Disgrifiad
This powerful yet user-friendly WordPress plugin enables you to create, edit, and manage your “security.txt” file directly from the WordPress dashboard. As one of the most critical files on any site, the “security.txt” file communicates your security policy and contact information to security researchers.
What is security.txt?
A proposed standard which allows websites to define security policies.
Can I use this with multisite?
Yes! However, if you are using a subfolder installation it will only work for the main site. This is because you can only have one security.txt for a given domain or subdomain per the security.txt spec.
Technical Notes
- Requires PHP 7.2+.
- Requires WordPress 5.7+.
- Rewrites need to be enabled. Without rewrites, WordPress cannot know to supply
/security.txtwhen requested. - The plugin registers rewrite rules for
/.well-known/security.txtand/security.txt; server-level rules may be needed if your web server handles those paths before WordPress. - Your site URL must not contain a path (e.g.
https://example.com/site/or path-based multisite installs). Learn more on spec.
Contributing & Bug Report
Bug reports and pull requests are welcome on Github.
If you like Security.txt Manager, then consider checking out our other projects:
- Powered Cache – Caching and optimization for WordPress to help improve PageSpeed and Core Web Vitals.
- Magic Login Pro – Easy, secure, and passwordless authentication for WordPress.
- SessionQuota Pro – Limit concurrent sessions in WordPress.
- Stream Integration Pro – Upload, sync, restore, and manage WordPress videos with Cloudflare Stream.
- Easy Text-to-Speech – Convert written content into high-quality synthesized speech for WordPress.
- Handywriter – AI-powered writing assistant for WordPress.
- PaddlePress PRO – Paddle plugin for WordPress.
Lluniau Sgrin
Gosod
Manual Installation
- Upload the entire
/security-txt-managerdirectory to the/wp-content/plugins/directory. - Activate Security.txt Manager through the ‘Plugins’ menu in WordPress.
Cwestiynau Cyffredin
-
How can I create security policy?
-
You can create it on https://securitytxt.org/ website.
-
Can I use this with multisite?
-
Yes! But won’t work for the child sites on subdirectory setup due to security.txt spec
-
Do I have to upload any files?
-
No. The plugin handles “.well-known/security.txt” and “security.txt” requests for your domain.
Adolygiadau
Contributors & Developers
“Security.txt Manager” is open source software. The following people have contributed to this plugin.
Cyfranwyr
“Security.txt Manager” has been translated into 3 locales. Thank you to the translators for their contributions.
Translate “Security.txt Manager” into your language.
Interested in development?
Browse the code, check out the SVN repository, or subscribe to the development log by RSS.
Cofnod Newid
1.2 (4 June, 2026)
- Improved handling for
/.well-known/security.txtand/security.txtrequests with WordPress rewrite rules. - Added Apache and Nginx configuration examples to the settings screen for servers that handle security.txt paths before WordPress.
- Hardened request URI handling for the security.txt endpoint.
- Tested with WP 7.0
1.1 (22 November, 2025)
- Minor tweaks.
- Tested with WP 6.9
- Dependency updates.
1.0.3 (12 April, 2025)
- Tested with WP 6.8
- Dependency updates.
1.0.2 (19 March, 2024)
- Tested with WP 6.5
- Dependency updates.
1.0.1 (22 July, 2023)
- Tested with WP 6.3
1.0 (15 June, 2023)
- First release