Title: WP Anti-Clickjack Author: Andy Feliciotti Published: 26 Maio, 2015 Last modified: 12 Janeiro, 2026 --- Procurar plugins ![](https://ps.w.org/wp-anti-clickjack/assets/banner-772x250.jpg?rev=2302730) ![](https://ps.w.org/wp-anti-clickjack/assets/icon-256x256.png?rev=2302730) # WP Anti-Clickjack Por [Andy Feliciotti](https://profiles.wordpress.org/someguy9/) [Descarregar](https://downloads.wordpress.org/plugin/wp-anti-clickjack.1.8.0.zip) * [Detalhes](https://pt.wordpress.org/plugins/wp-anti-clickjack/#description) * [Avaliações](https://pt.wordpress.org/plugins/wp-anti-clickjack/#reviews) * [Instalação](https://pt.wordpress.org/plugins/wp-anti-clickjack/#installation) * [Desenvolvimento](https://pt.wordpress.org/plugins/wp-anti-clickjack/#developers) [Suporte](https://wordpress.org/support/plugin/wp-anti-clickjack/) ## Descrição WP Anti-Clickjack is a powerful security plugin that helps prevent your WordPress site from being vulnerable to clickjacking attacks. Clickjacking is a malicious technique where an attacker tricks users into clicking on a concealed link or button by overlaying it on your legitimate website. This plugin implements two key defense mechanisms: 1. **X-Frame-Options Header**: The plugin adds the `X-Frame-Options: SAMEORIGIN` HTTP header to your site’s responses. This header instructs web browsers to prevent other websites from embedding your site within an iframe, effectively blocking clickjacking attempts. 2. **OWASP’s Legacy Browser Frame Breaking Script**: The plugin includes a modified version of OWASP’s legacy browser frame breaking script. This script prevents other sites from putting your site in an iframe, even in browsers that don’t support the X-Frame-Options header. The script is optimized to work seamlessly in browsers with and without JavaScript enabled. By combining these two security measures, WP Anti-Clickjack provides comprehensive protection against clickjacking attacks, ensuring the safety and integrity of your WordPress site. For more information about clickjacking defense techniques, refer to the [OWASP Clickjacking Defense Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/Clickjacking_Defense_Cheat_Sheet.html). #### Features * Adds the `X-Frame-Options: SAMEORIGIN` HTTP header to prevent clickjacking * Includes a modified version of OWASP’s legacy browser frame breaking script * Compatible with popular page builders and editors like Elementor, Divi, WPBakery, Bricks, Breakdance, Oxygen, and more * Provides filters to disable the anti-clickjacking measures when needed * Easy to install and configure * Regularly updated and tested with the latest WordPress versions #### Additional Details If you need to disable the clickjacking JavaScript on a specific page, you can use the following filter in your theme’s `functions.php` file: ``` add_filter('wp_anti_clickjack', '__return_false'); ``` To disable the clickjacking X-Frame-Options HTTP header, use this filter in your theme’s `functions.php` file: ``` add_filter('wp_anti_clickjack_x_frame_options_header', '__return_false'); ``` ## Instalação 1. Download the plugin from the WordPress.org repository or your WordPress admin dashboard. 2. Upload the plugin files to the `/wp-content/plugins/wp-anti-clickjack` directory, or install the plugin through the WordPress admin interface. 3. Activate the plugin through the ‘Plugins’ screen in your WordPress admin. 4. The plugin will automatically add the necessary anti-clickjacking measures to your site. ## Perguntas frequentes ### Does this plugin affect my site’s performance? No, WP Anti-Clickjack is designed to have minimal impact on your site’s performance. The anti-clickjacking measures are applied efficiently without causing any significant overhead. ### Is this plugin compatible with page builders and editors? Yes, WP Anti-Clickjack is compatible with popular page builders and editors such as Elementor, Divi, WPBakery, Thrive Architect, and more. If you encounter any compatibility issues, please contact me for assistance. ### Can I customize the anti-clickjacking behavior? Yes, the plugin provides filters that allow you to disable the clickjacking JavaScript and the X-Frame-Options header when needed. You can use these filters in your theme’s` functions.php` file to fine-tune the plugin’s behavior. ## Avaliações ![](https://secure.gravatar.com/avatar/6b956ed5c69d0978cfaa740215a86e9efdbb944aff3f2935d902b8079e36ab4c? s=60&d=retro&r=g) ### 󠀁[Brilliant](https://wordpress.org/support/topic/brilliant-1638/)󠁿 [hallbeck](https://profiles.wordpress.org/hallbeck/) 14 Agosto, 2024 1 resposta I was struggling to get my site passed PCI compliance – other plugins just weren’t doing what I needed doing. This plugin worked first time! ![](https://secure.gravatar.com/avatar/12b895053295dc3574bad53f5f34fd4e5190fb767f3230afe17cf30f1cfacea1? s=60&d=retro&r=g) ### 󠀁[Extra security is always good!](https://wordpress.org/support/topic/extra-security-is-always-good/)󠁿 [clankiller](https://profiles.wordpress.org/clankiller/) 12 Junho, 2023 Thanks guys extra security is always