/**
* The HTTP header X-Frame-Options: SAMEORIGIN should be set.
*
* Older browsers do not support the X-Frame-Options header, so the following
* JavaScript will act as a workaround.
*/
try { top.document.domain } catch (e) {
var f = function() {
document.body.innerHTML = '';
};
setInterval( f, 1 );
if ( document.body ) {
document.body.onload = f;
};
}
<?php
/**
* Clickjacking projection for old browsers
*
* Header not supported by older browsers, use JS fallback.
**/
function mwtsn_example_wp_enqueue_scripts() {
$script_url = plugins_url( 'js/clickjack-protection.js', __FILE__ );
wp_enqueue_script(
'clickjack-protection-js',
$script_url,
array( 'jquery' ),
'',
true
);
// Clickjack headers not supported below IE8.
wp_script_add_data( 'clickjack-protection-js', 'conditional', 'lt IE 8' );
}
add_action( 'wp_enqueue_scripts', 'mwtsn_example_wp_enqueue_scripts, 10 );
<?php
/**
* Clickjacking protection
*
* Add header to stop site loading in an iFrame.
**/
function mwtsn_example_send_headers() {
header( 'X-FRAME-OPTIONS: SAMEORIGIN' );
}
add_action( 'send_headers', 'mwtsn_example_send_headers', 10 );