Protecting Against Clickjacking

Clickjacking (also known as a “UI redress attack”), a malicious technique, involves an attacker covering a button, a link, or a picture you intend to click with an overlay (transparent or opaque). The aim of the attack is to trick you into clicking the overlay instead of the desired webpage object. This can lead to harmful commands being executed or confidential information being compromised. Plesk users can be vulnerable to clickjacking when Plesk is opened within iframes on a malicious website.

To protect Plesk from clickjacking:

Add the following lines to the  panel.ini file:

[security]
sameOriginOnly = true

Enabling the  sameOriginOnly setting prevents Plesk pages from opening within iframes on other websites. Note that this will also prevent Plesk pages from opening within iframes on websites that are not malicious.