good! ![](https://secure.gravatar.com/avatar/78dc4f453f0efdeb750b2fd3185b47d88c6c4d78ab2441b0957a3ab27fb32a32? s=60&d=retro&r=g) ### 󠀁[It works!](https://wordpress.org/support/topic/it-works-1964/)󠁿 [Avlis Productions Inc.](https://profiles.wordpress.org/josesilvacourses/) 14 Setembro, 2020 1 resposta Someone signed up for our affiliate program and started replacing our domain name with their domain names, using domain masking. This plugin stopped them dead in their tracks. Now when you key in any of their domains, you get a blank page. Perfect! Thanks for this fabulous plugin. [ Ler todas as 3 avaliações ](https://wordpress.org/support/plugin/wp-anti-clickjack/reviews/) ## Contribuidores e programadores “WP Anti-Clickjack” é software de código aberto. As seguintes pessoas contribuíram para este plugin: Contribuidores * [ Andy Feliciotti ](https://profiles.wordpress.org/someguy9/) [Traduza o “WP Anti-Clickjack” para o seu idioma.](https://translate.wordpress.org/projects/wp-plugins/wp-anti-clickjack) ### Interessado no desenvolvimento? [Consulte o código](https://plugins.trac.wordpress.org/browser/wp-anti-clickjack/), consulte o [repositório SVN](https://plugins.svn.wordpress.org/wp-anti-clickjack/), ou subscreva o [registo de alterações](https://plugins.trac.wordpress.org/log/wp-anti-clickjack/) por [RSS](https://plugins.trac.wordpress.org/log/wp-anti-clickjack/?limit=100&mode=stop_on_copy&format=rss). ## Registo de alterações #### 1.8.0 * Tested up to WordPress 6.9 * Added support for Bricks Builder * Added support for Breakdance Builder * Added support for Oxygen Builder * Added support for Spectra / Starter Templates * Added support for Gutenberg Full Site Editor (FSE) * Fixed bug with referrer host comparison logic * Fixed PHP 8+ compatibility issue with parse_url() error handling * Fixed JavaScript cross-origin exception when framed by attacker sites * Removed deprecated language attribute from script tag #### 1.7.9 * Tested up to WordPress 6.5 #### 1.7.8 * Bug fixes for same origin requests #### 1.7.7 * Tested up to WordPress 6.3 * Bug fix for Elementor Pro site editor #### 1.7.6 * Tested up to WordPress 6.2 * PHP warning bug fix #### 1.7.5 * Added support for Avada builder #### 1.7.4 * Tested up to WordPress 6.1 #### 1.7.3 * Tested up to WordPress 6.0 * Bug fix when using the WP customizer and editing widgets #### 1.7.2 * Added support for Divi builder #### 1.7.1 * Tested up to WordPress 5.9 #### 1.7.0 * Added HTTP header X-Frame-Options: SAMEORIGIN to further prevent clickjacking #### 1.6.5 * Tested up to WordPress 5.8 #### 1.6.4 * Tested up to WordPress 5.7 #### 1.6.3 * Support for Cornerstone Page Builder #### 1.6.2 * Support for WPBakery Page Builder #### 1.6.1 * Tested up to WordPress 5.6 #### 1.6.0 * Added filter to disable the anti-clickjack script when needed * Tested up to WordPress 5.5 #### 1.5.4 * Increase WordPress supported version to 5.4 #### 1.5.3 * Increase WordPress supported version to 5.3 #### 1.5.2 * Bug fix for PHP warning #### 1.5.1 * Increase WordPress supported version to 5.2.2 #### 1.5.0 * Bug fix when updating plugins/themes * Support for Thrive editor #### 1.4.0 * Tested up to 4.8.9 and fixed conflicts with Elementor (if you are having an issue with a specific page builder please contact me) #### 1.3.0 * Tested up to 4.8.0 #### 1.2.0 * Tweaked to add anti-clickjacking script to the admin pages #### 1.1.1 * Tested up to 4.7.2 #### 1.1 * Bug fix causing Customizer.php to refresh constantly #### 1.0 * Initial Release ## Metadados * Versão **1.8.0** * Última actualização **Há 3 meses** * Instalações activas **4.000+** * Versão do WordPress ** 5.0.0 ou superior ** * Testado até **6.9.4** * Idioma * [English (US)](https://wordpress.org/plugins/wp-anti-clickjack/) * Etiquetas * [Browser Frame Breaking Script](https://pt.wordpress.org/plugins/tags/browser-frame-breaking-script/) [clickjacking](https://pt.wordpress.org/plugins/tags/clickjacking/)[security](https://pt.wordpress.org/plugins/tags/security/) * [Visualização avançada](https://pt.wordpress.org/plugins/wp-anti-clickjack/advanced/) ## Classificações 5 out of 5 stars. * [ 3 5-star reviews ](https://wordpress.org/support/plugin/wp-anti-clickjack/reviews/?filter=5) * [ 0 4-star reviews ](https://wordpress.org/support/plugin/wp-anti-clickjack/reviews/?filter=4) * [ 0 3-star reviews ](https://wordpress.org/support/plugin/wp-anti-clickjack/reviews/?filter=3) * [ 0 2-star reviews ](https://wordpress.org/support/plugin/wp-anti-clickjack/reviews/?filter=2) * [ 0 1-star reviews ](https://wordpress.org/support/plugin/wp-anti-clickjack/reviews/?filter=1) [Your review](https://wordpress.org/support/plugin/wp-anti-clickjack/reviews/#new-post) [See all reviews](https://wordpress.org/support/plugin/wp-anti-clickjack/reviews/) ## Contribuidores * [ Andy Feliciotti ](https://profiles.wordpress.org/someguy9/) ## Suporte Tem algo a dizer? Precisa de ajuda? [Ver fórum de suporte](https://wordpress.org/support/plugin/wp-anti-clickjack/) ## Doar Gostaria de apoiar o desenvolvimento deste plugin? [ Fazer donativo para o plugin ](https://www.buymeacoffee.com/someguy)