PHPackages austinheap/wordpress-security-txt - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Security](/categories/security) 4. / 5. austinheap/wordpress-security-txt AbandonedArchivedLibrary[Security](/categories/security) austinheap/wordpress-security-txt ================================= A plugin for serving `security.txt` in WordPress 4.9+, based on configuration settings. v1.0.1(7y ago)4161[2 issues](https://github.com/austinheap/wordpress-security-txt/issues)MITPHPPHP >=7.0.0 Since Nov 22Pushed 7y ago1 watchersCompare [ Source](https://github.com/austinheap/wordpress-security-txt)[ Packagist](https://packagist.org/packages/austinheap/wordpress-security-txt)[ Docs](https://github.com/austinheap/wordpress-security-txt)[ RSS](/packages/austinheap-wordpress-security-txt/feed)WikiDiscussions master Synced 1mo ago READMEChangelog (2)Dependencies (2)Versions (3)Used By (0) WordPress 4.9+ `security.txt` Plugin ==================================== [](#wordpress-49-securitytxt-plugin) [![wordpress-security-txt banner for the WordPress Plugin Directory](assets/banner-1544x500.png?raw=true)](assets/banner-1544x500.png?raw=true) [![License](https://camo.githubusercontent.com/1045828ab78090e5a7c3faf5534770f6c76348dfa74e62b4e06b16299084734f/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f6c2f61757374696e686561702f776f726470726573732d73656375726974792d7478742e737667)](https://github.com/austinheap/laravel-security-txt/blob/master/LICENSE.md)[![Current Release](https://camo.githubusercontent.com/cbd20278c345efabf27050cc015de21c7d2322f8100ef7a89f6bba4a26563f0f/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f72656c656173652f61757374696e686561702f776f726470726573732d73656375726974792d7478742e737667)](https://github.com/austinheap/wordpress-security-txt/releases)[![Total Downloads](https://camo.githubusercontent.com/93fb517d0a36976b956ed7ab59d869f62a53bc2ec36bc2e68b415acad8c03f97/68747470733a2f2f696d672e736869656c64732e696f2f776f726470726573732f706c7567696e2f64742f77702d73656375726974792d7478742e737667)](https://wordpress.org/plugins/wp-security-txt/)[![Build Status](https://camo.githubusercontent.com/81a03a2b94aab92d5b7d200383dacab9c710624333f940527d26d5aa3a4624a4/68747470733a2f2f7472617669732d63692e6f72672f61757374696e686561702f776f726470726573732d73656375726974792d7478742e7376673f6272616e63683d6d6173746572)](https://travis-ci.org/austinheap/wordpress-security-txt)[![Dependency Status](https://camo.githubusercontent.com/d0e43045c4a4267e64b5cb8b0545abe97b25afba344b9ae799ca0db8b21ab382/68747470733a2f2f67656d6e617369756d2e636f6d2f6261646765732f6769746875622e636f6d2f61757374696e686561702f776f726470726573732d73656375726974792d7478742e737667)](https://gemnasium.com/github.com/austinheap/wordpress-security-txt)[![Scrutinizer CI](https://camo.githubusercontent.com/bdf56d4ab47efcb3ac1463037b8aad8880bcd641558d1434e0f4cb836ef285a6/68747470733a2f2f7363727574696e697a65722d63692e636f6d2f672f61757374696e686561702f776f726470726573732d73656375726974792d7478742f6261646765732f7175616c6974792d73636f72652e706e673f623d6d6173746572)](https://scrutinizer-ci.com/g/austinheap/wordpress-security-txt/?branch=master)[![StyleCI](https://camo.githubusercontent.com/70a3cc0eec9dd39e2bca3b7dcf01ac61f43e09a20bb85a0ccf8237133c7bd4ca/68747470733a2f2f7374796c6563692e696f2f7265706f732f3131313437393234332f736869656c643f6272616e63683d6d6173746572)](https://styleci.io/repos/111479243)[![Maintainability](https://camo.githubusercontent.com/5925dd3d3f00b037485dd9d4bd1464f2610664862f234bea3b14f9113d4b58e2/68747470733a2f2f6170692e636f6465636c696d6174652e636f6d2f76312f6261646765732f30646539303964636132306432363730643737342f6d61696e7461696e6162696c697479)](https://codeclimate.com/github/austinheap/wordpress-security-txt/maintainability)[![Test Coverage](https://camo.githubusercontent.com/a6d354ca0909b6f6ef6a28ae88ba8edbad7a76de52c72ceeb477c8d9a49a2e88/68747470733a2f2f6170692e636f6465636c696d6174652e636f6d2f76312f6261646765732f30646539303964636132306432363730643737342f746573745f636f766572616765)](https://codeclimate.com/github/austinheap/wordpress-security-txt/test_coverage)[![SensioLabs](https://camo.githubusercontent.com/40aecab0e57f08cb3bd380d387e5b95a0d1355cf1efbeb6d787e2a23ae6e53d8/68747470733a2f2f696e73696768742e73656e73696f6c6162732e636f6d2f70726f6a656374732f35643965643561302d646264302d343562652d613932632d3664383237343833653734322f6d696e692e706e67)](https://insight.sensiolabs.com/projects/5d9ed5a0-dbd0-45be-a92c-6d827483e742) A