This document outlines how we handle security in relation to web development and client information.
max-ageof 6 months
Craft plugins must either be from the safe list below or be reviewed individually. Ideally, plugins installed:
We follow all advisories in the Securing Craft article from Pixel & Tonic:
allowAdminChangesare set to false in both staging and production
@webalias for the site
cpTriggerfrom the default
X-Powered-By: Craft CMSheader
The companies below have a proven track record in high quality software and have been active in the Craft community for years. We trust their work.
If you find any vulnerabilities in our websites or would like more information about this policy, you can get in contact with us directly through our contact form.