This document outlines how we handle security in relation to web development and client information.
max-age
of 6 monthsCraft plugins must either be from the safe list below or be reviewed individually. Ideally, plugins installed:
We follow all advisories in the Securing Craft article from Pixel & Tonic:
allowAdminChanges
are set to false in both staging and production@web
alias for the sitecpTrigger
from the default /admin
X-Powered-By: Craft CMS
headerThe companies below have a proven track record in high quality software and have been active in the Craft community for years. We trust their work.
If you find any vulnerabilities in our websites or would like more information about this policy, you can get in contact with us directly through our contact form.
This policy was written with great inspiration from from PutYourLightsOn's Securing Craft articles and SnapShooter's Security Policies.