Threat Intelligence Lab

WordPress Security.txt Plugin
WordPress Security.txt Plugin - Image 2
WordPress Security.txt Plugin - Image 3

WordPress Security.txt Plugin

 15,00

TIL Security.txt is a lightweight WordPress plugin that provides a simple settings page (Settings → Security.txt) and automatically serves a plaintext security.txt at /.well-known/security.txt.

SKU: wp-security-txt-plugin-v1
Category:
Tags: ,

Description

Convert your site’s security disclosure into a standards-compliant, easily editable security.txt file — served at /.well-known/security.txt and managed from the WordPress admin.

TIL Security.txt is a lightweight WordPress plugin that provides a simple settings page (Settings → Security.txt) and automatically serves a plaintext security.txt at /.well-known/security.txt.

No manual file uploads or server edits required — edit the contact, expiry, languages, canonical URL and policy link from the admin and the plugin will expose the proper response to security researchers and scanners.

Why it helps

  1. Make it easy for researchers to contact you about vulnerabilities.
  2. Ensure automated scanners and security tools can find your canonical security.txt.
  3. Keep the content editable inside WordPress with safe sanitization and optional validation.

Key Features

  • ⚙️ Simple admin UI — Settings → Security.txt to edit Contact, Expires, Preferred-Languages, Canonical, and Policy.
  • 📄 Served at /.well-known/security.txt — standard endpoint used by security scanners.
  • 🔒 Safe defaults — plugin ships with empty defaults (admins provide site-specific values).
  • ✅ Plaintext output (text/plain) with correct headers.
  • 🔁 Rewrite-aware — registers a rewrite rule on activation (flushes rules automatically).
  • 🧾 Uninstall cleanup — removes stored options and flushes rewrite rules.

Example security.txt output (what the endpoint returns)

Contact: mailto:security@example.com
Expires: 2026-12-31T23:59:59.000Z
Preferred-Languages: EN,NL
Canonical: https://example.com/.well-known/security.txt
Policy: https://example.com/security-policy

Installation

  1. Copy the til-security-txt folder into your WordPress wp-content/plugins/ directory.
  2. Or zip the til-security-txt folder and upload it from WP Admin → Plugins → Add New → Upload Plugin.
  3. Activate the plugin in WP Admin → Plugins.
  4. Open Settings → Security.txt and enter your values, then click Save.

How to use

Enter a contact method (typically a mailto: address), expiry (ISO 8601), preferred languages (comma-separated), the canonical URL, and a link to your policy or disclosure page.

Visit https://your-site.example/.well-known/security.txt to verify the output.

security-txt-settings

Uninstall

Deactivate and delete the plugin from Plugins in WP Admin. The plugin removes stored options and flushes rewrite rules.

Reviews

There are no reviews yet.

Only logged in customers who have purchased this product may leave a review.

Related products