello-world, WordPress validates the domain, protocol, and structure of the URL. WordPress redirects the user to the WordPress admin dashboard if the absolute URL doesn’t match the site’s domain or fails validation.

    Example with Encoded URL

    If your login URL looks like this:
    https://your-site.com/wp-login.php?redirect_to=https%3A%2F%2Fyour-site.com%2Fhello-world

    Here’s what happens:

    1. The redirect_to parameter is URL-encoded and specifies the absolute URL: https://your-site.com/hello-world/.
    2. WordPress decodes and validates the redirect_to URL. Since the domain and protocol match the WordPress site settings, the URL is considered safe.
    3. After a successful login, the user is redirected to the specified URL.

    This format works because:

    • The redirect_to URL matches the site’s domain and protocol exactly.
    • It is properly URL-encoded (e.g., : becomes %3A, / becomes %2F).

    Therefore, if your redirection is not working properly, it might be due to a mismatch in domain or protocol or improper encoding. I hope this information was helpful! πŸ™‚

    If you are still facing any issues, please contact us on our support forum so we can help you fix the problem on your site.

Viewing 3 replies - 1 through 3 (of 3 total)
  • You must be logged in to reply to this topic.