What is Memberium’s “Disable Clickjacking Protection” Setting?

This Article Applies to
OTHER Articles Available

The Disable Clickjacking Protection feature can be found under Memberium > Settings > Security:

This setting is toggled to No by default meaning that Memberium will implement measures to protect your site from clickjacking.

What is Clickjacking?

According to owasp.org, “Clickjacking, also known as a ‘UI redress attack’, is when an attacker uses multiple transparent or opaque layers to trick a user into clicking on a button or link on another page when they were intending to click on the top level page. Thus, the attacker is ‘hijacking’ clicks meant for their page and routing them to another page, most likely owned by another application, domain, or both.”

They go on to give an example: “Imagine an attacker who builds a web site that has a button on it that says “click here for a free iPod”. However, on top of that web page, the attacker has loaded an iframe with your mail account, and lined up exactly the “delete all messages” button directly on top of the “free iPod” button. The victim tries to click on the “free iPod” button but instead actually clicked on the invisible “delete all messages” button. In essence, the attacker has “hijacked” the user’s click, hence the name “Clickjacking”.”

Image from Upguard

How does Memberium prevent Clickjacking?

There are several ways to stop clickjacking. The primary method is by setting something called X-Frame-Options Response Headers. This header is set by your website (or Memberium in this case) and it tells the web browser whether or not it’s allowed to embed your site into another site (via and iFrame).

Since clickjacking relies on embedding your site via an iframe into a malicious site, by instructing the browser not to allow your site to be embedded, you’re guarding your site against this attack.

Memberium sets the X-Frame-Options header to SAMEORIGIN.

Where can I Learn More?

Although Memberium has you protected as long as you leave this setting on – if you want to learn more Upguard has a good blog post explaining what clickjacking is, common attacks, and how to defend against it which you can read here.

 

  • Was this Helpful?
  • YesNo
9 ways to add more value to your membership site

Table of Contents

This Article Applies to

Keep Reading

Membership Site Video Hosting

With fast, reliable internet connections, video is an increasingly popular way to deliver video content to the members of your membership site. Video can be a powerful tool to illustrate techniques, and to connect at a more personal (face to face) level with your members and prospective customers.

Read More »

The Silent Thief Lurking in Your Business

There are as many ways to become successful as there are markets and audiences. The trick is to take informed and decisive and principled action. You don’t need to know everything, nobody is advocating shooting blindly. Evolve and refine your priorities and strategies. Change it if you must, but don’t get caught in the trap of chasing the strategy du jour. Strategies, unlike tactics take time to bear fruit, so be patient and consistent in your actions. Priorities like strategies should be part of your north star and should guide your decisions, not be guided by the decisions of the day.

Read More »

Want to get some fresh ideas on how you can improve your membership site or course?

Download our free ebook!

Book a Call

Welcome to Memberium!

We are very excited for you to be part of our family. 

We would love to answer any questions that you have!

Please choose the best time for you to get in a call with us. 

For Technical Support, you can contact us at https://keap.memberium.com/support/ or Email us at support@memberium.com.