The Safe Redirect Card plugin is a security add-on built for the LiMhy Blog System. Its job is simple: when a reader clicks an external link in a post, it shows a clear confirmation card before sending them away from your site. This helps reduce accidental visits to suspicious links while making outbound navigation feel more deliberate and polished.
What it does
This plugin automatically detects external links inside articles and can leave internal links untouched if you want. Trusted domains can be added to a whitelist so they open normally without any prompt, while known risky domains can be placed on a blacklist and blocked outright.
Its main features include:
- Automatic detection of external links in posts
- Optional exclusion for internal links
- Whitelist support for trusted domains
- Blacklist support to block dangerous domains
- Custom warning text on the confirmation card
- Choice between opening links in a new tab or the current tab
- Custom CSS support so the card can match your theme
- Easy enable/disable control without editing theme files
Requirements
<table> <thead> <tr> <th>Item</th> <th>Requirement</th> </tr> </thead> <tbody> <tr> <td>Blog system</td> <td>LiMhy Blog System 2.0.0 or later</td> </tr> <tr> <td>PHP</td> <td>7.4 or later, with PHP 8.0+ recommended</td> </tr> <tr> <td>Browser</td> <td>A modern browser with ES6 support</td> </tr> </tbody> </table>Installation
- Download the plugin archive:
safe-redirect.zip - Extract it to the
plugins/safe-redirect/directory of your blog installation - Sign in to the admin panel and open Plugin Management
- Find the Safe Redirect Card plugin and enable it
- Open its settings page and configure it as needed
Settings overview
<table> <thead> <tr> <th>Option</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td>Enable plugin</td> <td>Master switch; if turned off, all external links open normally</td> </tr> <tr> <td>Warning message</td> <td>The safety notice shown on the card; supports multiline text</td> </tr> <tr> <td>Exclude internal links</td> <td>When enabled, links within your own site will not trigger the card</td> </tr> <tr> <td>Open in same tab</td> <td>Choose whether links open in the current page; default behavior is a new tab</td> </tr> <tr> <td>Whitelist domains</td> <td>One domain per line; whitelisted domains skip the card and open directly</td> </tr> <tr> <td>Blacklist domains</td> <td>One domain per line; blacklisted domains are blocked and a warning is shown</td> </tr> <tr> <td>Custom CSS</td> <td>Override the default card styling to better fit your theme</td> </tr> </tbody> </table>When adding domains, only the root domain is needed, such as github.com. There is no need to include https:// or a www prefix.
How it looks in use
After a visitor clicks an external link in a post, the plugin displays a confirmation card like this:
If the destination domain matches the blacklist, the plugin shows a blocking warning instead of allowing the redirect to continue.
Changelog
v1.0.1 — 2026-04-08
- Fixed case-sensitive matching for whitelist domains
- Improved the card layout on mobile devices
- Added automatic filtering for
mailto:andtel:links so they do not trigger the card - Refined the warning shown for blacklisted domains
v1.0.0 — 2026-04-07
- First official release
- Added secure redirect confirmation cards for external links
- Added whitelist and blacklist support, custom text, and custom styling
Common issues
Why do some external links not show the confirmation card?
Check whether the domain has been added to the whitelist, or whether the link is actually internal and therefore excluded by the internal-link filter.
What if my custom CSS does not take effect?
Make sure your selectors have enough priority. You can use !important if needed or inspect the element in your browser’s developer tools. The default root class for the card is safe-redirect-modal.
Does it work with both HTTP and HTTPS links?
Yes. The plugin matches domains only and does not enforce a specific protocol.