Security issue reporting
The security.txt
file contains contact information and security-related links that can be used by security researchers to report security concerns about your site. If your security information changes over time, ensure that the information in the security.txt
file is up to date.
To configure security.txt:
-
On the Admin sidebar, go to Stores > Settings > Configuration.
-
In the left panel under Security, click Security.txt.
-
In the General section, set Enable to
Yes
.img-md w-600 modal-image -
Under Contact Information, enter the following:
-
The email address and phone number of the person who manages security issues for your store.
-
The URL of your store’s Contact Page. This page could either be a list of store security contacts or your Contact Us page.
img-md w-600 modal-image -
-
Under Other Information, enter the following:
-
The URL of your public Encryption key. For example:
https://example.com/pgp-key.txt
-
The URL of an Acknowledgments page where security researchers are recognized for their efforts on behalf of your store.
-
Your Preferred Languages for security-related communications. Enter the standard two-character language code for each supported language, separated by a comma. For example, to specify English, Spanish, and French, enter
en, es, fr
. All specified languages have the same priority, regardless of their order of appearance. -
The URL of a Hiring page that lists security-related employment opportunities with your store.
-
The URL of your security Policy page.
-
The URL of a digital Signature file that is saved on your server. For example:
https://mystore.com/.well-known/security.txt.sig
The digital signature must be set up from the CLI (command-line interface) of the server. To learn more, see Security.txt on GitHub.
img-md w-600 modal-image -
-
When complete, click Save Config.