In this article, I am going to show you how you can block other websites from embedding your web pages (running on WordPress), on their own site using Iframes, or other similar HTML tags used for embedding content, like embed and object.
As we know, the iframe tag of HTML allows us to embed any other webpage on our own webpage and show it as a part of our own content.
However, some websites may misuse the feature to show copyrighted materials of other sites, on their own webpages, without the owner’s permission. That is why, many top websites like Google, Facebook and Yahoo, do not allow other websites to embed their webpages. If someone tries to embed their webpages, this is what they get in return:
This is because, these websites have instructed the browser, not to allow external embeds of their websites.
How To Block External Embeds Of Your WordPress Site (Do Not Allow Other Websites To Embed Your Site)
To prevent cross-origin embedding and prevent other sites from embedding your WordPress site on their own pages, follow the instructions given below.
Option 1: Allow Same Origin Embeds, But Block Cross Origin
If you would like to keep the ability to embed parts of your website on your own webpages but block other websites from embedding your site, then you must allow only same-origin embeds.
To do that, simply copy the code given below.
//Only I can embed my WordPress site
function trb_no_embedding_headers()
{
header( "X-Frame-Options: SAMEORIGIN", true );
header( "Content-Security-Policy: frame-ancestors 'self'", true );
}
add_action( 'login_init', 'trb_no_embedding_headers');
add_action( 'admin_init', 'trb_no_embedding_headers');
add_action( 'template_redirect', 'trb_no_embedding_headers');And paste the code inside your functions.php file using the FTP software you use.
Option 2: Block All Types Of Embeds
In case you neither want to embed parts of your website in other webpages of your own nor allow external websites to embed your site, then copy the following code.
//No one can embed by WordPress site
function trb_no_embedding_headers()
{
header( "X-Frame-Options: DENY", true );
header( "Content-Security-Policy: frame-ancestors 'none'", true );
}
add_action( 'login_init', 'trb_no_embedding_headers');
add_action( 'admin_init', 'trb_no_embedding_headers');
add_action( 'template_redirect', 'trb_no_embedding_headers');And paste the code inside your functions.php file using any FTP software of your choice, or using the Theme Editor from WordPress dashboard.
Adding The Code To Your Site
Option 1: Using FTP
You can add the code inside your functions.php file, which can be found inside wp-content -> themes -> your installed theme folder, using a FTP software like FileZilla.
Once you open the functions.php file, add the copied code at the bottom, and save the file.
Option 2: Using WordPress’s Built-in Theme Editor
You can also add the code snippet to your functions.php file using WordPress’s built-in theme editor.
Go to Themes -> Theme Editor from the left menu of WordPress.
Now, from the Theme Files on your right hand side, choose the functions.php file.
Now scroll down till the bottom of the functions.php file and paste the code that you copied.
Finally, hit the “Update File” button.
Option 3: Inside A Custom Plugin
If you’re familiar with WordPress plugin development, you can also put this code inside a WordPress plugin.
Option 4: Using A Custom PHP Functions Plugin
You may also use plugins like Code Snippets or My Custom Functions to insert the code.
Important: Please note that every time there’s a new update to your theme, the functions.php file is replaced by the original version. Thus, in that case, you would need to add the code to your functions.php file again. To avoid that, I would highly recommend using Option 3 or Option 4, as those would remain intact even when the theme is updated.
So, that’s how you block external websites from embedding your web pages on WordPress!
I hope this guide was helpful to you. Feel free to comment down if you face any problem or have any doubt regarding this article, I’ll try my best to help you out!
0 Comments: