How to fix Loading wp-admin in a Frame Denied

  • Firefox was not acepting to “Load admin here” giving a CORS/sameorigin error:

    The loading of “https://example.com/wp-admin/?auto_login=1&iwp_goto=&signature=&message_id=1885&username= in a frame is denied by “X-Frame-Options“ directive set to “SAMEORIGIN“.

    I fixed adding the following headers inside the file wp-config.php to allow the site to be loaded inside an iframe on my IWP subdomain:

    define( 'WP_AUTO_UPDATE_CORE', 'minor' );

header('X-Content-Security-Policy: frame-ancestors iwp.mydomain.com');
header('Content-Security-Policy: frame-ancestors iwp.mydomain.com');

/* That's all, stop editing! Happy publishing. */

    A staging copy hosted on Hostinger didn’t accept this solution and ended up working with this on .htaccess:

    <ifModule mod_headers.c>
    Header always unset X-Frame-Options
</ifModule>
  • The topic ‘How to fix Loading wp-admin in a Frame Denied’ is closed to new replies.