How to mitigate Clickjacking/UI redressing in WordPress

Updated on September 6, 2023


Mitigate Clickjacking or UI redressing in a WordPress website involves implementing security measures to prevent attackers from embedding your site’s content into malicious iframes or manipulating the user interface.

What is Clickjacking?

Clickjacking or UI redressing, is an interface-based common cybersecurity attack. It is a malicious technique of tricking users into clicking on something different from what the user perceives, thus potentially revealing confidential information. It is like the attacker is “hijacking” clicks meant for their page and routing them to another page, most likely owned by another application, domain, or both.


Image courtesy:

How to test Clickjacking?

Create a test.html file on your desktop with following contents and access it through the browser.

Change the domain

Change the domain name in the below snippet

<iframe width=100% height=80% src=""> </iframe>

If browser shows the website, then the website is vulnerable to clickjacking.

clickjacking techglimpse

Another way is to visit and verify with the domain name.

clickjacking testing

How to mitigate Clickjacking or UI Redressing in WordPress?

In most cases disallowing applications to load into iframes is sufficient to prevent the clickjacking attacks that leverage the web browser.

Add the below code to your wp-config.php. This allows the page to be rendered in the iframe if the iframe has the same origin as the page.

header('X-Content-Security-Policy: frame-ancestors https://*');
header('Content-Security-Policy: frame-ancestors https://*');
header('X-Frame-Options: SAMEORIGIN');

Verify to see that the website cannot be embedded in an iframe.

mitigate clickjacking

Also, verify with

clickjacking testing

Find here more ways to prevent clickjacking

Was this article helpful?

Related Articles

Leave a Comment