Word of warning to WP No External Links users

WP No External Links is an open redirect URL script meaning that anyone can use it to redirect users to other domains, whilst making the link look like it is part of your domain.

i.e. yourdomain.com/go-link/http://dodgeydomain.com

This means that anyone could put this link in an email for example, and fool users into thinking the link is a safe click.

you can read more from google here:

http://googlewebmastercentral.blogspot.com/2009/01/open-redirect-urls-is-your-site-being.html

I think google will start penalising sites that use open redirects and link cloaking so maybe an idea to review the security implication before running this script.

I think most people will use this plugin as a way of retaining PR by masking outgoing links, which is against Google TOS and could get your site de-indexed anyway. My advice is dont use this script if you are looking for ways to cheat Google!!

For the plugin author
The simplest way to fix this security issue would be to do a check that the outgoing link is indeed in the database and the referrer is the main domain of the site – if not show a warning to users and dont allow the redirect.

Google suggestions

* Change the redirect code to check the referer, since in most cases everyone coming to your redirect script legitimately should come from your site, not a search engine or elsewhere. You may need to be permissive, since some users’ browsers may not report a referer, but if you know a user is coming from an external site you can stop or warn them.

Cheers
Ben