diff --git a/wp-includes/canonical.php b/wp-includes/canonical.php
index 167b5cf562..bd4131396e 100644
--- a/wp-includes/canonical.php
+++ b/wp-includes/canonical.php
@@ -77,6 +77,7 @@ function redirect_canonical( $requested_url = null, $do_redirect = true ) {
 
 	$redirect     = $original;
 	$redirect_url = false;
+	$redirect_obj = false;
 
 	// Notice fixing.
 	if ( ! isset( $redirect['path'] ) ) {
@@ -102,6 +103,7 @@ function redirect_canonical( $requested_url = null, $do_redirect = true ) {
 
 	if ( is_feed() && $post_id ) {
 		$redirect_url = get_post_comments_feed_link( $post_id, get_query_var( 'feed' ) );
+		$redirect_obj = get_post( $post_id );
 
 		if ( $redirect_url ) {
 			$redirect['query'] = _remove_qs_args_if_not_in_url(
@@ -126,6 +128,7 @@ function redirect_canonical( $requested_url = null, $do_redirect = true ) {
 			}
 
 			$redirect_url = get_permalink( $post_id );
+			$redirect_obj = get_post( $post_id );
 
 			if ( $redirect_url ) {
 				$redirect['query'] = _remove_qs_args_if_not_in_url(
@@ -150,6 +153,7 @@ function redirect_canonical( $requested_url = null, $do_redirect = true ) {
 
 			if ( $post_type_obj->public && 'auto-draft' !== $redirect_post->post_status ) {
 				$redirect_url = get_permalink( $redirect_post );
+				$redirect_obj = get_post( $redirect_post );
 
 				$redirect['query'] = _remove_qs_args_if_not_in_url(
 					$redirect['query'],
@@ -197,6 +201,7 @@ function redirect_canonical( $requested_url = null, $do_redirect = true ) {
 
 			if ( $post_id ) {
 				$redirect_url = get_permalink( $post_id );
+				$redirect_obj = get_post( $post_id );
 
 				$redirect['path']  = rtrim( $redirect['path'], (int) get_query_var( 'page' ) . '/' );
 				$redirect['query'] = remove_query_arg( 'page', $redirect['query'] );
@@ -223,27 +228,32 @@ function redirect_canonical( $requested_url = null, $do_redirect = true ) {
 		) {
 			if ( ! empty( $_GET['attachment_id'] ) ) {
 				$redirect_url = get_attachment_link( get_query_var( 'attachment_id' ) );
+				$redirect_obj = get_post( get_query_var( 'attachment_id' ) );
 
 				if ( $redirect_url ) {
 					$redirect['query'] = remove_query_arg( 'attachment_id', $redirect['query'] );
 				}
 			} else {
 				$redirect_url = get_attachment_link();
+				$redirect_obj = get_post();
 			}
 		} elseif ( is_single() && ! empty( $_GET['p'] ) && ! $redirect_url ) {
 			$redirect_url = get_permalink( get_query_var( 'p' ) );
+			$redirect_obj = get_post( get_query_var( 'p' ) );
 
 			if ( $redirect_url ) {
 				$redirect['query'] = remove_query_arg( array( 'p', 'post_type' ), $redirect['query'] );
 			}
 		} elseif ( is_single() && ! empty( $_GET['name'] ) && ! $redirect_url ) {
 			$redirect_url = get_permalink( $wp_query->get_queried_object_id() );
+			$redirect_obj = get_post( $wp_query->get_queried_object_id() );
 
 			if ( $redirect_url ) {
 				$redirect['query'] = remove_query_arg( 'name', $redirect['query'] );
 			}
 		} elseif ( is_page() && ! empty( $_GET['page_id'] ) && ! $redirect_url ) {
 			$redirect_url = get_permalink( get_query_var( 'page_id' ) );
+			$redirect_obj = get_post( get_query_var( 'page_id' ) );
 
 			if ( $redirect_url ) {
 				$redirect['query'] = remove_query_arg( 'page_id', $redirect['query'] );
@@ -256,6 +266,7 @@ function redirect_canonical( $requested_url = null, $do_redirect = true ) {
 			&& 'page' === get_option( 'show_on_front' ) && get_query_var( 'page_id' ) === (int) get_option( 'page_for_posts' )
 		) {
 			$redirect_url = get_permalink( get_option( 'page_for_posts' ) );
+			$redirect_obj = get_post( get_option( 'page_for_posts' ) );
 
