{"id":36586,"date":"2015-05-26T23:09:27","date_gmt":"2015-05-26T23:09:27","guid":{"rendered":"https:\/\/wordpress.org\/plugins-wp\/wp-anti-clickjack\/"},"modified":"2026-01-12T15:11:53","modified_gmt":"2026-01-12T15:11:53","slug":"wp-anti-clickjack","status":"publish","type":"plugin","link":"https:\/\/ca.wordpress.org\/plugins\/wp-anti-clickjack\/","author":7436712,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_crdt_document":"","version":"1.8.0","stable_tag":"1.8.0","tested":"6.9.4","requires":"5.0.0","requires_php":"","requires_plugins":null,"header_name":"WP Anti-Clickjack","header_author":"Andy Feliciotti","header_description":"","assets_banners_color":"464687","last_updated":"2026-01-12 15:11:53","external_support_url":"","external_repository_url":"","donate_link":"https:\/\/www.buymeacoffee.com\/someguy","header_plugin_uri":"https:\/\/drawne.com\/wordpress-anti-clickjack-plugin\/","header_author_uri":"https:\/\/drawne.com","rating":5,"author_block_rating":0,"active_installs":4000,"downloads":47450,"num_ratings":3,"support_threads":0,"support_threads_resolved":0,"author_block_count":0,"sections":["description","installation","faq","changelog"],"tags":{"1.0.0":{"tag":"1.0.0","author":"someguy9","date":"2015-05-26 23:09:42"},"1.1.0":{"tag":"1.1.0","author":"someguy9","date":"2015-08-25 15:11:49"},"1.1.1":{"tag":"1.1.1","author":"someguy9","date":"2017-02-02 16:54:12"},"1.3.0":{"tag":"1.3.0","author":"someguy9","date":"2018-11-28 01:28:14"},"1.4.0":{"tag":"1.4.0","author":"someguy9","date":"2018-12-06 22:48:56"},"1.5.0":{"tag":"1.5.0","author":"someguy9","date":"2019-08-03 20:50:09"},"1.5.1":{"tag":"1.5.1","author":"someguy9","date":"2019-08-21 12:37:49"},"1.5.2":{"tag":"1.5.2","author":"someguy9","date":"2019-11-17 21:28:43"},"1.5.3":{"tag":"1.5.3","author":"someguy9","date":"2020-04-08 19:11:14"},"1.5.4":{"tag":"1.5.4","author":"someguy9","date":"2020-08-20 21:27:59"},"1.6.0":{"tag":"1.6.0","author":"someguy9","date":"2020-12-15 15:54:18"},"1.6.1":{"tag":"1.6.1","author":"someguy9","date":"2021-01-12 20:50:37"},"1.6.2":{"tag":"1.6.2","author":"someguy9","date":"2021-02-10 15:03:24"},"1.6.3":{"tag":"1.6.3","author":"someguy9","date":"2021-03-03 21:42:13"},"1.6.4":{"tag":"1.6.4","author":"someguy9","date":"2021-07-24 15:06:30"},"1.6.5":{"tag":"1.6.5","author":"someguy9","date":"2021-09-11 22:06:47"},"1.7.0":{"tag":"1.7.0","author":"someguy9","date":"2022-01-24 15:12:03"},"1.7.1":{"tag":"1.7.1","author":"someguy9","date":"2022-01-28 03:20:11"},"1.7.2":{"tag":"1.7.2","author":"someguy9","date":"2022-07-02 02:42:05"},"1.7.3":{"tag":"1.7.3","author":"someguy9","date":"2023-01-23 16:44:40"},"1.7.4":{"tag":"1.7.4","author":"someguy9","date":"2023-02-19 13:41:55"},"1.7.5":{"tag":"1.7.5","author":"someguy9","date":"2023-03-31 16:48:34"},"1.7.6":{"tag":"1.7.6","author":"someguy9","date":"2023-08-22 23:00:33"},"1.7.7":{"tag":"1.7.7","author":"someguy9","date":"2023-08-31 21:07:29"},"1.7.8":{"tag":"1.7.8","author":"someguy9","date":"2024-03-25 13:44:05"},"1.7.9":{"tag":"1.7.9","author":"someguy9","date":"2026-01-12 15:09:05"},"1.8":{"tag":"1.8","author":"someguy9","date":"2026-01-12 15:09:05"},"1.8.0":{"tag":"1.8.0","author":"someguy9","date":"2026-01-12 15:11:53"}},"upgrade_notice":[],"ratings":{"1":0,"2":0,"3":0,"4":0,"5":3},"assets_icons":{"icon-128x128.png":{"filename":"icon-128x128.png","revision":2302730,"resolution":"128x128","location":"assets","locale":""},"icon-256x256.png":{"filename":"icon-256x256.png","revision":2302730,"resolution":"256x256","location":"assets","locale":""}},"assets_banners":{"banner-1544x500.jpg":{"filename":"banner-1544x500.jpg","revision":2302730,"resolution":"1544x500","location":"assets","locale":""},"banner-772x250.jpg":{"filename":"banner-772x250.jpg","revision":2302730,"resolution":"772x250","location":"assets","locale":""}},"assets_blueprints":{},"all_blocks":[],"tagged_versions":["1.0.0","1.1.0","1.1.1","1.3.0","1.4.0","1.5.0","1.5.1","1.5.2","1.5.3","1.5.4","1.6.0","1.6.1","1.6.2","1.6.3","1.6.4","1.6.5","1.7.0","1.7.1","1.7.2","1.7.3","1.7.4","1.7.5","1.7.6","1.7.7","1.7.8","1.7.9","1.8","1.8.0"],"block_files":[],"assets_screenshots":[],"screenshots":[],"jetpack_post_was_ever_published":false},"plugin_section":[],"plugin_tags":[67511,7643,7642,600],"plugin_category":[54],"plugin_contributors":[91683],"plugin_business_model":[],"class_list":["post-36586","plugin","type-plugin","status-publish","hentry","plugin_tags-anti-click-jacking","plugin_tags-browser-frame-breaking-script","plugin_tags-clickjacking","plugin_tags-security","plugin_category-security-and-spam-protection","plugin_contributors-someguy9","plugin_committers-someguy9"],"banners":{"banner":"https:\/\/ps.w.org\/wp-anti-clickjack\/assets\/banner-772x250.jpg?rev=2302730","banner_2x":"https:\/\/ps.w.org\/wp-anti-clickjack\/assets\/banner-1544x500.jpg?rev=2302730","banner_rtl":false,"banner_2x_rtl":false},"icons":{"svg":false,"icon":"https:\/\/ps.w.org\/wp-anti-clickjack\/assets\/icon-128x128.png?rev=2302730","icon_2x":"https:\/\/ps.w.org\/wp-anti-clickjack\/assets\/icon-256x256.png?rev=2302730","generated":false},"screenshots":[],"raw_content":"<!--section=description-->\n<p>WP Anti-Clickjack is a powerful security plugin that helps prevent your WordPress site from being vulnerable to clickjacking attacks. Clickjacking is a malicious technique where an attacker tricks users into clicking on a concealed link or button by overlaying it on your legitimate website.<\/p>\n\n<p>This plugin implements two key defense mechanisms:<\/p>\n\n<ol>\n<li><p><strong>X-Frame-Options Header<\/strong>: The plugin adds the <code>X-Frame-Options: SAMEORIGIN<\/code> HTTP header to your site's responses. This header instructs web browsers to prevent other websites from embedding your site within an iframe, effectively blocking clickjacking attempts.<\/p><\/li>\n<li><p><strong>OWASP's Legacy Browser Frame Breaking Script<\/strong>: The plugin includes a modified version of OWASP's legacy browser frame breaking script. This script prevents other sites from putting your site in an iframe, even in browsers that don't support the X-Frame-Options header. The script is optimized to work seamlessly in browsers with and without JavaScript enabled.<\/p><\/li>\n<\/ol>\n\n<p>By combining these two security measures, WP Anti-Clickjack provides comprehensive protection against clickjacking attacks, ensuring the safety and integrity of your WordPress site.<\/p>\n\n<p>For more information about clickjacking defense techniques, refer to the <a href=\"https:\/\/cheatsheetseries.owasp.org\/cheatsheets\/Clickjacking_Defense_Cheat_Sheet.html\">OWASP Clickjacking Defense Cheat Sheet<\/a>.