Enable Wordpress X-Frame Options with .htaccess

Pssst, you can skip to the code sample if you like

As a result of the Covid-19 closures my wife lost her regular income work as a Yoga Teacher when all the gyms, schools, and studios closed down.

Her, like a lot of other people in this situation, turned to the online world to continue to practice their craft and to try and maintain a level of income. We set up a private members area of the site using Restrict Content Pro and stream live yoga classes and provide recordings of past classes to for a monthly subscription fee.

As a result of this I’ve noticed an increase number of hacking attempts on the site and as a result I wanted to try and secure the site as much as I could.

One of those things included enabling X-Frame Options to be Same Origin only, which I’ve managed with the following code snippet set up within the .htaccess file on the site


# Extra Security Headers
<IfModule mod_headers.c>
	Header set X-XSS-Protection "1; mode=block"
	Header always append X-Frame-Options SAMEORIGIN
	Header set X-Content-Type-Options nosniff
</IfModule>

Enable WordPress X-Frame Options with .htaccess

Configuring HTTP2 Push with WordPress

Why isn’t my iframe loading?

Allow file directory listing using .htaccess