Securing site to click jacking

• 

  veretax · Member · Mar 31, 2022 at 6:50 pm

  • Copy link
  • Add topic to favorites

  We are exploring using our wordpress site as a potential fail over site in the event of internet outage or cyber event preventing our on premisis Site from loading.

  However, when I ran a web vulnerability scan on the blog, it mentioned a vulnerability: ‘Web Application Potentially Vulnerable to Clickjacking’.

  Fixing this involves setting a Content-Security-Policy related to frame-ancesotors (and or returning the X-Frame-Options) What I’m trying to find out is whether options to do just that are in the dashboard/settings section of our blog site so I can adjust this to prevent this type of attack, or does it require some kind of modification or plugin to handle it?

  Seeking advice, as we consider options to ensure our users have access to basic information in the event of an incident.

  WP.com: Yes
  Correct account: Unknown

  The blog I need help with is: (visible only to moderators and staff)

• 

  staff-sheva · Staff · Mar 31, 2022 at 9:14 pm

  • Copy link

  Hi @veretax,

  I checked and it looks like sites under your account are hosted by WordPress.com VIP.

  We’re unable to provide help for sites on our VIP hosting platform in these forums. This forum only provides support for basic free WordPress.com sites, and our VIP hosting platform differs significantly in how it works, so we cannot provide direct assistance to your particular issue.

  You can reach out to the VIP support team via the support form under VIP → Dashboard in wp-admin for help with this.

  Hope that helps.

• 

  montgomeryva · Member · Apr 1, 2022 at 3:19 pm

  • Copy link

  Call me crazy, but when I logged in with the account it was registered under to wp_admin I don’t see the characters VIP together anywhere that I can see. Am i just blind?

• 

  staff-sheva · Staff · Apr 1, 2022 at 4:32 pm

  • Copy link

  Hi @montgomeryva,

  Looking at your account, it doesn’t appear that you’re WordPress.com VIP customer. This is a separate service offered by Automattic.

• 

  montgomeryva · Member · Apr 1, 2022 at 5:49 pm

  • Copy link

  So sounds like noone can answer the question about how to adjust Content Security Policy Settings for a WordPress.com instance. I looked all through the online help and found practically nothing of technical value on the subject.

• 

  staff-blorbo · Staff · Apr 1, 2022 at 5:58 pm

  • Copy link

  This can be changed on WordPress.com sites by way of plugins, which will require a paid Pro plan: https://wordpress.com/pricing/