Introduction
There are a few headers that can be integrated within your web application to harden security. One of these is the X-Frame-Options header, which is commonly used to prevent clickjacking.
Given the fact that WordPress is a CMS, enabling this header may require a different approach as opposed to simply modifying the domain's .htaccess.
Procedure
Navigate to the directory where WordPress is installed, then create a backup of the wp-config.php file prior to making changes. This can be done by creating a copy of the file using the File Manager, or over CLI:
cp -v wp-config.php{,.$(date +%s).bak}
Once that's completed, modify the wp-config.php file. When opening the file, find this section:
/* That's all, stop editing! Happy blogging. */
Then add the following line after it:
header('X-Frame-Options: SAMEORIGIN');
It's worth noting that the above function can be used to apply different headers (aside from X-Frame-Options). After making this modification, save and close out the file.
You can test if the header was added successfully by processing a GET request over cURL to the main site, for example:
[ Tue Apr 13 01:19:11 ~ ] $ curl -IL domain.tld
HTTP/1.1 301 Moved Permanently
Date: Tue, 13 Apr 2021 06:19:32 GMT
Server: Apache
X-Powered-By: PHP/7.4.16
X-Frame-Options: SAMEORIGIN
X-Redirect-By: WordPress
HTTP/1.1 200 OK
Date: Tue, 13 Apr 2021 06:19:37 GMT
Server: Apache
X-Powered-By: PHP/7.4.16
X-Frame-Options: SAMEORIGIN
Comments
0 comments
Article is closed for comments.