Download

WP Anti-Clickjack

By Andy Feliciotti

Description

Prevent your site from being clickjacked with this plugin that includes the X-Frame-Options SAMEORIGIN and a modified version of OWASP’s legacy browser frame breaking script. The OWASP’s legacy browser frame breaking script is modified to work in browsers without Javascript (as well as browsers with Javascript). This additional script prevents other sites from putting your site in an iFrame for security reasons.

You can read more about clickjacking defense on OWASP

Additional Details

If you’d like to disable the clickjacking JavaScript on a page you can use this filter in your theme’s functions.php file.

add_filter('wp_anti_clickjack', '__return_false' );

If you’d like to disable the clickjacking X-Frame-Options HTTP header you can use this filter in your theme’s functions.php file.

add_filter('wp_anti_clickjack_x_frame_options_header', '__return_false' );

Installation

To install this plugin:

  1. Download the plugin
  2. Upload the plugin to the wp-content/plugins directory,
  3. Go to “plugins” in your WordPress admin, then click activate.

Reviews

It works!

September 14, 2020 1 reply
Someone signed up for our affiliate program and started replacing our domain name with their domain names, using domain masking. This plugin stopped them dead in their tracks. Now when you key in any of their domains, you get a blank page. Perfect! Thanks for this fabulous plugin.
Read all 2 reviews

Contributors & Developers

“WP Anti-Clickjack” is open source software. The following people have contributed to this plugin.

Contributors

Translate “WP Anti-Clickjack” into your language.

Interested in development?

Browse the code, check out the SVN repository, or subscribe to the development log by RSS.

Changelog

1.7.6

  • Tested up to WordPress 6.2
  • PHP warning bug fix

1.7.5

  • Added support for Avada builder

1.7.4

  • Tested up to WordPress 6.1

1.7.3

  • Tested up to WordPress 6.0
  • Bug fix when using the WP customizer and editing widgets

1.7.2

  • Added support for Divi builder

1.7.1

  • Tested up to WordPress 5.9

1.7.0

  • Added HTTP header X-Frame-Options: SAMEORIGIN to further prevent clickjacking

1.6.5

  • Tested up to WordPress 5.8

1.6.4

  • Tested up to WordPress 5.7

1.6.3

  • Support for Cornerstone Page Builder

1.6.2

  • Support for WPBakery Page Builder

1.6.1

  • Tested up to WordPress 5.6

1.6.0

  • Added filter to disable the anti-clickjack script when needed
  • Tested up to WordPress 5.5

1.5.4

  • Increase WordPress supported version to 5.4

1.5.3

  • Increase WordPress supported version to 5.3

1.5.2

  • Bug fix for PHP warning

1.5.1

  • Increase WordPress supported version to 5.2.2

1.5.0

  • Bug fix when updating plugins/themes
  • Support for Thrive editor

1.4.0

  • Tested up to 4.8.9 and fixed conflicts with Elementor (if you are having an issue with a specific page builder please contact me)

1.3.0

  • Tested up to 4.8.0

1.2.0

  • Tweaked to add anti-clickjacking script to the admin pages

1.1.1

  • Tested up to 4.7.2

1.1

  • Bug fix causing Customizer.php to refresh constantly

1.0

  • Initial Release

Meta

Ratings

See all
Log in to submit a review.

Contributors

Support

Issues resolved in last two months:

1 out of 1

View support forum

Donate

Would you like to support the advancement of this plugin?

Donate to this plugin