Preventing Clickjacking on WordPress Sites
WordPress already sends the X-FRAME-OPTIONS header for wp-login.php and the Admin Panels in order to prevent clickjacking, but it doesn’t send it on the front end because that could interfere with remote services that legitimately frame parts of a site. That’s only relevant for a small number of pages, though, so I’ve added a snippet to my functionality plugin skeleton […]