Last active
March 28, 2025 02:02
-
-
Save kasparsd/f6b6e5572b5afeabe0d26f9120df26f0 to your computer and use it in GitHub Desktop.
A must-use plugin to log and find the source of redirects in WordPress
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| /** | |
| * Plugin Name: Redirect Logger | |
| * Description: Find the source of all redirects. | |
| * | |
| * Place this in the mu-plugins directory and check the | |
| * redirects-1234567.json file in the uploads directory for the logs. | |
| */ | |
| namespace WPElevator\Redirect_Logger; | |
| class Plugin { | |
| private ?string $log_file; | |
| public function init() { | |
| add_filter( 'x_redirect_by', [ $this, 'filter_track_redirect' ], 100, 3 ); | |
| } | |
| public function set_log_file( string $log_file ) { | |
| $this->log_file = $log_file; | |
| } | |
| public function filter_track_redirect( $x_redirect_by, int $status, string $location ) { | |
| $backtrace = array_map( | |
| function ( $trace ) { | |
| if ( isset( $trace['args'] ) ) { | |
| $trace['args'] = '[redacted]'; // Remove args to protect potentially sensitive data. | |
| } | |
| if ( isset( $trace['object'] ) ) { | |
| $trace['object'] = '[redacted]'; // Remove args to protect potentially sensitive data. | |
| } | |
| return $trace; | |
| }, | |
| array_slice( debug_backtrace(), 3 ) // Remove the first three referencing this plugin. | |
| ); | |
| $this->log_redirect( | |
| [ | |
| 'time' => time(), | |
| 'from' => $_SERVER['REQUEST_URI'], | |
| 'location' => $location, | |
| 'redirect-by' => $x_redirect_by, | |
| 'status' => $status, | |
| 'trace' => $backtrace, | |
| ] | |
| ); | |
| return $x_redirect_by; | |
| } | |
| private function log_redirect( array $redirect ) { | |
| if ( empty( $this->log_file ) ) { | |
| return; | |
| } | |
| $redirects = []; | |
| if ( is_readable( $this->log_file ) ) { | |
| $redirects = json_decode( (string) file_get_contents( $this->log_file ), true ) ?? []; | |
| } | |
| $redirects[] = $redirect; | |
| file_put_contents( $this->log_file, json_encode( $redirects, JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES ) ); | |
| } | |
| } | |
| $plugin = new Plugin(); | |
| // Use a random string to avoid conflicts. | |
| $log_file = sprintf( '%s/redirects-1234567.json', wp_get_upload_dir()['basedir'] ); | |
| $plugin->set_log_file( $log_file ); | |
| $plugin->init(); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [ | |
| { | |
| "time": 1743052871, | |
| "from": "/wordpress/wp-login.php?action=logout&_wpnonce=9552026fab", | |
| "location": "https://example.com/wordpress/wp-login.php?loggedout=true&wp_lang=en_US", | |
| "redirect-by": "WordPress", | |
| "status": 302, | |
| "trace": [ | |
| { | |
| "file": "/path/to/wordpress/wp-includes/pluggable.php", | |
| "line": 1545, | |
| "function": "wp_redirect", | |
| "args": "[redacted]" | |
| }, | |
| { | |
| "file": "/path/to/wordpress/wp-login.php", | |
| "line": 832, | |
| "function": "wp_safe_redirect", | |
| "args": "[redacted]" | |
| } | |
| ] | |
| }, | |
| { | |
| "time": 1743052933, | |
| "from": "/sample-page", | |
| "location": "https://example.com/sample-page/", | |
| "redirect-by": "WordPress", | |
| "status": 301, | |
| "trace": [ | |
| { | |
| "file": "/path/to/wordpress/wp-includes/canonical.php", | |
| "line": 831, | |
| "function": "wp_redirect", | |
| "args": "[redacted]" | |
| }, | |
| { | |
| "file": "/path/to/wordpress/wp-includes/class-wp-hook.php", | |
| "line": 324, | |
| "function": "redirect_canonical", | |
| "args": "[redacted]" | |
| }, | |
| { | |
| "file": "/path/to/wordpress/wp-includes/class-wp-hook.php", | |
| "line": 348, | |
| "function": "apply_filters", | |
| "class": "WP_Hook", | |
| "object": "[redacted]", | |
| "type": "->", | |
| "args": "[redacted]" | |
| }, | |
| { | |
| "file": "/path/to/wordpress/wp-includes/plugin.php", | |
| "line": 517, | |
| "function": "do_action", | |
| "class": "WP_Hook", | |
| "object": "[redacted]", | |
| "type": "->", | |
| "args": "[redacted]" | |
| }, | |
| { | |
| "file": "/path/to/wordpress/wp-includes/template-loader.php", | |
| "line": 13, | |
| "function": "do_action", | |
| "args": "[redacted]" | |
| }, | |
| { | |
| "file": "/path/to/wordpress/wp-blog-header.php", | |
| "line": 19, | |
| "args": "[redacted]", | |
| "function": "require_once" | |
| }, | |
| { | |
| "file": "/path/to/wordpress/index.php", | |
| "line": 17, | |
| "args": "[redacted]", | |
| "function": "require" | |
| }, | |
| { | |
| "file": "/path/to/index.php", | |
| "line": 8, | |
| "args": "[redacted]", | |
| "function": "require_once" | |
| } | |
| ] | |
| } | |
| ] |
@westonruter It is to some extent, indeed! Might be worth excluding the request paths but it makes it harder to scan it.
Or it could be updated to log to a PHP file (which shouldn't be rendered in most scenarios) or to return a normalized backtrace in the HTTP response header like Query Monitor does (only for logged-in users, though).
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Isn't the
_wpnoncealso sensitive?