plugin for serving `security.txt` in WordPress 4.9+, based on configuration settings. --------------------------------------------------------------------------------------- [](#a-plugin-for-serving-securitytxt-in-wordpress-49-based-on-configuration-settings) ***NOTE: This plugin requires PHP 7+. It will not function with PHP5.*** The purpose of this project is to create a set-it-and-forget-it plugin that can be installed without much effort to get a WordPress site compliant with the current [`security.txt`](https://securitytxt.org/) spec. It is therefore highly opinionated but built for configuration. It will automatically configure itself but you are encouraged to visit the plugin settings page after activating it. [`security.txt`](https://github.com/securitytxt) is a [draft](https://tools.ietf.org/html/draft-foudil-securitytxt-00)"standard" which allows websites to define security policies. This "standard" sets clear guidelines for security researchers on how to report security issues, and allows bug bounty programs to define a scope. Security.txt is the equivalent of `robots.txt`, but for security issues. There is [documentation for `wordpress-security-txt` online](https://austinheap.github.io/wordpress-security-txt/), the source of which is in the [`docs/`](https://github.com/austinheap/wordpress-security-txt/tree/master/docs)directory. The most logical place to start are the [docs for the `WordPress_Security_Txt` class](https://austinheap.github.io/wordpress-security-txt/packages/WordPress.Security.Txt.html). Installation ------------ [](#installation) ### Step 1: Download a release [](#step-1-download-a-release) Navigate over to the releases page and download the latest release. ### Step 2: Upload the plugin to WordPress [](#step-2-upload-the-plugin-to-wordpress) In the admin section of your WordPress installation, navigate to 'Plugins' and click 'Add New Plugin'. You will then be select the release you downloaded and upload it. It should be a zip file. After it has installed click 'Active' next to the plugin name. ### Step 3: Configure your `security.txt` for WordPress (Optional) [](#step-3-configure-your-securitytxt-for-wordpress-optional) The plugin will autoconfigure itself using settings from your Wordpress installation. You are encouarge though to naviate over to the `security.txt` options page to customize your declarations and the plugin. This is located under the 'Settings' admin menu, or if you have the menu bar option enabled it will also be accessible via the top of your admin dashboard. ### Step 4: Profit! [](#step-4-profit) Your `security.txt` file should now be available at [http://your-awesome-wordpress-site.com/.well-known/security.txt](#)! If you have added your public GPG encryption key, it'll also be available at [http://your-awesome-wordpress-site.com/.well-known/gpg.txt](#). Translations ------------ [](#translations) The `security.txt` for WordPress plugin includes translations for the following 17 languages: - Arabic ([PO file](https://github.com/austinheap/wordpress-security-txt-translations/blob/master/wordpress-security-txt-ar_AR.po)) - Bengali ([PO file](https://github.com/austinheap/wordpress-security-txt-translations/blob/master/wordpress-security-txt-bn_BN.po)) - Catalan ([PO file](https://github.com/austinheap/wordpress-security-txt-translations/blob/master/wordpress-security-txt-ca_ES.po)) - Chinese (Simplified) ([PO file](https://github.com/austinheap/wordpress-security-txt-translations/blob/master/wordpress-security-txt-zh_CN.po)) - Chinese (Traditional) ([PO file](https://github.com/austinheap/wordpress-security-txt-translations/blob/master/wordpress-security-txt-zh_TW.po)) - English ([PO file](https://github.com/austinheap/wordpress-security-txt-translations/blob/master/wordpress-security-txt-en_EN.po)) - English (AU) ([PO