diff --git src/wp-includes/pluggable.php src/wp-includes/pluggable.php
index 4edb9929f6..994be2c1c1 100644
--- src/wp-includes/pluggable.php
+++ src/wp-includes/pluggable.php
@@ -1271,6 +1271,9 @@ if ( ! function_exists( 'wp_sanitize_redirect' ) ) :
 	 * @return string Redirect-sanitized URL.
 	 */
 	function wp_sanitize_redirect( $location ) {
+		// Encode whitespaces.
+		$location = str_replace( ' ', '%20', $location );
+		
 		$regex    = '/
 		(
 			(?: [\xC2-\xDF][\x80-\xBF]        # double-byte sequences   110xxxxx 10xxxxxx
diff --git tests/phpunit/tests/pluggable.php tests/phpunit/tests/pluggable.php
index e711f3b8bc..28cc3cd462 100644
--- tests/phpunit/tests/pluggable.php
+++ tests/phpunit/tests/pluggable.php
@@ -319,4 +319,20 @@ class Tests_Pluggable extends WP_UnitTestCase {
 		return $signatures;
 	}
 
+	/**
+	 * @group 36998
+	 */
+	function test_wp_sanitize_redirect_should_encode_whitespaces() {
+
+		$test_expected_and_values = [
+			'http://example.com/test%20whitespaces' => 'http://example.com/test%20whitespaces',
+			'http://example.com/test%20whitespaces%20in%20url' => 'http://example.com/test whitespaces in url'
+		];
+
+		foreach( $test_expected_and_values as $expected => $value ) {
+			$this->assertSame( $expected, wp_sanitize_redirect( $value ) );
+		}
+
+	}
+
 }