kbe/seo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
8c7cd2468523c403e6322db75246a2287dc919cb
seo/wordpress-plugins/rank-math-api-manager/docs/SECURITY-NORWEGIAN.md
Kevin Bataille 8c7cd24685 Refactor SEO automation into unified CLI application 
Major refactoring to create a clean, integrated CLI application:

### New Features:
- Unified CLI executable (./seo) with simple command structure
- All commands accept optional CSV file arguments
- Auto-detection of latest files when no arguments provided
- Simplified output directory structure (output/ instead of output/reports/)
- Cleaner export filename format (all_posts_YYYY-MM-DD.csv)

### Commands:
- export: Export all posts from WordPress sites
- analyze [csv]: Analyze posts with AI (optional CSV input)
- recategorize [csv]: Recategorize posts with AI
- seo_check: Check SEO quality
- categories: Manage categories across sites
- approve [files]: Review and approve recommendations
- full_pipeline: Run complete workflow
- analytics, gaps, opportunities, report, status

### Changes:
- Moved all scripts to scripts/ directory
- Created config.yaml for configuration
- Updated all scripts to use output/ directory
- Deprecated old seo-cli.py in favor of new ./seo
- Added AGENTS.md and CHANGELOG.md documentation
- Consolidated README.md with updated usage

### Technical:
- Added PyYAML dependency
- Removed hardcoded configuration values
- All scripts now properly integrated
- Better error handling and user feedback

Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>
2026-02-16 14:24:44 +01:00

4.1 KiB
Raw Blame History

Security Policy

Supported Versions

We actively maintain and provide security updates for the following versions:

Version Supported
1.0.6
1.0.5
1.0.0
< 1.0.0

Reporting a Vulnerability

We take security vulnerabilities seriously. If you discover a security vulnerability in the Rank Math API Manager plugin, please follow these steps:

1. DO NOT create a public GitHub issue

Security vulnerabilities should be reported privately to prevent potential exploitation.

2. DO report via email

Send your security report to: security@devora.no

3. Include the following information in your report:

  • Description: A clear description of the vulnerability
  • Steps to reproduce: Detailed steps to reproduce the issue
  • Impact: Potential impact of the vulnerability
  • Environment: WordPress version, plugin version, and other relevant details
  • Proof of concept: If possible, include a proof of concept (without exploiting it publicly)

4. What to expect:

  • Response time: We aim to respond within 48 hours
  • Assessment: We will assess the reported vulnerability
  • Updates: We will keep you informed of our progress
  • Fix timeline: Critical vulnerabilities will be addressed within 7 days
  • Credit: We will credit you in our security advisories (unless you prefer to remain anonymous)

Security Best Practices

For Users:

  1. Keep WordPress updated: Always use the latest WordPress version
  2. Update plugins: Keep all plugins, including this one, updated
  3. Use strong authentication: Implement strong passwords and two-factor authentication
  4. Limit API access: Only grant API access to trusted applications
  5. Monitor logs: Regularly check WordPress and server logs for suspicious activity
  6. Use HTTPS: Always use HTTPS for API communications

For Developers:

  1. Input validation: Always validate and sanitize all input data
  2. Authentication: Implement proper authentication for all API endpoints
  3. Rate limiting: Consider implementing rate limiting for API endpoints
  4. Logging: Log security-relevant events
  5. Error handling: Don't expose sensitive information in error messages

Security Features

This plugin implements several security measures:

Authentication & Authorization:

  • WordPress Application Password authentication
  • User capability checks (edit_posts)
  • Proper permission validation for all endpoints

Input Validation:

  • All input parameters are sanitized
  • URL validation for canonical URLs
  • Text field sanitization using WordPress functions
  • Post ID validation

Data Protection:

  • No sensitive data is logged
  • Secure transmission via HTTPS
  • Proper WordPress nonce validation (where applicable)

Known Security Considerations

API Rate Limiting:

Currently, the plugin relies on WordPress's built-in rate limiting. For high-traffic sites, consider implementing additional rate limiting.

CORS:

The plugin uses WordPress's default CORS settings. For enhanced security, consider implementing custom CORS policies.

Logging:

The plugin doesn't log sensitive data, but ensure your WordPress installation has appropriate logging configured.

Security Updates

We regularly:

  • Review and update dependencies
  • Conduct security audits
  • Monitor WordPress security advisories
  • Test against common vulnerabilities
  • Update security best practices

Responsible Disclosure

We follow responsible disclosure practices:

  • We will not publicly disclose vulnerabilities until a fix is available
  • We will work with security researchers to understand and fix issues
  • We will credit security researchers in our advisories
  • We will provide reasonable time for users to update before public disclosure

Contact Information

Last Updated: July 2025

Reference in New Issue View Git Blame Copy Permalink