Clickjacking is a potential security risk caused by someone loading your website in a frame on their domain, and hijacking interactions you make with that site.
For example if your website requires a user to login, it could log the username and passwords of users targeted by the clickjacking attack.
Fortunately preventing clickjacking in WordPress is fairly straightforward. You can just add this little snippet of code in your functions file to set the
X-FRAME-OPTIONS header to
This will send a header along with WordPress that tells browsers to prevent pages showing up in frames that not on the same domain as your website.
Clickjacking and Older Browsers
Older browsers (browsers older than Internet Explorer 8 (IE8)) don’t understand the
Of course we only want to enqueue the above script to load for browsers older than IE8, so we can use a good old conditional statement to do this: