kbe/seo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
c980edf047c58bfc408c5107f2c7df15ee50a687
seo/wordpress-plugins/rank-math-api-manager/docs/SECURITY-NORWEGIAN.md
Kevin Bataille 8c7cd24685 Refactor SEO automation into unified CLI application 
Major refactoring to create a clean, integrated CLI application:

### New Features:
- Unified CLI executable (./seo) with simple command structure
- All commands accept optional CSV file arguments
- Auto-detection of latest files when no arguments provided
- Simplified output directory structure (output/ instead of output/reports/)
- Cleaner export filename format (all_posts_YYYY-MM-DD.csv)

### Commands:
- export: Export all posts from WordPress sites
- analyze [csv]: Analyze posts with AI (optional CSV input)
- recategorize [csv]: Recategorize posts with AI
- seo_check: Check SEO quality
- categories: Manage categories across sites
- approve [files]: Review and approve recommendations
- full_pipeline: Run complete workflow
- analytics, gaps, opportunities, report, status

### Changes:
- Moved all scripts to scripts/ directory
- Created config.yaml for configuration
- Updated all scripts to use output/ directory
- Deprecated old seo-cli.py in favor of new ./seo
- Added AGENTS.md and CHANGELOG.md documentation
- Consolidated README.md with updated usage

### Technical:
- Added PyYAML dependency
- Removed hardcoded configuration values
- All scripts now properly integrated
- Better error handling and user feedback

Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>
2026-02-16 14:24:44 +01:00

127 lines
4.1 KiB
Markdown
Raw Blame History

# Security Policy
## Supported Versions
We actively maintain and provide security updates for the following versions:
| Version | Supported |
| ------- | ------------------ |
| 1.0.6 | :white_check_mark: |
| 1.0.5 | :white_check_mark: |
| 1.0.0 | :white_check_mark: |
| < 1.0.0 | :x: |
## Reporting a Vulnerability
We take security vulnerabilities seriously. If you discover a security vulnerability in the Rank Math API Manager plugin, please follow these steps:
### 1. **DO NOT** create a public GitHub issue
Security vulnerabilities should be reported privately to prevent potential exploitation.
### 2. **DO** report via email
Send your security report to: **security@devora.no**
### 3. Include the following information in your report:
- **Description**: A clear description of the vulnerability
- **Steps to reproduce**: Detailed steps to reproduce the issue
- **Impact**: Potential impact of the vulnerability
- **Environment**: WordPress version, plugin version, and other relevant details
- **Proof of concept**: If possible, include a proof of concept (without exploiting it publicly)
### 4. What to expect:
- **Response time**: We aim to respond within 48 hours
- **Assessment**: We will assess the reported vulnerability
- **Updates**: We will keep you informed of our progress
- **Fix timeline**: Critical vulnerabilities will be addressed within 7 days
- **Credit**: We will credit you in our security advisories (unless you prefer to remain anonymous)
## Security Best Practices
### For Users:
1. **Keep WordPress updated**: Always use the latest WordPress version
2. **Update plugins**: Keep all plugins, including this one, updated
3. **Use strong authentication**: Implement strong passwords and two-factor authentication
4. **Limit API access**: Only grant API access to trusted applications
5. **Monitor logs**: Regularly check WordPress and server logs for suspicious activity
6. **Use HTTPS**: Always use HTTPS for API communications
### For Developers:
1. **Input validation**: Always validate and sanitize all input data
2. **Authentication**: Implement proper authentication for all API endpoints
3. **Rate limiting**: Consider implementing rate limiting for API endpoints
4. **Logging**: Log security-relevant events
5. **Error handling**: Don't expose sensitive information in error messages
## Security Features
This plugin implements several security measures:
### Authentication & Authorization:
- WordPress Application Password authentication
- User capability checks (`edit_posts`)
- Proper permission validation for all endpoints
### Input Validation:
- All input parameters are sanitized
- URL validation for canonical URLs
- Text field sanitization using WordPress functions
- Post ID validation
### Data Protection:
- No sensitive data is logged
- Secure transmission via HTTPS
- Proper WordPress nonce validation (where applicable)
## Known Security Considerations
### API Rate Limiting:
Currently, the plugin relies on WordPress's built-in rate limiting. For high-traffic sites, consider implementing additional rate limiting.
### CORS:
The plugin uses WordPress's default CORS settings. For enhanced security, consider implementing custom CORS policies.
### Logging:
The plugin doesn't log sensitive data, but ensure your WordPress installation has appropriate logging configured.
## Security Updates
We regularly:
- Review and update dependencies
- Conduct security audits
- Monitor WordPress security advisories
- Test against common vulnerabilities
- Update security best practices
## Responsible Disclosure
We follow responsible disclosure practices:
- We will not publicly disclose vulnerabilities until a fix is available
- We will work with security researchers to understand and fix issues
- We will credit security researchers in our advisories
- We will provide reasonable time for users to update before public disclosure
## Contact Information
- **Security Email**: security@devora.no
- **Company**: Devora AS
- **Website**: https://devora.no
- **GitHub**: https://github.com/devora-as/rank-math-api-manager
---
**Last Updated**: July 2025
Reference in New Issue View Git Blame Copy Permalink