via ithemes.com => original post link
Clickjacking is a malicious web exploit that has been around since the first websites made their way to the Internet. Clickjackers exploit methods for embedding one webpage inside another. Combined with deceptive social engineering, clickjacking attacks maintain a ridiculously high success rate, targeting millions of unsuspecting victims daily.
As the most popular website-building framework in the world, WordPress is a large target for clickjacking. By default, only the WordPress login page and admin area can’t be embedded into another web page. If there are other parts of your site you don’t want to be embedded elsewhere, you have to take action to protect them yourself.
This guide to clickjacking, or user interface redressing attacks, will show you how clickjacking works so you can ensure your WordPress website’s content can’t be used by attackers to steal sensitive information or trick users into doing something that harms them and/or helps the clickjacker.