Title: Still problem with iFrame
Last modified: July 15, 2025

---

# Still problem with iFrame

 *  Resolved [webmistressofthedark](https://wordpress.org/support/users/webmistressofthedark/)
 * (@webmistressofthedark)
 * [10 months, 3 weeks ago](https://wordpress.org/support/topic/still-problem-with-iframe/)
 * So a link phishing had iFramed the front page of this site to try to trick me
   into inputing login credentials. I removed the iFrame and put the code into the
   headers of the htacess file.
 * But now, every time I try to do some minor updates to LiteSpeed or Hubbub (I 
   don’t use many plugins) it will say the page won’t load due to iFraming. This
   is the page INSIDE the admin area.
 * The plugins eventually get updated, but then I have to go in and remove the Maintenance
   file in order to be able to access the site again. This is so annoying.
 * Why is it doing this????? Can someone please give me the correct code and location
   where it should be placed?????
    -  This topic was modified 10 months, 3 weeks ago by [webmistressofthedark](https://wordpress.org/support/users/webmistressofthedark/).
 * The page I need help with: _[[log in](https://login.wordpress.org/?redirect_to=https%3A%2F%2Fwordpress.org%2Fsupport%2Ftopic%2Fstill-problem-with-iframe%2F%3Foutput_format%3Dmd&locale=en_US)
   to see the link]_

Viewing 10 replies - 1 through 10 (of 10 total)

