Today, we are thrilled to introduce our brand new WordPress plugin: Security.txt Manager. This innovative tool is designed to make the management of your “security.txt” file as easy as pie, right from the comfort of your WordPress dashboard.

What exactly is a “security.txt” file?

It’s a proposed standard that allows websites to define their security policies. In essence, this file communicates your security policy and contact information to security researchers, making it one of the most critical files on any site.

Creating a Security Policy

You can create security.txt content on the https://securitytxt.org/ , and paste the generated content into the plugin settings. The plugin handles both “.well-known/security.txt” and “security.txt” requests and shows your security.txt content there.

Use case with Multisite

The Security txt Manager plugin is compatible with multisite WordPress installations. However, please note that if you are using a subfolder installation, it will only work for the main site. This is because a given domain or subdomain can only have one “security.txt” file according to the security.txt specification. (See the spec)

Technical Requirements

Before diving into the world of Security txt Manager, please ensure your setup meets the following requirements:

1. PHP 7.2 or higher
2. WordPress 5.7 or higher
3. Enabled rewrites: without them, WordPress cannot supply “/security.txt” or “.well-known/security.txt” when requested
4. A site URL without a path (e.g., “https://example.com” rather than “https://example.com/site”) – https://www.rfc-editor.org/rfc/rfc9116#section-3.1

We invite you to give Security txt Manager a try and share your experiences with us. We are looking forward to seeing the positive impact this plugin will have on the WordPress community. Let’s enhance our website security together!