file](https://github.com/austinheap/wordpress-security-txt-translations/blob/master/wordpress-security-txt-en_AU.po)) - English (US) ([PO file](https://github.com/austinheap/wordpress-security-txt-translations/blob/master/wordpress-security-txt-en_US.po)) - French ([PO file](https://github.com/austinheap/wordpress-security-txt-translations/blob/master/wordpress-security-txt-fr_FR.po)) - German ([PO file](https://github.com/austinheap/wordpress-security-txt-translations/blob/master/wordpress-security-txt-de_DE.po)) - Hindi ([PO file](https://github.com/austinheap/wordpress-security-txt-translations/blob/master/wordpress-security-txt-hi_IN.po)) - Italian ([PO file](https://github.com/austinheap/wordpress-security-txt-translations/blob/master/wordpress-security-txt-it_IT.po)) - Portuguese ([PO file](https://github.com/austinheap/wordpress-security-txt-translations/blob/master/wordpress-security-txt-pt_PT.po)) - Portuguese (BR) ([PO file](https://github.com/austinheap/wordpress-security-txt-translations/blob/master/wordpress-security-txt-pt_BR.po)) - Romanian ([PO file](https://github.com/austinheap/wordpress-security-txt-translations/blob/master/wordpress-security-txt-ro_RO.po)) - Russian ([PO file](https://github.com/austinheap/wordpress-security-txt-translations/blob/master/wordpress-security-txt-ru_RU.po)) - Spanish ([PO file](https://github.com/austinheap/wordpress-security-txt-translations/blob/master/wordpress-security-txt-es_ES.po)) If you would like to contribute a new languge or you spotted in error in one of the translation files, please feel free to contribute directly to the [public `wordpress-security-txt` POEditor project](https://poeditor.com/join/project/utTvBn327C). Once accepted additions/modifications are automagically built by POEditor to PO/MO files and published to the [wordpress-security-txt-translation](https://github.com/austinheap/wordpress-security-txt-translations)repository. The translations repository is included in builds submitted to the WordPress plugin directory. Users with the [GitHub Updater Plugin](https://github.com/afragen/github-updater) don't have to wait for builds to the WordPress plugin directory -- they can get updated translations as soon as they're published to the repository by POEditor. References ---------- [](#references) - [A Method for Web Security Policies (draft-foudil-securitytxt-00)](https://tools.ietf.org/html/draft-foudil-securitytxt-00) - [php-security-txt](https://github.com/austinheap/php-security-txt) Credits ------- [](#credits) This is a fork of [DevinVinson/WordPress-Plugin-Boilerplate](https://github.com/DevinVinson/WordPress-Plugin-Boilerplate), which was based on earlier work. - [DevinVinson/WordPress-Plugin-Boilerplate Contributors](https://github.com/DevinVinson/WordPress-Plugin-Boilerplate/graphs/contributors) License ------- [](#license) The MIT License (MIT). Please see [License File](LICENSE.md) for more information. ### Health Score 25 — LowBetter than 37% of packages Maintenance10 Infrequent updates — may be unmaintained Popularity11 Limited adoption so far Community8 Small or concentrated contributor base Maturity59 Maturing project, gaining track record Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~410 days Total 2 Last Release 2678d ago ### Community Maintainers ![](https://www.gravatar.com/avatar/892b0beaeaa56c4c759fe22312349c10cf805da0071421350e56e4e9ef48fa41?d=identicon)[austinheap](/maintainers/austinheap) --- Top Contributors [![austinheap](https://avatars.githubusercontent.com/u/80980?v=4)](https://github.com/austinheap "austinheap (12 commits)") --- Tags betaphpphp7php70php71php72securitysecurity-txtwordpresswordpress-pluginwordpress49wordpress5wordpresssecurityroutesecurity.txt ### Code Quality TestsPHPUnit ### Embed Badge ![Health badge](/badges/austinheap-wordpress-security-txt/health.svg) ``` [![Health](https://phpackages.com/badges/austinheap-wordpress-security-txt/health.svg)](https://phpackages.com/packages/austinheap-wordpress-security-txt) ``` ### Alternatives [brain/nonces OOP package for WordPress to deal with nonces. 26227.1k1](/packages/brain-nonces) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)