WP Anti-Clickjack
Protect Your WordPress Site From Clickjacking Attacks by Adding the X-Frame-Options Header and Owasp's Legacy Browser Frame Breaking Script.
5(3 reviews)
·4.0K+ active installs·Updated 2 months agoAs of April 2026, WP Anti-Clickjack is a WordPress security plugin with 4.0K+ active installations and a 5/5 rating from 3 reviews. It has been downloaded 47K+ times in total. Requires WordPress 5.0.0+ and PHP false+. Available on WordPress.org since 2015. Recently updated within the last 3 months. Download volume is stable this week. Top alternative: Wordfence Security – Firewall, Malware….
5/53 reviews
4.0K+active installs
47K+total downloads
11 yearssince 2015
Overview
WP Anti-Clickjack is a powerful security plugin that helps prevent your WordPress site from being vulnerable to clickjacking attacks. Clickjacking is a malicious technique where an attacker tricks users into clicking on a concealed link or button by overlaying it on your legitimate website.
This plugin implements two key defense mechanisms:
-
X-Frame-Options Header: The plugin adds the
X-Frame-Options: SAMEORIGINHTTP header to your site’s responses. This header instructs web browsers to prevent other websites from embedding your site within an iframe, effectively blocking clickjacking attempts. -
OWASP’s Legacy Browser Frame Breaking Script: The plugin includes a modified version of OWASP’s legacy browser frame breaking script. This script prevents other sites from putt…
Ratings & Reviews
53 reviews
5 ★
3
4 ★
0
3 ★
0
2 ★
0
1 ★
0
Recent Reviews
Brilliant
by hallbeck·1 year ago·1 reply
I was struggling to get my site passed PCI compliance – other plugins just weren’t doing what I needed doing.
This plugin worked first time!
Extra security is always good!
by clankiller·2 years ago
Thanks guys extra security is always good!
It works!
by Avlis Productions Inc.·5 years ago·1 reply
Someone signed up for our affiliate program and started replacing our domain name with their domain names, using domain masking.
This plugin stopped them dead in their tracks.
Now when you key in any of their domains, you get a blank page.
Perfect!
Thanks for this fabulous plugin.
- This topic was modified 5 years, 6 months ago by Avlis Productions Inc..
Download Trends
Today: 25Yesterday: 52This week: 140Period total: 8K
Compatibility
| WordPress | 5.0.0+ requiredTested up to 6.9.4 |
| PHP | false+ required |
Version Adoption
v1.8
61.3%
v1.7
38.7%
Top Alternatives to WP Anti-Clickjack
Frequently Asked Questions
Changelog
1.8.0
- Tested up to WordPress 6.9
- Added support for Bricks Builder
- Added support for Breakdance Builder
- Added support for Oxygen Builder
- Added support for Spectra / Starter Templates
…and 5 more changes
Contributors
Plugin data sourced from WordPress.org. Analysis and metrics by PluginSift.