How to Enable cors in WordPress

Enable CORS

Here’s a super easy way to enable cors in WordPress. First, open up header.php. The default code looks like so:

 * @package WordPress
 * @subpackage Default_Theme
<!DOCTYPE html>

Now simply take the cors enabling php code and paste it into your header:

<?php /** @package WordPress @subpackage Default_Theme  **/
header("Access-Control-Allow-Origin: *"); 
<!DOCTYPE html>

And that’s it; Now your blog enables cors! You can read more about cors here, as well as validate your sites for cors support. Support Linked Open Data!.

Also read...


  1. Hi,

    I’ve tried this using the builder theme from codecanyon but still appear to be having difficulties with Access-Control-Allow-Origin errors when I try to pull a feed of my wordpress posts into a phonegap app.

    Any ideas on what might be the cause?


  2. Thanks for the little tip.

    I’m curious though; Will a server with CORS enabled always show the cross domain header to every response it gives a client?

  3. hi ! , why not use .htaccess like this:

    Header add Access-Control-Allow-Origin “*”
    Header add Access-Control-Allow-Headers “origin, x-requested-with, content-type”
    Header add Access-Control-Allow-Methods “PUT, GET, POST, DELETE, OPTIONS”

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>