 			if ( $redirect_url ) {
 				$redirect['query'] = remove_query_arg( 'page_id', $redirect['query'] );
@@ -310,6 +321,7 @@ function redirect_canonical( $requested_url = null, $do_redirect = true ) {
 				&& $wpdb->get_var( $wpdb->prepare( "SELECT ID FROM $wpdb->posts WHERE $wpdb->posts.post_author = %d AND $wpdb->posts.post_status = 'publish' LIMIT 1", $author->ID ) )
 			) {
 				$redirect_url = get_author_posts_url( $author->ID, $author->user_nicename );
+				$redirect_obj = $author;
 
 				if ( $redirect_url ) {
 					$redirect['query'] = remove_query_arg( 'author', $redirect['query'] );
@@ -385,6 +397,7 @@ function redirect_canonical( $requested_url = null, $do_redirect = true ) {
 					|| ! has_term( $category->term_id, 'category', $wp_query->get_queried_object_id() )
 				) {
 					$redirect_url = get_permalink( $wp_query->get_queried_object_id() );
+					$redirect_obj = get_post( $wp_query->get_queried_object_id() );
 				}
 			}
 		}
@@ -395,6 +408,7 @@ function redirect_canonical( $requested_url = null, $do_redirect = true ) {
 
 			if ( ! $redirect_url ) {
 				$redirect_url = get_permalink( get_queried_object_id() );
+				$redirect_obj = get_post( get_queried_object_id() );
 			}
 
 			if ( $page > 1 ) {
@@ -740,6 +754,32 @@ function redirect_canonical( $requested_url = null, $do_redirect = true ) {
 		$requested_url = preg_replace_callback( '|%[a-fA-F0-9][a-fA-F0-9]|', 'lowercase_octets', $requested_url );
 	}
 
+	if (
+		$redirect_obj &&
+		is_a( $redirect_obj, 'WP_Post' )
+	) {
+		$post_status_obj = get_post_status_object( get_post_status( $redirect_obj ) );
+		if (
+			// Unviewable post types are never redirected.
+			! is_post_type_viewable( $redirect_obj->post_type ) ||
+			// Internal or protected posts never redirect.
+			$post_status_obj->internal ||
+			$post_status_obj->protected ||
+			(
+				// Don't redirect a non-public post...
+				! $post_status_obj->public &&
+				(
+					// ...unless it's private and the logged in user has access.
+					$post_status_obj->private &&
+					! current_user_can( 'read_post', $redirect_obj->ID )
+				)
+			)
+		) {
+			$redirect_obj = false;
+			$redirect_url = false;
+		}
+	}
+
 	/**
 	 * Filters the canonical redirect URL.
 	 *
diff --git a/wp-includes/link-template.php b/wp-includes/link-template.php
index 519e307764..2543cec12b 100644
--- a/wp-includes/link-template.php
+++ b/wp-includes/link-template.php
@@ -420,6 +420,17 @@ function get_attachment_link( $post = null, $leavename = false ) {
 		$parent = false;
 	}
 
+	if ( $parent ) {
+		$parent_status_obj = get_post_status_object( get_post_status( $post->post_parent ) );
+		if (
+			! is_post_type_viewable( get_post_type( $post->post_parent ) ) ||
+			$parent_status_obj->internal ||
+			$parent_status_obj->protected
+		) {
+			$parent = false;
+		}
+	}
+
 	if ( $wp_rewrite->using_permalinks() && $parent ) {
 		if ( 'page' === $parent->post_type ) {
 			$parentlink = _get_page_link( $post->post_parent ); // Ignores page_on_front.
diff --git a/wp-includes/version.php b/wp-includes/version.php
index 911601b7be..a4b2083176 100644
--- a/wp-includes/version.php
+++ b/wp-includes/version.php
@@ -13,7 +13,7 @@
  *
  * @global string $wp_version
  */
-$wp_version = '5.6-beta3-49562';
+$wp_version = '5.6-beta3-49563';
 
 /**
  * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.