{"id":29651,"date":"2014-05-21T20:37:55","date_gmt":"2014-05-21T20:37:55","guid":{"rendered":"https:\/\/wordpress.org\/plugins-wp\/wp-noframenoclickjacking\/"},"modified":"2015-06-18T09:51:16","modified_gmt":"2015-06-18T09:51:16","slug":"wp-noframenoclickjacking","status":"closed","type":"plugin","link":"https:\/\/wordpress.org\/plugins\/wp-noframenoclickjacking\/","author":10380237,"comment_status":"closed","ping_status":"closed","template":"","meta":{"version":"1.3","stable_tag":"trunk","tested":"4.2.39","requires":"3.0","requires_php":"","requires_plugins":"","header_name":"WP no-iFrames (Content Protection)","header_author":"RSPublishing","header_description":"","assets_banners_color":"17b58a","last_updated":"2015-06-18 09:51:16","external_support_url":"","external_repository_url":"","donate_link":"https:\/\/www.paypal.com\/cgi-bin\/webscr?cmd=_s-xclick&hosted_button_id=UGF2HGFDWM4ME","header_plugin_uri":"http:\/\/yooplugins.com\/","header_author_uri":"http:\/\/yooplugins.com\/","rating":4.3,"author_block_rating":0,"active_installs":60,"downloads":4496,"num_ratings":0,"support_threads":0,"support_threads_resolved":0,"author_block_count":0,"sections":["description","installation","faq","changelog"],"tags":[],"upgrade_notice":{"Version 1.3":""},"ratings":{"1":0,"2":0,"3":"1","4":0,"5":"2"},"assets_icons":{"icon-128x128.png":{"filename":"icon-128x128.png","revision":"1163512","resolution":"128x128","location":"assets"},"icon-256x256.png":{"filename":"icon-256x256.png","revision":"1163512","resolution":"256x256","location":"assets"}},"assets_banners":{"banner-772x250.png":{"filename":"banner-772x250.png","revision":"1163512","resolution":"772x250","location":"assets"}},"assets_blueprints":{},"all_blocks":[],"tagged_versions":[],"block_files":[],"assets_screenshots":{"screenshot-1.png":{"filename":"screenshot-1.png","revision":"1567181","resolution":"1","location":"plugin"}},"screenshots":{"1":"WP no-iFrames Header Output Test"}},"plugin_section":[],"plugin_tags":[2972,9794,1860,1929,9491],"plugin_category":[54],"plugin_contributors":[78562],"plugin_business_model":[],"class_list":["post-29651","plugin","type-plugin","status-closed","hentry","plugin_tags-copyright","plugin_tags-frame-breaker","plugin_tags-iframe","plugin_tags-protect","plugin_tags-theft","plugin_category-security-and-spam-protection","plugin_contributors-rspublishing","plugin_committers-rspublishing"],"banners":[],"icons":{"svg":false,"icon":"https:\/\/s.w.org\/plugins\/geopattern-icon\/wp-noframenoclickjacking_17b58a.svg","icon_2x":false,"generated":true},"screenshots":[{"src":"https:\/\/ps.w.org\/wp-noframenoclickjacking\/trunk\/screenshot-1.png?rev=1567181","caption":"WP no-iFrames Header Output Test"}],"raw_content":"\n

WP no-iFrames (Content Protection) is a simple, yet effective iframe breaking plugin that will protect your site content from being embedded into other sites - effectively defending you against clickjacking attacks.<\/p>\n\n

This lightweight plugin will add the Header always append X-Frame-Options SAMEORIGIN rule to your root .htaccess file - where the SAMEORIGIN rule will allow embeds only from YOUR site and prevent embeds from ANY other domains.<\/p>\n\n

The X-Frame-Options headers are however, available in 3 flavors (should you wish to not use the DENY rule):<\/p>\n\n

    \n
  1. DENY: will prevent ALL domains from framing the content (including your own)<\/li>\n
  2. SAMEORIGIN: only allows the current domain (your own) to frame the content<\/li>\n
  3. ALLOW-FROM uri: which only allows a specified uri to frame the content<\/li>\n<\/ol>\n\n

    The SAMEORIGIN rule is simply replaced by either one of the aforementioned headers and can be done directly in your root .htaccess file<\/p>\n\n

    This is a lightweight plugin - simply install and leave. Try it for yourself!<\/p>\n\n

    The WP no-iFrames (Content Protection) plugin is maintained by YOOPlugins.com<\/a> and WP Emergency Room<\/a><\/p>\n\n

    Feedback, Questions, Help, Bug Reporting, and Suggestions<\/h3>\n\n

    Just email us at: rcstoltz@gmail.com \/ Email Subject : WP no-iFrames (Content Protection) or visit us at YOOPlugins<\/a><\/p>\n\n\n

      \n
    1. Download the .zip file<\/li>\n
    2. Upload and extract the contents of the zip file to your wp-content\/plugins\/folder<\/li>\n
    3. Activate the Wp noFrame plugin in your WP-admin\/Plugins<\/li>\n
    4. Enjoy!<\/li>\n<\/ol>\n\n\n
      \n
      What is WP no-iFrames (Content Protection)?<\/dt>\n

      WP no-iFrames (Content Protection) is a simple (yet) effective plugin that protects your site content from being embedded into other sites - defending you against clickjacking attacks.<\/p><\/dd>\n

      What does WP no-iFrames (Content Protection) do?<\/dt>\n

      WP noFrame adds the X-Frame-Options HTTP response header (SAMEORIGIN) instruction to your root .htaccess in order to prevent your site content from being embedded into other sites (with the exception of your own).<\/p><\/dd>\n

      Why not just use Javascript?<\/dt>\n

      Simply because JS is easily bypassed. For example: the user disabled his Javascript! Furthermore, we have come to find that the JS code conflicts with the theme customization in WordPress.<\/p><\/dd>\n

      Will this work on nginx servers?<\/dt>\n

      This plugin was specifically created for Apache based servers. However, the following line of code can be added to your nginx configuration: add_header X-Frame-Options \nSAMEORIGIN;<\/code><\/p><\/dd>\n

      What if I don't have server level access?<\/dt>\n

      If you don't have server level access, you can add the following line of code between the <head><\/code> and <\/head><\/code> tag of your pages: <meta http-equiv=\"X-FRAME-OPTIONS\" content=\"DENY\"><\/code><\/p><\/dd>\n

      How do I verify that it is working?<\/dt>\n

      You can pretty much use any web developer tool to view the response headers. Recommended online tool to verify: Header Checker<\/a><\/p><\/dd>\n

      Why am I getting a 500 internal server error?<\/dt>\n

      Please check that you have the Apache mod_rewrite and mod_headers enabled. You can ask your host about this if you are unsure.<\/p>\n\n

      The instruction options<\/strong><\/p>\n\n