Sure! Here’s a complete blog post draft that explains how to redirect WooCommerce users to an external website after registration, including the issue with wp_safe_redirect(), how to whitelist external domains using allowed_redirect_hosts.
When a user registers on your WooCommerce-powered site, they are normally redirected to the “My Account” page. But what if you want to redirect them to a different website—maybe your marketing site, a subdomain, or an external landing page?
By default, WordPress and WooCommerce prevent redirection to external domains for security reasons. In this blog, you’ll learn how to override this behavior safely using a custom function and the allowed_redirect_hosts filter.
To Redirect WooCommerce Customer to external website After Registration Use Below Code
Add code to your child theme’s functions.php file or via a plugin that allows custom functions to be added, such as the Code snippets plugin. Avoid adding custom code directly to your parent theme’s functions.php file as this will be wiped entirely when you update the theme.
Problem with External Redirects in WooCommerce
Let’s say you added this simple redirection logic:
add_action('woocommerce_registration_redirect', 'ps_wc_registration_redirect', 10);
function ps_wc_registration_redirect($redirect_to) {
return 'https://example.com';
}This works only for internal URLs. If example.com is not the current domain, wp_safe_redirect() (used internally by WordPress) blocks the redirect silently for security reasons.
Solution: Whitelist External Domains
To allow external redirection, we need to tell WordPress that example.com is a safe redirect destination. We do this using the allowed_redirect_hosts filter:
add_filter('allowed_redirect_hosts', 'custom_allowed_redirect_hosts', 10, 2);
function custom_allowed_redirect_hosts($hosts, $host) {
$hosts[] = 'example.com'; // Add the domain only, no scheme (http/https)
return $hosts;
}⚠️ Note: Use the domain without https:// or any trailing slashes.
Complete Working Code
Here’s the final working version of both functions together:
add_filter('allowed_redirect_hosts', 'custom_allowed_redirect_hosts', 10, 2);
function custom_allowed_redirect_hosts($hosts, $host) {
$hosts[] = 'example.com'; // Add external domain here
return $hosts;
}
add_action('woocommerce_registration_redirect', 'ps_wc_registration_redirect', 10);
function ps_wc_registration_redirect($redirect_to) {
return 'https://example.com/welcome'; // Full external URL with scheme
}
Redirect Based on User Role
Want to redirect users differently based on their role? Try this:
function ps_wc_registration_redirect($redirect_to) {
$user = wp_get_current_user();
if (in_array('customer', (array) $user->roles)) {
return 'https://example.com/customer-welcome';
} elseif (in_array('subscriber', (array) $user->roles)) {
return 'https://example.com/subscriber-welcome';
}
return 'https://example.com/welcome';
}
add_action('woocommerce_registration_redirect', 'ps_wc_registration_redirect', 10);
Support Multiple External Domains
If you’re working with multiple trusted external domains:
function custom_allowed_redirect_hosts($hosts, $host) {
$trusted_domains = ['example.com', 'marketing.example.com', 'landingpage.io'];
foreach ($trusted_domains as $domain) {
$hosts[] = $domain;
}
return $hosts;
}
add_filter('allowed_redirect_hosts', 'custom_allowed_redirect_hosts', 10, 2);
🧠 Pro Tips for Readers
Be careful when whitelisting domains. Avoid dynamically adding user-supplied URLs or domains to allowed_redirect_hosts, as it may lead to open redirect vulnerabilities.
🧪 Debugging Tip
If the redirect doesn’t work:
- Check browser network tools for redirect errors.
- Ensure your external domain is not blocked by CORS policies or plugins.
- Confirm
allowed_redirect_hostsfilter is active (tryerror_log($hosts);).
If you want to redirect user to internal Pages Read this
