I'm trying to build a mobile app out of a wordpress site, and I've got the site loading via an iframe. Everything is working nicely so far, but I'm getting this error when I go to the login page:

"Refused to display 'http://example.com/wp-login.php' in a frame because it set 'X-Frame-Options' to 'SAMEORIGIN'."

I've done some Googling and I found another person who had a similar problem here - Embed wordpress admin inside an iframe. The solution was to use

remove_action( 'login_init', 'send_frame_options_header', 10, 0 );
remove_action( 'admin_init', 'send_frame_options_header', 10, 0 );

But I've honestly got no clue where to put that code. Some more Googling pointed me towards the “./wp-includes/default-filters.php” file, but wouldn't that get overwritten with each WP update? Where can I put that code so it doesn't get overwritten and I can load my WP login inside an iframe?