Enable WordPress X-Frame Options with .htaccess
Pssst, you can skip to the code sample if you like
As a result of the Covid-19 closures my wife lost her regular income work as a Yoga Teacher when all the gyms, schools, and studios closed down.
Her, like a lot of other people in this situation, turned to the online world to continue to practice their craft and to try and maintain a level of income. We set up a private members area of the site using Restrict Content Pro and stream live yoga classes and provide recordings of past classes to for a monthly subscription fee.
As a result of this I’ve noticed an increase number of hacking attempts on the site and as a result I wanted to try and secure the site as much as I could.
One of those things included enabling X-Frame Options to be Same Origin only, which I’ve managed with the following code snippet set up within the .htaccess file on the site
# Extra Security Headers <IfModule mod_headers.c> Header set X-XSS-Protection "1; mode=block" Header always append X-Frame-Options SAMEORIGIN Header set X-Content-Type-Options nosniff </IfModule>