Title: Iframe Protection?
Last modified: October 15, 2020

---

# Iframe Protection?

 *  Resolved [multimastery](https://wordpress.org/support/users/multimastery/)
 * (@multimastery)
 * [5 years, 7 months ago](https://wordpress.org/support/topic/iframe-protection-2/)
 * Hello,
 * Is there a way to prevent my website from being placed in a frame by some other
   site – or only allow approved site to do this?

Viewing 6 replies - 1 through 6 (of 6 total)

 *  Plugin Support [wfpeter](https://wordpress.org/support/users/wfpeter/)
 * (@wfpeter)
 * [5 years, 7 months ago](https://wordpress.org/support/topic/iframe-protection-2/#post-13538590)
 * Hi [@multimastery](https://wordpress.org/support/users/multimastery/), thanks
   for your query.
 * There is no toggle in Wordfence for this functionality specifically, although
   we _will_ block the request if the site embedding the iframe is breaking your
   firewall rules or is specifically stated by IP, URL or in country blocking.
 * To block your site entirely from being loaded in an iframe on other sites, you
   would have to set a header called **x-frame-options** in your **.htaccess** file:
 * `header set x-frame-options SAMEORIGIN`
 * Thanks,
 * Peter.
 *  Thread Starter [multimastery](https://wordpress.org/support/users/multimastery/)
 * (@multimastery)
 * [5 years, 7 months ago](https://wordpress.org/support/topic/iframe-protection-2/#post-13539939)
 * Thanks for your reply Peter. What I’m wondering though is if I use that code 
   to block all sites from loading my site in an iframe, would that cause problems
   with legitimate sites that may need to use this practice like social media sites
   or other. I don’t know this is all new to me.
 *  Plugin Support [wfpeter](https://wordpress.org/support/users/wfpeter/)
 * (@wfpeter)
 * [5 years, 7 months ago](https://wordpress.org/support/topic/iframe-protection-2/#post-13541968)
 * Hi [@multimastery](https://wordpress.org/support/users/multimastery/),
 * To the best of my knowledge, when a site like Facebook includes a post preview
   to your site when linked in a status update, they take information directly from
   the page such as a photo, page title and excerpt. This .htaccess change would
   prevent your entire site, or parts of your site, from being physically embedded
   within another.
 * If you find negative results when testing, you can simply remove the block.
 * Thanks,
 * Peter.
 *  Thread Starter [multimastery](https://wordpress.org/support/users/multimastery/)
 * (@multimastery)
 * [5 years, 7 months ago](https://wordpress.org/support/topic/iframe-protection-2/#post-13545144)
 * Ok thanks. Is there any particular place/position I should paste that code in
   my .htaccess file?
 *  Plugin Support [wfpeter](https://wordpress.org/support/users/wfpeter/)
 * (@wfpeter)
 * [5 years, 7 months ago](https://wordpress.org/support/topic/iframe-protection-2/#post-13551387)
 * Hi [@multimastery](https://wordpress.org/support/users/multimastery/),
 * Yes, it should go between the mod_headers tags:
 *     ```
       <IfModule mod_headers.c>
           Header set x-frame-options SAMEORIGIN
       </IfModule>
       ```
   
 * There may already be other content between these tags, you can just add this 
   header line to the bottom of that section, or replace an existing **x-frame-options**
   if there is one in place with a different value to SAMEORIGIN.
 * Thanks,
 * Peter.
 *  Thread Starter [multimastery](https://wordpress.org/support/users/multimastery/)
 * (@multimastery)
 * [5 years, 6 months ago](https://wordpress.org/support/topic/iframe-protection-2/#post-13560006)
 * Thanks [@wfpeter](https://wordpress.org/support/users/wfpeter/) , works like 
   a charm!

Viewing 6 replies - 1 through 6 (of 6 total)

The topic ‘Iframe Protection?’ is closed to new replies.

 * ![](https://ps.w.org/wordfence/assets/icon.svg?rev=2070865)
 * [Wordfence Security - Firewall, Malware Scan, and Login Security](https://wordpress.org/plugins/wordfence/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/wordfence/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/wordfence/)
 * [Active Topics](https://wordpress.org/support/plugin/wordfence/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/wordfence/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/wordfence/reviews/)

 * 6 replies
 * 2 participants
 * Last reply from: [multimastery](https://wordpress.org/support/users/multimastery/)
 * Last activity: [5 years, 6 months ago](https://wordpress.org/support/topic/iframe-protection-2/#post-13560006)
 * Status: resolved