Wordpress plugin that removes the X-Frame-Options header to allow for domain masking.

wp-domain-masking.php

<?php
/**
 * The plugin bootstrap file
 *
 * This file is read by WordPress to generate the plugin information in the plugin
 * admin area. This file also includes all of the dependencies used by the plugin,
 * registers the activation and deactivation functions, and defines a function
 * that starts the plugin.
 *
 * @link              http://example.com
 * @since             0.0.1
 * @package           WP_Domain_Masking
 *
 * @wordpress-plugin
 * Plugin Name:       WP Domain Masking
 * Plugin URI:        https://gist.github.com/bdeleasa/80f7e61fca55507705d5cf8f86adb868
 * Description:       Allows domain masking.
 * Version:           1.0.0
 * Author:            Brianna Deleasa
 * Author URI:        http://briannadeleasa.com
 * License:           GPL-2.0+
 * License URI:       http://www.gnu.org/licenses/gpl-2.0.txt
 * Text Domain:       wp-domain-masking
 * Domain Path:       /languages
 */

// If this file is called directly, abort.
if ( ! defined( 'WPINC' ) ) {
    die;
}


add_action( 'wp_head', 'wpdm_allow_iframe_embedding' );
/**
 * Removes the X-Frame-Options header tag to allow domain masking.
 * 
 * @param none
 * @return null
 */
function wpdm_allow_iframe_embedding() {

    header_remove("X-Frame-Options");

}

How it works?

@hackaros it works by removing the 'X-Frame-Options' header that WordPress core sets, thus allowing the site to be iframed into any other site. Note that this isn't extremely secure--it might be even better to, immediately after removing the existing header, add one back that specifies which domains to allow iframes on.

It might not always work: "Cannot modify header information - headers already sent by".