How To Easily Stop Your Site From Being Loaded In A Frame

As of WordPress 3.1.3, it’s really easy to prevent unscrupulous web developers from displaying your site in a frame. Just add this one-liner to your functions.php file:

add_action('init', 'send_frame_options_header', 10, 0);

Now any other site that tries to load your WP blog in a frame will get this instead:

Example error message screenshot (from Internet Explorer)

(The actual error message will vary depending on the browser. The  above screenshot is from Internet Explorer 9. Some browsers may display a blank page instead.)

This trick works in the following browsers:

  • Internet Explorer 8.0+
  • Firefox 3.6.9+
  • Opera 10.50+
  • Safari 4.0+
  • Chrome 4.1+

Note that this is not the same as “frame busting” or “frame-breaking”.  For that, use a plugin like Frame Buster.

Bonus tip

Even if you don’t set up any frame-thwarting defences yourself, WordPress will by default prevent other sites from framing your WP admin. If that’s not what your want – e.g. because you actually need to load the site in a frame for whatever reason – you can turn off this behaviour by adding the following code to your functions.php:

remove_action('login_init', 'send_frame_options_header', 10, 0);
remove_action('admin_init', 'send_frame_options_header', 10, 0);

Related posts :

Leave a Reply