Protecting Against Clickjacking

Clickjacking (also known as a "UI redress attack"), a malicious technique, involves an attacker covering a button, a link, or a picture you intend to click with an overlay (transparent or opaque). The aim of the attack is to trick you into clicking the overlay instead of the desired webpage object. This can lead to harmful commands being executed or confidential information being compromised. Plesk users can be vulnerable to clickjacking when Plesk is opened within iframes on a malicious website.

To protect Plesk from clickjacking:

Add the following lines to the panel.ini file:

[security]
sameOriginOnly = true

Enabling the sameOriginOnly setting prevents Plesk pages from opening within iframes on other websites. Note that this will also prevent Plesk pages from opening within iframes on websites that are not malicious.

 

Leave your feedback on this topic here

If you have questions or need support, please visit the Plesk forum or contact your hosting provider.
The comments below are for feedback on the documentation only. No timely answers or help will be provided.