WordPress.org

Make WordPress Core

Opened 4 years ago

Last modified 2 years ago

#12293 closed defect (bug)

Frame Busting in the Admin — at Initial Version

Reported by: ryan Owned by: ryan
Milestone: 3.1 Priority: normal
Severity: normal Version:
Component: Security Keywords:
Focuses: Cc:

Description

We discussed this before when Twitter was suffering from the iframe clickjacking attacks. Such attacks are much harder to do on individual WP sites than on big sites like Twitter and wp.com. They are still possible though, so we should consider integrating frame busting. The problem is that frame busting does break some plugins. Plugins would need API to turn of frame busting for their pages and would have to update to use that API.

Change History (0)

Note: See TracTickets for help on using tickets.