Skip to main content

Remediation Steps

Follow the steps below to remediate this finding on WordPress.

  1. Review plugins that perform redirects (e.g., redirect managers, social login plugins) and verify they do not append sensitive query parameters to the Location URL.

  2. Add the following to your theme's functions.php to ensure wp_redirect always exits cleanly:

    add_filter('wp_redirect', function($location, $status) {
// Optionally sanitise or log $location here
return $location;
}, 10, 2);

  3. Avoid passing nonces or auth tokens as URL parameters in redirect flows.

Back to top