Since version 3.4 (or earlier?) WordPress sends a special HTTP header (not in HTML) on login and admin pages:
X-Frame-Options: SAMEORIGIN
So your browser will show you some text built into the browser, not sent from WordPress.
From wp-includes/default-filters.php
:
add_action( 'login_init', 'send_frame_options_header', 10, 0 );
add_action( 'admin_init', 'send_frame_options_header', 10, 0 );
You could create a plugin and disable these headers:
remove_action( 'login_init', 'send_frame_options_header' );
remove_action( 'admin_init', 'send_frame_options_header' );
But then your login can be used for clickjacking. Someone might register a domain with a very similar name, embed your login as background iframe and log the login credentials when you try to type them in.
That’s not fictional. It actually happened, that’s why WordPress implemented this.
Drop the iframe
. Try to find a better solution.
Related Posts:
- Access log “POST /wp-login.php HTTP/1.0” 400
- How to invalidate `password reset key` after being used
- Is there any way to rename or hide wp-login.php?
- Increase of failed login attempts, brute force attacks? [closed]
- SSO / authentication integration with external ‘directory service’
- How to prefill WordPress registration with social details
- ‘Password field is empty’ error when using autofill in Chrome
- Woocommerce registration page [closed]
- WordPress registration message
- How to remove the WordPress logo from login and register page?
- Brute force attack?
- Login email after registration never sent or received
- Integrate recaptcha and wp_signon – what is needed?
- I want to disable E-Mail verifcation / activation when a user signs up for my WordPress site
- How do I check if a post is private?
- How to customise wp-login.php only for users who are setting a password for the first time?
- What hooks should I use for pre-login and pre-registration actions?
- Websites defaced by uploading script using theme editor
- Warning: Cannot modify header information – headers already sent
- wp-admin seems to be redirecting
- Change register form action url
- Problem with logging in WP users automatically
- Is it possible a one click user registration with Facebook or Twitter (or other Social Networks)?
- WordPress login urls
- Register/Login using only phone number?
- Can’t Login to WordPress, No Data Received Error
- Customizing login error messages
- Store brute-force IP addresses
- screwed-up my blog..what should I do
- How to create a private login page for admin.?
- How do I force “users must be registered and logged in” on subsites?
- WordPress Security – How to block alternative WordPress access
- Protecting WordPress login page
- wp-admin folder, brute force, and password protection
- How can I find the login page? It was lost after moving the site
- How To Change Wp Register/Login URL Permanently To My Custom Page
- Show errors on custom login form [duplicate]
- How to modify the action attribute of the wp-login.php?action=register form?
- Correct passwords keep appearing as incorrect
- Should I encrypt the response that triggers an Ajax action? Is nonce sufficient?
- disable site_url redirect in wp-login.php
- Disabling standard registration login with username/email and password?
- Login form doesn’t log in
- Get the url of custom login page in the registration page
- Why would the login page reload indefinitely?
- WordPress error on log out ‘Not Permitted’ and can’t log out
- By registering always make uppercase the first letter of the login
- Show reCaptcha on Custom Frontend Login & Register Form [closed]
- Best option to implement external register/login to WP from self-made API
- Auto Login After Registration
- Creating custom login errors
- Disable all other page except index,register,login till user login
- Is wp_login_form secure on a non secure page?
- What speaks against using a custom login.php / register.php to wordpress?
- WordPress login security
- Why isn’t the login page rate limited by default?
- Why is wp-login trying to send an email?
- How can I password protect a WordPress site without requiring users to log in?
- Input sanitation
- How to Prevent Brute Force Attack on WordPress
- Advice on redirect to lock site from unauthorized users
- Sending new registration meta values to admin by email
- I can’t access my WordPress dashboard – shows Warning message [closed]
- Where is the php file, that does the checks for login information?
- Error on WordPress Login
- Are login functions considered part of the WP backend?
- WordPress registration page template
- Removing “public” user registration without completely turning it off?
- force login loophole
- Disable registration on certain condition
- what is the best and safest way to allow users to register to site
- I need to find which is the file that checks the DB for correct login (username, password)
- How to create separate login for authors/moderators/subscribers?
- ERROR: Cookies are blocked due to unexpected output (no FTP access)
- Unable to login my wordpress website
- Help! ERROR: Cookies are blocked due to unexpected output on attempting to login to resolve an issue with my site
- Updated : how to make email optional while user registration using default wordpress form
- Problem in auto login after registration
- Can’t login to wordpress, got ERR_EMPTY_RESPONSE after a few minutes
- ERROR: Cookies are blocked due to unexpected output – ultimate solution
- Site is not loading after relogin attempts on SSL
- Login screen keeps resetting?
- Chosen user password in registration is not being accepted on Login
- WordPress auto login user after registration only from a specific page
- User account activation links are lacking query strings
- Some crawlers/bots attempting to login with very good guesses. How?
- Login user after registration programmatically
- How to place wp-login.php in page or page template?
- How to get rid of the username of registration form in theme my login wp plugin?
- Hide wp-login.php but not the widget
- Where do I find “log in” and “register” link which are located on the top right corner?
- How to force login after user browses for a few minutes or browses a few pages?
- Registration and Login form
- WordPress and Magento: let WordPress manage user registration and logins?
- Trying to create a log in system but getting error “Parse error: syntax error, unexpected ‘else’ (T_ELSE) ” [closed]
- how to add custom word press regisration form in word press 3.5 with out module [closed]
- Click on banner to register to the blog
- How to put Login, Register and newsletter widget on the same page?
- Member Area Login with Fail Message
- How to create a fully functional user registration in WordPress?