WordPress.org

Plugin Directory

WP no-iFrames (Content Protection)

WP no-iFrames (Content Protection) is a simple, yet effective iframe breaking plugin that protects your site content from being embedded into other si

WP no-iFrames (Content Protection) is a simple, yet effective iframe breaking plugin that will protect your site content from being embedded into other sites - effectively defending you against clickjacking attacks.

This lightweight plugin will add the Header always append X-Frame-Options SAMEORIGIN rule to your root .htaccess file - where the SAMEORIGIN rule will allow embeds only from YOUR site and prevent embeds from ANY other domains.

The X-Frame-Options headers are however, available in 3 flavors (should you wish to not use the DENY rule):

  1. DENY: will prevent ALL domains from framing the content (including your own)
  2. SAMEORIGIN: only allows the current domain (your own) to frame the content
  3. ALLOW-FROM uri: which only allows a specified uri to frame the content

The SAMEORIGIN rule is simply replaced by either one of the aforementioned headers and can be done directly in your root .htaccess file

This is a lightweight plugin - simply install and leave. Try it for yourself!

The WP no-iFrames (Content Protection) plugin is maintained by YOOPlugins.com and WP Emergency Room

Requires: 3.0 or higher
Compatible up to: 4.2.4
Last Updated: 2015-6-18
Active Installs: 200+

Ratings

5 out of 5 stars

Support

0 of 1 support threads in the last two months have been resolved.

Got something to say? Need help?

Compatibility

+
=
Not enough data

0 people say it works.
0 people say it's broken.

100,1,1 100,1,1
100,1,1 100,1,1
100,1,1
100,1,1
100,1,1
100,1,1