WordPress.org

Ready to get started?Download WordPress

Plugin Directory

WP noFrame/noClickjacking

WP noFrame/noClickjacking is a simple (yet) effective iframe breaking plugin that protects your site content from being embedded into other sites.

What is WP noFrame?

WP noFrame is a simple (yet) effective plugin that protects your site content from being embedded into other sites - defending you against clickjacking attacks.

What does WP noFrame do?

WP noFrame adds the X-Frame-Options HTTP response header (DENY) instruction to your root .htaccess in order to prevent your site content from being embedded into other sites.

Why not just use Javascript?

Simply because we believe they are easily bypassed. For example: the user disabled his Javascript! Furthermore, we have come to find that the JS code conflicts with the theme customization in WordPress.

Will this work on nginx servers?

This plugin was specifically created for Apache based servers. However, the following line of code can be added to your nginx configuration: add_header X-Frame-Options SAMEORIGIN;

What if I don't have server level access?

If you don't have server level access, you can add the following line of code between the <head> and </head> tag of your pages: <meta http-equiv="X-FRAME-OPTIONS" content="DENY">

How do I verify that it is working?

You can pretty much use any web developer tool to view the response headers. Recommended online tool to verify: Header Checker

Why am I getting a 500 internal server error?

Please check that you have the Apache mod_rewrite and mod_headers enabled. You can ask your host about this if you are unsure.

The instruction options

  • DENY: This option means the page can never be framed by any page, including a page with the same origin.
  • SAMEORIGIN: This option means the page can be framed, but only by another page with the same origin.
  • ALLOW-FROm uri: This option means the page can be framed, but only by the specified origin. The uri is replaced with the allowed specified origin.

Requires: 3.0 or higher
Compatible up to: 4.0
Last Updated: 2014-9-12
Downloads: 305

Ratings

5 stars
5 out of 5 stars

Support

Got something to say? Need help?

Compatibility

+
=
Not enough data

1 person says it works.
0 people say it's broken.

100,1,1 100,1,1
100,1,1