Hi @multimastery, thanks for your query.
There is no toggle in Wordfence for this functionality specifically, although we will block the request if the site embedding the iframe is breaking your firewall rules or is specifically stated by IP, URL or in country blocking.
To block your site entirely from being loaded in an iframe on other sites, you would have to set a header called x-frame-options in your .htaccess file:
header set x-frame-options SAMEORIGIN
Thanks,
Peter.
Thanks for your reply Peter. What I’m wondering though is if I use that code to block all sites from loading my site in an iframe, would that cause problems with legitimate sites that may need to use this practice like social media sites or other. I don’t know this is all new to me.
Hi @multimastery,
To the best of my knowledge, when a site like Facebook includes a post preview to your site when linked in a status update, they take information directly from the page such as a photo, page title and excerpt. This .htaccess change would prevent your entire site, or parts of your site, from being physically embedded within another.
If you find negative results when testing, you can simply remove the block.
Thanks,
Peter.
Ok thanks. Is there any particular place/position I should paste that code in my .htaccess file?
Hi @multimastery,
Yes, it should go between the mod_headers tags:
<IfModule mod_headers.c>
Header set x-frame-options SAMEORIGIN
</IfModule>
There may already be other content between these tags, you can just add this header line to the bottom of that section, or replace an existing x-frame-options if there is one in place with a different value to SAMEORIGIN.
Thanks,
Peter.
Thanks @wfpeter , works like a charm!
