Mitigate Clickjacking or UI redressing in a WordPress website involves implementing security measures to prevent attackers from embedding your site’s content into malicious iframes or manipulating the user interface.
How to test Clickjacking?
Create a test.html file on your desktop with following contents and access it through the browser.
<html> <head></head> <body> <h1> WEBSITE IS VULNERABLE TO CLICKJACKING</h1> <iframe width=100% height=80% src="https://techglimpse.com"> </iframe> </body> </html>
If browser shows the website, then the website is vulnerable to clickjacking.
Another way is to visit clickjacker.io and verify with the domain name.
How to mitigate Clickjacking or UI Redressing in WordPress?
In most cases disallowing applications to load into iframes is sufficient to prevent the clickjacking attacks that leverage the web browser.
Add the below code to your
wp-config.php. This allows the page to be rendered in the iframe if the iframe has the same origin as the page.
header('X-Content-Security-Policy: frame-ancestors https://*.techglimpse.com'); header('Content-Security-Policy: frame-ancestors https://*.techglimpse.com'); header('X-Frame-Options: SAMEORIGIN');
Verify to see that the website cannot be embedded in an iframe.
Also, verify with clickjacker.io
Find here more ways to prevent clickjacking