By clickjacking, you can make end users do things without knowing it. Every
action on a website that can be performed with a simple click can be
exploited with this trick.
Clickjacking is a massive problem because it is done via CSS, not a script.
Unless browsers block frames from having an opacity of 0, there is no
simple workaround. The main counter-measure people take is to disallow
embedding in frames using JavaScript. However, with JavaScript off,
clickjacking still works.
Basic Ways To Increase Web Security
Now that you know a bit about what can be done to your website by the
bad guys, here are some ways to fight them off.
Keep Code Up to Date
There is no better protection than keeping your code up to date. Outdated
versions of WordPress, old installs of PHP and MySQL, even old browsers,
all of these are security issues because most updates to software these days
are security patches. It is a rat race between those who want the Web to
work and those who want to abuse it to make a quick buck or to steal your
identity. So please help the good guys by upgrading whenever a new
version is out.
Don’t Stay Logged In, and Don’t Entice Others to Either
Staying logged in while not using a system is dangerous. Other websites
you surf to can check that you are logged in and then clickjack you to make
you do something you don’t mean to or aren’t aware of. This is especially