 *  Moderator [t-p](https://wordpress.org/support/users/t-p/)
 * (@t-p)
 * [10 months, 3 weeks ago](https://wordpress.org/support/topic/still-problem-with-iframe/#post-18556656)
 * > The plugins eventually get updated, but then I have to go in and remove the
   > Maintenance file in order to be able to access the site again. This is so annoying
 * What plugin are you referring to “eventually get updated”?
 *  Thread Starter [webmistressofthedark](https://wordpress.org/support/users/webmistressofthedark/)
 * (@webmistressofthedark)
 * [10 months, 3 weeks ago](https://wordpress.org/support/topic/still-problem-with-iframe/#post-18556668)
 * Well, after getting the message that WP cannot open the page because of iFrame(
   which was not inside the admin area that I know of) it goes into Maintenance 
   mode.
 * I have to go into my FTP to remove the dot file to regain access.
 * Then I see that the plugins meanwhile WERE updated.
 * But the pain in the butt is having it throw up that notice and go into Maintenance
   every time.
 * The original page that was iFramed was the front page… the plugins are Lite Speed
   and Hubbub.
    -  This reply was modified 10 months, 3 weeks ago by [webmistressofthedark](https://wordpress.org/support/users/webmistressofthedark/).
 *  Moderator [threadi](https://wordpress.org/support/users/threadi/)
 * (@threadi)
 * [10 months, 3 weeks ago](https://wordpress.org/support/topic/still-problem-with-iframe/#post-18561612)
 * To me, it sounds more like an update (of a plugin?) couldn’t be completed properly.
   In such a case, WordPress’s own maintenance mode remains active for the duration
   of these updates and is (I believe) automatically deactivated after a maximum
   of 15 minutes.
 * Just to be sure: you go to the backend, click on Updates, and install the pending
   plugin updates. Afterwards, maintenance mode remains activated and you have to
   reset it via FTP. Is that the way to do it?
 * If so, then:
    - Check the error log in your hosting to see if an error occurred during the
      update. Your host’s support team can help you find the log.
    - Check exactly which plugin you want to install an update for. Make a note 
      of its version number before the update and check it again afterwards (i.e.
      once you have deactivated maintenance mode). If the version has not changed,
      no update has been installed and the above error has probably occurred.
 * You are welcome to post the error messages from the error log here. However, 
   we also need to know which plugins you are using in order to be able to evaluate
   this.
 *  Thread Starter [webmistressofthedark](https://wordpress.org/support/users/webmistressofthedark/)
 * (@webmistressofthedark)
 * [10 months, 3 weeks ago](https://wordpress.org/support/topic/still-problem-with-iframe/#post-18561637)
 * The error message **specifically** mentions the iFrame. However, it was just 
   the front page that was iFramed so I ‘m not sure why WP thinks the admin page
   was part of that.
 * I have seen several versions of the code to add to the htaccess file to stop 
   iFrames but is there something else I have to erase to stop WP from thinking 
   it is still iFramed?
 * In the background the plugins update just fine, but I ALWAYS have to go in and
   remove the maintenance dot file from the FTP in order to gain access. Then I 
   see they were indeed updated.. so it’s not a problem with the plugins.
 * The plugins are LiteSpeed Cache and Hubbub
 *  Moderator [threadi](https://wordpress.org/support/users/threadi/)
 * (@threadi)
 * [10 months, 3 weeks ago](https://wordpress.org/support/topic/still-problem-with-iframe/#post-18561698)
 * WordPress uses iframes for installing updates in the backend and also for the
   block editor. Blocking them on the server side is therefore not a good idea and
   could generally explain the problem. I would recommend avoiding such customizations
   in general. If they are set by your hosting provider, please contact your host’s
   support team for clarification.
 * What exactly does the error message say? You are also welcome to show us a screenshot
   of it, see:
 *  Thread Starter [webmistressofthedark](https://wordpress.org/support/users/webmistressofthedark/)
 * (@webmistressofthedark)
 * [10 months, 3 weeks ago](https://wordpress.org/support/topic/still-problem-with-iframe/#post-18561749)
 * Ok well that explains it!
 * I am going to remove the code from the htaccess file and see if that fixes it.
 * THANK YOU. I will get back to you with the results, which I won’t know until 
   the next time those two plugins, the only ones I use, need updating.
 *  [cfb51](https://wordpress.org/support/users/cfb51/)
 * (@cfb51)
 * [10 months, 2 weeks ago](https://wordpress.org/support/topic/still-problem-with-iframe/#post-18575264)
 * there are two items in CSP, held in headers mod directives and in htaccess or
   httpd files… iframe and iframe ancestors.. one allows “them” to frame your site,
   and the other which sites you can frame.
 * Setting both to ‘self’ clears you hot to frame different parts of your page in,
   well, different parts of your page so long as its in the same home directory..
   After that, be careful who you allow in and who you allow to frame your content.
   You can take this info and Google up a good set of rules… then, its a matter 
   of seeing what’s broken via inspect/console errors in chrome, seeing what you
   need to allow by url, and deciding if you want to let them in/out, or not. This
   same holds true for other scripts such as fonts from cdns, js/jquery from other
   places, etc… all controlled within the CSP with different directives to specific
   use…
 * I dont rec you abandon your CSP especially if you’ve already been targeted before…
   just set it correctly… it takes minutes and will save days weeks and months of
   potential frustration.
    -  This reply was modified 10 months, 2 weeks ago by [cfb51](https://wordpress.org/support/users/cfb51/).
 *  Thread Starter [webmistressofthedark](https://wordpress.org/support/users/webmistressofthedark/)
 * (@webmistressofthedark)
 * [10 months, 2 weeks ago](https://wordpress.org/support/topic/still-problem-with-iframe/#post-18575993)
 * Thank you for this explanation although I’m still not clear on what exact code
   I should put in the htaccess file if any. This site is targeted as it is my State
   Senator and I am sure enemies would love to have access to mess it up.
 * I just updated a plugin, got that message, but by simply hitting the Updates 
   button again, it took me back to the admin area, and the plugin updated fine 
   and I did not get tossed into maintenance mode.
 * Thus I was saved from having to go into FTP and remove the dot maintenance file.
   So at least now I know it’s not anything malicious that is causing this.
 *  Moderator [threadi](https://wordpress.org/support/users/threadi/)
 * (@threadi)
 * [10 months, 1 week ago](https://wordpress.org/support/topic/still-problem-with-iframe/#post-18576430)
 * If you really want to use CSP, you need to configure it correctly. What is “correct”
   depends heavily on the structure of your project and must always be done on an
   individual basis.
 * There are plugins that can help with this: [https://wordpress.org/plugins/tags/csp/](https://wordpress.org/plugins/tags/csp/)
 * Alternatively, find someone to help you, e.g. here: [https://jobs.wordpress.net](https://jobs.wordpress.net)
 * However, CSP is only one component of website security and has nothing to do 
   with defending against attacks. CSP helps to ensure that only data and files 
   approved by you are loaded for your visitors. It therefore provides security 
   for visitors rather than for the website itself. To secure the website, I would
   recommend completely different methods, including a security plugin and, if necessary,
   protecting the admin area with AuthBasic (and no, I don’t think renaming wp-admin
   is a good idea).
 *  Thread Starter [webmistressofthedark](https://wordpress.org/support/users/webmistressofthedark/)
 * (@webmistressofthedark)
 * [10 months, 1 week ago](https://wordpress.org/support/topic/still-problem-with-iframe/#post-18576457)
 * I thank you for all this information as it’s been helpful. I am no longer getting
   that message now that I added the proper code to allow pages within the admin
   area to load even if they are iFrame.
 * I also thank you for showing me the jobs section, since I have another site that
   has problems I can’t fix. I’ve suggested to the owner that we hire someone with
   more expertise who can fix what is wrong.
 * I have gone as far as I can on it. It was a mess left to us by a reckless person
   who installed 60+ plugins but did not delete the ones not in use and thus was
   hacked.

Viewing 10 replies - 1 through 10 (of 10 total)

The topic ‘Still problem with iFrame’ is closed to new replies.

## Tags

 * [iframe](https://wordpress.org/support/topic-tag/iframe/)

 * In: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/)
 * 10 replies
 * 4 participants
 * Last reply from: [webmistressofthedark](https://wordpress.org/support/users/webmistressofthedark/)
 * Last activity: [10 months, 1 week ago](https://wordpress.org/support/topic/still-problem-with-iframe/#post-18576457)
 * Status: resolved

## Topics

### Topics with no replies

### Non-support topics

### Resolved topics

### Unresolved topics

### All topics