I have 2 websites http://www.aaa.com and http://www.bbb.com and need them to show the same.
Now I put an iframe in index.html and upload to aaa.com. It's ok for frontend but it's doesn't work for backend, where it shows a blank page.
Can anyone suggest me how I can solve this problem ?
Topic authorization iframe security Wordpress
Category Web
Tried to extend the version of @toscho
//remove the restriction
remove_action( 'login_init', 'send_frame_options_header' );
remove_action( 'admin_init', 'send_frame_options_header' );
//for added security
add_action( 'login_init', 'Access_Control_Allow_Origin' );
add_action( 'admin_init', 'Access_Control_Allow_Origin' );
function Access_Control_Allow_Origin(){
$origin=get_http_origin();
$allowed_origins=array(//add your domains or keeps empty
"aaa.com",
"bbb.com",
);
$allowed=false;
if(count($allowed_origins)>0){
foreach($allowed_origins as $allowed_origin){
if (strstr($origin,$allowed_origin)){
$allowed=true;
break;
}
}
}else{
$allowed=true;
}
if($allowed){
return true;
}else{
send_origin_headers();
}
}
By default WordPress sends an HTTP header to prevent iframe embedding on /wp_admin/ and /wp-login.php:
X-Frame-Options: SAMEORIGIN
That's a security feature. If you want to remove this header remove the filters:
remove_action( 'login_init', 'send_frame_options_header' );
remove_action( 'admin_init', 'send_frame_options_header' );
But you should really use the multisite feature as Tom J Nowell suggested.
Geeks Mental is a community that publishes articles and tutorials about Web, Android, Data Science, new techniques and Linux security.