Self-XSS

Self-XSS is a social engineering attack used to gain control of victims’ web accounts. In a self-XSS attack, the victim of the attack unwittingly runs malicious code in their own web browser, thus exposing it to the attacker.

Self-XSS operates by tricking users into copying and pasting malicious content into their browsers’ web developer console. Usually, the attacker posts a message that says by copying and running certain code, the user will be able to hack another user’s account. In fact, the code allows the attacker to hijack the victim’s account.

Facebook and others now display a warning message when users open the web developer console, and they link to pages explaining the attack in detail. You can only write the message if you don’t have the separate page for the explanation of Self-XSS like facebook.

If you like to show the warning message same as facebook in WordPress then you do achieve that by using Prevent XSS Vulnerability plugin. This plugin can be downloaded from here: https://wordpress.org/plugins/prevent-xss-vulnerability/

Prevent XSS Vulnerability not only shows the warning message, it also prevents your website from the Reflected XSS attack.