austinheap / wordpress-security-txt
A plugin for serving `security.txt` in WordPress 4.9+, based on configuration settings.
Requires
- php: >=7.0.0
Requires (Dev)
- codeclimate/php-test-reporter: dev-master
- phpunit/phpunit: ~6.0
This package is auto-updated.
Last update: 2021-04-08 00:10:34 UTC
README
A plugin for serving security.txt in WordPress 4.9+, based on configuration settings.
NOTE: This plugin requires PHP 7+. It will not function with PHP5.
The purpose of this project is to create a set-it-and-forget-it plugin that can be
installed without much effort to get a WordPress site compliant with the current
security.txt spec. It is therefore highly opinionated
but built for configuration. It will automatically configure itself but you are
encouraged to visit the plugin settings page after activating it.
security.txt is a draft
"standard" which allows websites to define security policies. This "standard"
sets clear guidelines for security researchers on how to report security issues,
and allows bug bounty programs to define a scope. Security.txt is the equivalent
of robots.txt, but for security issues.
There is documentation for wordpress-security-txt online,
the source of which is in the docs/
directory. The most logical place to start are the docs for the WordPress_Security_Txt class.
Installation
Step 1: Download a release
Navigate over to the releases page and download the latest release.
Step 2: Upload the plugin to WordPress
In the admin section of your WordPress installation, navigate to 'Plugins' and click 'Add New Plugin'. You will then be select the release you downloaded and upload it. It should be a zip file. After it has installed click 'Active' next to the plugin name.
Step 3: Configure your security.txt for WordPress (Optional)
The plugin will autoconfigure itself using settings from your Wordpress installation. You are encouarge
though to naviate over to the security.txt options page to customize your declarations and the plugin.
This is located under the 'Settings' admin menu, or if you have the menu bar option enabled it will also
be accessible via the top of your admin dashboard.
Step 4: Profit!
Your security.txt file should now be available at http://your-awesome-wordpress-site.com/.well-known/security.txt!
If you have added your public GPG encryption key, it'll also be available at http://your-awesome-wordpress-site.com/.well-known/gpg.txt.
Translations
The security.txt for WordPress plugin includes translations for the following 17 languages:
- Arabic (PO file)
- Bengali (PO file)
- Catalan (PO file)
- Chinese (Simplified) (PO file)
- Chinese (Traditional) (PO file)
- English (PO file)
- English (AU) (PO file)
- English (US) (PO file)
- French (PO file)
- German (PO file)
- Hindi (PO file)
- Italian (PO file)
- Portuguese (PO file)
- Portuguese (BR) (PO file)
- Romanian (PO file)
- Russian (PO file)
- Spanish (PO file)
If you would like to contribute a new languge or you spotted in error in one of the
translation files, please feel free to contribute directly to the
public wordpress-security-txt POEditor project. Once
accepted additions/modifications are automagically built by POEditor to PO/MO files and
published to the wordpress-security-txt-translation
repository.
The translations repository is included in builds submitted to the WordPress plugin directory. Users with the GitHub Updater Plugin don't have to wait for builds to the WordPress plugin directory -- they can get updated translations as soon as they're published to the repository by POEditor.
References
Credits
This is a fork of DevinVinson/WordPress-Plugin-Boilerplate, which was based on earlier work.
License
The MIT License (MIT). Please see License File for more information.