Custom Login iframe doesn't work in WordPress

I have a custom login window that I am building. The client requires a modal window for the login, so I have to use HTTP (for performance) for the regular page, and HTTPS for the login window (in the iframe for security), because of this, I get the error:

Refused to display ‘https://www.wordpress.com/wp-login.php‘ in a frame because it set ‘X-Frame-Options’ to ‘SAMEORIGIN’.
Read More
Use WordPress Login for a non-wordpress site
custom login page redirect to logged in user profile page
Replace wordpress login logo with custom text

I’m sure that this is a security feature so people can’t iframe the wp-login.php page, but I want to remove it so this login will work properly. Is there anyway to remove the 'SAMEORIGIN' protection for the wp-login.php page?

Post Views: 2

1 comment

After doing some more research, I found this post: how can i embed wordpress backend in iframe. While the question it was asking didn’t relate, the answer that toscho gave did. I’m reposting it here so it can be associated without click through:

By default WordPress sends an HTTP header to prevent iframe embedding
on /wp_admin/ and /wp-login.php:

X-Frame-Options: SAMEORIGIN That’s a security feature. If you want to
remove this header remove the filters:

remove_action( 'login_init', 'send_frame_options_header' );
remove_action( 'admin_init', 'send_frame_options_header' );

Comments are closed.

Related posts

1 comment

Social Network