<\/p>\n\n<h4>Features<\/h4>\n\n<ul>\n<li>Adds the <code>X-Frame-Options: SAMEORIGIN<\/code> HTTP header to prevent clickjacking<\/li>\n<li>Includes a modified version of OWASP's legacy browser frame breaking script<\/li>\n<li>Compatible with popular page builders and editors like Elementor, Divi, WPBakery, Bricks, Breakdance, Oxygen, and more<\/li>\n<li>Provides filters to disable the anti-clickjacking measures when needed<\/li>\n<li>Easy to install and configure<\/li>\n<li>Regularly updated and tested with the latest WordPress versions<\/li>\n<\/ul>\n\n<h4>Additional Details<\/h4>\n\n<p>If you need to disable the clickjacking JavaScript on a specific page, you can use the following filter in your theme's <code>functions.php<\/code> file:<\/p>\n\n<pre><code>add_filter('wp_anti_clickjack', '__return_false');\n<\/code><\/pre>\n\n<p>To disable the clickjacking X-Frame-Options HTTP header, use this filter in your theme's <code>functions.php<\/code> file:<\/p>\n\n<pre><code>add_filter('wp_anti_clickjack_x_frame_options_header', '__return_false');\n<\/code><\/pre>\n\n<!--section=installation-->\n<ol>\n<li>Download the plugin from the WordPress.org repository or your WordPress admin dashboard.<\/li>\n<li>Upload the plugin files to the <code>\/wp-content\/plugins\/wp-anti-clickjack<\/code> directory, or install the plugin through the WordPress admin interface.<\/li>\n<li>Activate the plugin through the 'Plugins' screen in your WordPress admin.<\/li>\n<li>The plugin will automatically add the necessary anti-clickjacking measures to your site.<\/li>\n<\/ol>\n\n<!--section=faq-->\n<dl>\n<dt id='does%20this%20plugin%20affect%20my%20site%27s%20performance%3F'><h3>Does this plugin affect my site's performance?<\/h3><\/dt>\n<dd><p>No, WP Anti-Clickjack is designed to have minimal impact on your site's performance. The anti-clickjacking measures are applied efficiently without causing any significant overhead.<\/p><\/dd>\n<dt id='is%20this%20plugin%20compatible%20with%20page%20builders%20and%20editors%3F'><h3>Is this plugin compatible with page builders and editors?<\/h3><\/dt>\n<dd><p>Yes, WP Anti-Clickjack is compatible with popular page builders and editors such as Elementor, Divi, WPBakery, Thrive Architect, and more. If you encounter any compatibility issues, please contact me for assistance.<\/p><\/dd>\n<dt id='can%20i%20customize%20the%20anti-clickjacking%20behavior%3F'><h3>Can I customize the anti-clickjacking behavior?<\/h3><\/dt>\n<dd><p>Yes, the plugin provides filters that allow you to disable the clickjacking JavaScript and the X-Frame-Options header when needed. You can use these filters in your theme's <code>functions.php<\/code> file to fine-tune the plugin's behavior.<\/p><\/dd>\n\n<\/dl>\n\n<!--section=changelog-->\n<h4>1.8.0<\/h4>\n\n<ul>\n<li>Tested up to WordPress 6.9<\/li>\n<li>Added support for Bricks Builder<\/li>\n<li>Added support for Breakdance Builder<\/li>\n<li>Added support for Oxygen Builder<\/li>\n<li>Added support for Spectra \/ Starter Templates<\/li>\n<li>Added support for Gutenberg Full Site Editor (FSE)<\/li>\n<li>Fixed bug with referrer host comparison logic<\/li>\n<li>Fixed PHP 8+ compatibility issue with parse_url() error handling<\/li>\n<li>Fixed JavaScript cross-origin exception when framed by attacker sites<\/li>\n<li>Removed deprecated language attribute from script tag<\/li>\n<\/ul>\n\n<h4>1.7.9<\/h4>\n\n<ul>\n<li>Tested up to WordPress 6.5<\/li>\n<\/ul>\n\n<h4>1.7.8<\/h4>\n\n<ul>\n<li>Bug fixes for same origin requests<\/li>\n<\/ul>\n\n<h4>1.7.7<\/h4>\n\n<ul>\n<li>Tested up to WordPress 6.3<\/li>\n<li>Bug fix for Elementor Pro site editor<\/li>\n<\/ul>\n\n<h4>1.7.6<\/h4>\n\n<ul>\n<li>Tested up to WordPress 6.2<\/li>\n<li>PHP warning bug fix<\/li>\n<\/ul>\n\n<h4>1.7.5<\/h4>\n\n<ul>\n<li>Added support for Avada builder<\/li>\n<\/ul>\n\n<h4>1.7.4<\/h4>\n\n<ul>\n<li>Tested up to WordPress 6.1<\/li>\n<\/ul>\n\n<h4>1.7.3<\/h4>\n\n<ul>\n<li>Tested up to WordPress 6.0<\/li>\n<li>Bug fix when using the WP customizer and editing widgets<\/li>\n<\/ul>\n\n<h4>1.7.2<\/h4>\n\n<ul>\n<li>Added support for Divi builder<\/li>\n<\/ul>\n\n<h4>1.7.1<\/h4>\n\n<ul>\n<li>Tested up to WordPress 5.9<\/li>\n<\/ul>\n\n<h4>1.7.0<\/h4>\n\n<ul>\n<li>Added HTTP header X-Frame-Options: SAMEORIGIN to further prevent clickjacking<\/li>\n<\/ul>\n\n<h4>1.6.5<\/h4>\n\n<ul>\n<li>Tested up to WordPress 5.8<\/li>\n<\/ul>\n\n<h4>1.6.4<\/h4>\n\n<ul>\n<li>Tested up to WordPress 5.7<\/li>\n<\/ul>\n\n<h4>1.6.3<\/h4>\n\n<ul>\n<li>Support for Cornerstone Page Builder<\/li>\n<\/ul>\n\n<h4>1.6.2<\/h4>\n\n<ul>\n<li>Support for WPBakery Page Builder<\/li>\n<\/ul>\n\n<h4>1.6.1<\/h4>\n\n<ul>\n<li>Tested up to WordPress 5.6<\/li>\n<\/ul>\n\n<h4>1.6.0<\/h4>\n\n<ul>\n<li>Added filter to disable the anti-clickjack script when needed<\/li>\n<li>Tested up to WordPress 5.5<\/li>\n<\/ul>\n\n<h4>1.5.4<\/h4>\n\n<ul>\n<li>Increase WordPress supported version to 5.4<\/li>\n<\/ul>\n\n<h4>1.5.3<\/h4>\n\n<ul>\n<li>Increase WordPress supported version to 5.3<\/li>\n<\/ul>\n\n<h4>1.5.2<\/h4>\n\n<ul>\n<li>Bug fix for PHP warning<\/li>\n<\/ul>\n\n<h4>1.5.1<\/h4>\n\n<ul>\n<li>Increase WordPress supported version to 5.2.2<\/li>\n<\/ul>\n\n<h4>1.5.0<\/h4>\n\n<ul>\n<li>Bug fix when updating plugins\/themes<\/li>\n<li>Support for Thrive editor<\/li>\n<\/ul>\n\n<h4>1.4.0<\/h4>\n\n<ul>\n<li>Tested up to 4.8.9 and fixed conflicts with Elementor (if you are having an issue with a specific page builder please contact me)<\/li>\n<\/ul>\n\n<h4>1.3.0<\/h4>\n\n<ul>\n<li>Tested up to 4.8.0<\/li>\n<\/ul>\n\n<h4>1.2.0<\/h4>\n\n<ul>\n<li>Tweaked to add anti-clickjacking script to the admin pages<\/li>\n<\/ul>\n\n<h4>1.1.1<\/h4>\n\n<ul>\n<li>Tested up to 4.7.2<\/li>\n<\/ul>\n\n<h4>1.1<\/h4>\n\n<ul>\n<li>Bug fix causing Customizer.php to refresh constantly<\/li>\n<\/ul>\n\n<h4>1.0<\/h4>\n\n<ul>\n<li>Initial Release<\/li>\n<\/ul>","raw_excerpt":"Protect Your WordPress Site From Clickjacking Attacks by Adding the X-Frame-Options Header and Owasp&#039;s Legacy Browser Frame Breaking Script.","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ca.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin\/36586","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ca.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin"}],"about":[{"href":"https:\/\/ca.wordpress.org\/plugins\/wp-json\/wp\/v2\/types\/plugin"}],"replies":[{"embeddable":true,"href":"https:\/\/ca.wordpress.org\/plugins\/wp-json\/wp\/v2\/comments?post=36586"}],"author":[{"embeddable":true,"href":"https:\/\/ca.wordpress.org\/plugins\/wp-json\/wporg\/v1\/users\/someguy9"}],"wp:attachment":[{"href":"https:\/\/ca.wordpress.org\/plugins\/wp-json\/wp\/v2\/media?parent=36586"}],"wp:term":[{"taxonomy":"plugin_section","embeddable":true,"href":"https:\/\/ca.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_section?post=36586"},{"taxonomy":"plugin_tags","embeddable":true,"href":"https:\/\/ca.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_tags?post=36586"},{"taxonomy":"plugin_category","embeddable":true,"href":"https:\/\/ca.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_category?post=36586"},{"taxonomy":"plugin_contributors","embeddable":true,"href":"https:\/\/ca.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_contributors?post=36586"},{"taxonomy":"plugin_business_model","embeddable":true,"href":"https:\/\/ca.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_business_model?post=36586"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}