[WordPress] 外掛分享： WP Anti-Clickjack

Name: WP Anti-Clickjack
Rating: 5 (3 reviews)
Author: someguy9

4,000+

安裝啟用

★★★★★

5/5 分（3 則評價）

66 天前

最後更新

—

問題解決

WordPress 5.0.0+ v1.8.0 上架：2015-05-25

內容目錄

1 內容簡介
2 外掛標籤
3 開發者團隊
4 原文外掛簡介

內容簡介

這個外掛可以在你的網站上加入 X-Frame-Options SAMEORIGIN，並使用 OWASP（Open Web Application Security Project）的古老瀏覽器窗口破壞腳本的修改版本來防止點擊劫持攻擊。該腳本已經改進，使得不支持 Javascript 的瀏覽器也可以使用（包括支持 Javascript 的瀏覽器）。這個額外的腳本可以為了安全起見防止其他網站在 iFrame 中嵌入你的網站。

你可以在 OWASP 閱讀更多有關防範點擊劫持攻擊的資訊。

其他細節

如果你想要在某個頁面上禁用點擊劫持的 JavaScript，可以在你的主題的 functions.php 文件中使用以下篩選器：

add_filter('wp_anti_clickjack', '__return_false' );

如果你想要禁用點擊劫持頭部的 X-Frame-Options HTTP，可以在你的主題的 functions.php 文件中使用以下篩選器：

add_filter('wp_anti_clickjack_x_frame_options_header', '__return_false' );

外掛標籤

security clickjacking anti click jacking Browser Frame Breaking Script

開發者團隊

👤 someguy9

⬇ 下載最新版 (v1.8.0) 或搜尋安裝

① 下載 ZIP → 後台「外掛 › 安裝外掛 › 上傳外掛」
② 後台搜尋「WP Anti-Clickjack」→ 直接安裝（推薦）

📦 歷史版本下載

1.8 1.0.0 1.1.0 1.1.1 1.3.0 1.4.0 1.5.0 1.5.1 1.5.2 1.5.3 1.5.4 1.6.0 1.6.1 1.6.2 1.6.3 1.6.4 1.6.5 1.7.0 1.7.1 1.7.2 1.7.3 1.7.4 1.7.5 1.7.6 1.7.7 1.7.8 1.7.9 1.8.0 trunk

原文外掛簡介

WP Anti-Clickjack is a powerful security plugin that helps prevent your WordPress site from being vulnerable to clickjacking attacks. Clickjacking is a malicious technique where an attacker tricks users into clicking on a concealed link or button by overlaying it on your legitimate website.
This plugin implements two key defense mechanisms:

X-Frame-Options Header: The plugin adds the X-Frame-Options: SAMEORIGIN HTTP header to your site’s responses. This header instructs web browsers to prevent other websites from embedding your site within an iframe, effectively blocking clickjacking attempts.

OWASP’s Legacy Browser Frame Breaking Script: The plugin includes a modified version of OWASP’s legacy browser frame breaking script. This script prevents other sites from putting your site in an iframe, even in browsers that don’t support the X-Frame-Options header. The script is optimized to work seamlessly in browsers with and without JavaScript enabled.

By combining these two security measures, WP Anti-Clickjack provides comprehensive protection against clickjacking attacks, ensuring the safety and integrity of your WordPress site.
For more information about clickjacking defense techniques, refer to the OWASP Clickjacking Defense Cheat Sheet.
Features

Adds the X-Frame-Options: SAMEORIGIN HTTP header to prevent clickjacking
Includes a modified version of OWASP’s legacy browser frame breaking script
Compatible with popular page builders and editors like Elementor, Divi, WPBakery, Bricks, Breakdance, Oxygen, and more
Provides filters to disable the anti-clickjacking measures when needed
Easy to install and configure
Regularly updated and tested with the latest WordPress versions

Additional Details
If you need to disable the clickjacking JavaScript on a specific page, you can use the following filter in your theme’s functions.php file:
add_filter('wp_anti_clickjack', '__return_false');

To disable the clickjacking X-Frame-Options HTTP header, use this filter in your theme’s functions.php file:
add_filter('wp_anti_clickjack_x_frame_options_header', '__return_false');

文章

文章

內容簡介

外掛標籤

開發者團隊

原文外掛簡介

Apply Filters