前言介紹
- 這款 WordPress 外掛「WP Anti-Clickjack」是 2015-05-25 上架。
- 目前有 4000 個安裝啟用數。
- 上一次更新是 2024-03-25,距離現在已有 405 天。超過一年沒更新,安裝要確認版本是否可用。以及後續維護問題!
- 外掛最低要求 WordPress 5.0.0 以上版本才可以安裝。
- 有 3 人給過評分。
- 還沒有人在論壇上發問,可能目前使用數不多,還沒有什麼大問題。
外掛協作開發者
someguy9 |
外掛標籤
security | clickjacking | anti click jacking | Browser Frame Breaking Script |
內容簡介
這個外掛可以在你的網站上加入 X-Frame-Options SAMEORIGIN,並使用 OWASP(Open Web Application Security Project)的古老瀏覽器窗口破壞腳本的修改版本來防止點擊劫持攻擊。該腳本已經改進,使得不支持 Javascript 的瀏覽器也可以使用(包括支持 Javascript 的瀏覽器)。這個額外的腳本可以為了安全起見防止其他網站在 iFrame 中嵌入你的網站。
你可以在 OWASP 閱讀更多有關防範點擊劫持攻擊的資訊。
其他細節
如果你想要在某個頁面上禁用點擊劫持的 JavaScript,可以在你的主題的 functions.php 文件中使用以下篩選器:
add_filter('wp_anti_clickjack', '__return_false' );
如果你想要禁用點擊劫持頭部的 X-Frame-Options HTTP,可以在你的主題的 functions.php 文件中使用以下篩選器:
add_filter('wp_anti_clickjack_x_frame_options_header', '__return_false' );
原文外掛簡介
WP Anti-Clickjack is a powerful security plugin that helps prevent your WordPress site from being vulnerable to clickjacking attacks. Clickjacking is a malicious technique where an attacker tricks users into clicking on a concealed link or button by overlaying it on your legitimate website.
This plugin implements two key defense mechanisms:
X-Frame-Options Header: The plugin adds the X-Frame-Options: SAMEORIGIN HTTP header to your site’s responses. This header instructs web browsers to prevent other websites from embedding your site within an iframe, effectively blocking clickjacking attempts.
OWASP’s Legacy Browser Frame Breaking Script: The plugin includes a modified version of OWASP’s legacy browser frame breaking script. This script prevents other sites from putting your site in an iframe, even in browsers that don’t support the X-Frame-Options header. The script is optimized to work seamlessly in browsers with and without JavaScript enabled.
By combining these two security measures, WP Anti-Clickjack provides comprehensive protection against clickjacking attacks, ensuring the safety and integrity of your WordPress site.
For more information about clickjacking defense techniques, refer to the OWASP Clickjacking Defense Cheat Sheet.
Features
Adds the X-Frame-Options: SAMEORIGIN HTTP header to prevent clickjacking
Includes a modified version of OWASP’s legacy browser frame breaking script
Compatible with popular page builders and editors like Elementor, Divi, WPBakery, and more
Provides filters to disable the anti-clickjacking measures when needed
Easy to install and configure
Regularly updated and tested with the latest WordPress versions
Additional Details
If you need to disable the clickjacking JavaScript on a specific page, you can use the following filter in your theme’s functions.php file:
add_filter('wp_anti_clickjack', '__return_false');
To disable the clickjacking X-Frame-Options HTTP header, use this filter in your theme’s functions.php file:
add_filter('wp_anti_clickjack_x_frame_options_header', '__return_false');
各版本下載點
- 方法一:點下方版本號的連結下載 ZIP 檔案後,登入網站後台左側選單「外掛」的「安裝外掛」,然後選擇上方的「上傳外掛」,把下載回去的 ZIP 外掛打包檔案上傳上去安裝與啟用。
- 方法二:透過「安裝外掛」的畫面右方搜尋功能,搜尋外掛名稱「WP Anti-Clickjack」來進行安裝。
(建議使用方法二,確保安裝的版本符合當前運作的 WordPress 環境。
1.0.0 | 1.1.0 | 1.1.1 | 1.3.0 | 1.4.0 | 1.5.0 | 1.5.1 | 1.5.2 | 1.5.3 | 1.5.4 | 1.6.0 | 1.6.1 | 1.6.2 | 1.6.3 | 1.6.4 | 1.6.5 | 1.7.0 | 1.7.1 | 1.7.2 | 1.7.3 | 1.7.4 | 1.7.5 | 1.7.6 | 1.7.7 | 1.7.8 |
延伸相關外掛(你可能也想知道)
暫無相關外掛推薦。