What is Clickjacking Protection in WordPress?

By Sanjeev Mishra | May 26, 2011

WordPress 3.1.3 is released with lot many security fixes and enhancements. One of the added security feature is Clickjacking protection for modern browsers. So what is Clickjacking protection and how this added security is going to help WordPress users? Here is how you are going to get a security layer in your favorite blogging platform because of this Clickjacking protection.

clickjacking-wordpress-protectionClickjacking is a trick performed by hackers to get confidential information or to cheat users and force them to perform action which they don’t want to do. For example, they add a transparent layer on the webpage and user will not see the actual button available. He or She will click the button to perform certain action but as the hacker has used Clickjacking and added another button above that and will get what He or She wants. For example, even by clicking a video play button on Facebook, you become a member of certain community or unintentionally like certain page which you don’t want to like. Use these security awareness training materials to boost your security skills.

According to Wikipedia,

A clickjacked page tricks a user into performing undesired actions by clicking on a concealed link. On a clickjacked page, the attackers show a set of dummy buttons, then load another page over it in a transparent layer. The users think that they are clicking the visible buttons, while they are actually performing actions on the hidden page.

To avoid this kind of hacking on WordPress login and admin pages, WP team had added Clickjacking protection for modern browsers. WordPress community should welcome this kind of security updates and upgrade to the latest version of WordPress to have protected installation. Then if you are faced with charges of cyber crime you will be needing an experienced cyber crime lawyer so that they can defend you, as that will vastly improve your chances.

Leave a Reply

Your email address will not be published. Required fields are marked *