A modified version of OWASP's legacy browser frame breaking script. This version is modified to work in browsers without Javascript (as well as browsers with Javascript)
| Author: | Andy Feliciotti (profile at wordpress.org) |
| WordPress version required: | 5.0.0 |
| WordPress version tested: | 6.5 |
| Plugin version: | 1.7.9 |
| Added to WordPress repository: | 26-05-2015 |
| Last updated: | 25-03-2024 |
| Rating, %: | 100 |
| Rated by: | 2 |
| Plugin URI: | https://drawne.com/wordpress-anti-clickjack-p... |
| Total downloads: | 33 416 |
| Active installs: | 3 000+ |
 Click to start download |
|
WP Anti-Clickjack is a powerful security plugin that helps prevent your WordPress site from being vulnerable to clickjacking attacks. Clickjacking is a malicious technique where an attacker tricks users into clicking on a concealed link or button by overlaying it on your legitimate website.
This plugin implements two key defense mechanisms:
-
X-Frame-Options Header: The plugin adds the
X-Frame-Options: SAMEORIGINHTTP header to your site’s responses. This header instructs web browsers to prevent other websites from embedding your site within an iframe, effectively blocking clickjacking attempts. -
OWASP’s Legacy Browser Frame Breaking Script: The plugin includes a modified version of OWASP’s legacy browser frame breaking script. This script prevents other sites from putting your site in an iframe, even in browsers that don’t support the X-Frame-Options header. The script is optimized to work seamlessly in browsers with and without JavaScript enabled.
By combining these two security measures, WP Anti-Clickjack provides comprehensive protection against clickjacking attacks, ensuring the safety and integrity of your WordPress site.
For more information about clickjacking defense techniques, refer to the OWASP Clickjacking Defense Cheat Sheet.
Features
- Adds the
X-Frame-Options: SAMEORIGINHTTP header to prevent clickjacking - Includes a modified version of OWASP’s legacy browser frame breaking script
- Compatible with popular page builders and editors like Elementor, Divi, WPBakery, and more
- Provides filters to disable the anti-clickjacking measures when needed
- Easy to install and configure
- Regularly updated and tested with the latest WordPress versions
Additional Details
If you need to disable the clickjacking JavaScript on a specific page, you can use the following filter in your theme’s functions.php file:
add_filter('wp_anti_clickjack', '__return_false');
To disable the clickjacking X-Frame-Options HTTP header, use this filter in your theme’s functions.php file:
add_filter('wp_anti_clickjack_x_frame_options_header', '__return_false');
FAQ
ChangeLog