The open source WordPress blogging application is being updated to version 3.1.3 this week adding multiple security fixes and improvements.
Perhaps the biggest security improvement is the inclusion of clickjacking protection support in WordPress. Clickjacking was first discussed as an attack vector back in 2008 by Whitehat Security researcher Jeremiah Grossman. In a clickjack attack, an element from a third party website is hidden behind or above an item on the website a reader is viewing. When the reader clicks on an item they believe to be legitimate, they are in fact also clicking on the secondary item as well.
Browsers began implementing specifications to protect against clickjacking in 2009. The key technique is named X-FRAME-OPTIONS and provides a mechanism by which website owners can prevent a page from rendering inside of a frame on another site.
WordPress 3.1.3 release now supports X-FRAME-OPTIONS for the admin and login pages of a WordPress site.