diff --git a/core/control/Controller.php b/core/control/Controller.php
index d711e800b..00f371301 100644
--- a/core/control/Controller.php
+++ b/core/control/Controller.php
@@ -480,7 +480,13 @@ class Controller extends RequestHandler {
 			$url = Director::baseURL();
 		}
 
-		$this->redirect($url);
+		// absolute redirection URLs not located on this site may cause phishing
+		if(Director::is_site_url($url)) {
+			return $this->redirect($url);
+		} else {
+			return false;
+		}
+
 	}
 	
 	/**
diff --git a/security/MemberLoginForm.php b/security/MemberLoginForm.php
index 4aff32f42..d8b8b34df 100644
--- a/security/MemberLoginForm.php
+++ b/security/MemberLoginForm.php
@@ -126,12 +126,8 @@ JS
 			} elseif(
 				isset($_REQUEST['BackURL']) 
 				&& $_REQUEST['BackURL'] 
-				&& (
-					// absolute redirection URLs may cause spoofing 
-					!Director::is_absolute_url($_REQUEST['BackURL'])
-					// absolute URLs on the current domain are allowed
-					|| strpos($_REQUEST['BackURL'], Director::absoluteBaseURL()) !== FALSE
-				)
+				// absolute redirection URLs may cause spoofing 
+				&& Director::is_site_url($_REQUEST['BackURL'])
 			) {
 				Director::redirect($_REQUEST['BackURL']);
 			} else {