This repository contains WordPress hardening references and configuration templates intended for use in defensive web security work.

If you find a security issue in any configuration, script, or guide in this repository that could cause harm if applied as written, please report it privately.

Do not file public GitHub issues for security problems in the content itself.

To report a security issue:

• Open a private security advisory through GitHub's security advisory feature
• Or contact Web Stack Defense through webstackdefense.com

Reports should include:

• The file or section affected
• A description of the issue
• The conditions under which the issue would cause harm
• Suggested remediation if known

This repository is not the correct venue for reporting WordPress core vulnerabilities, plugin vulnerabilities, or theme vulnerabilities. Those should be reported to:

• WordPress core: https://wordpress.org/about/security/
• Plugins and themes: Patchstack or WPScan
• The plugin or theme author directly

All content in this repository is provided for reference. Test all configurations in a non-production environment before deploying. The maintainers accept no liability for outcomes from applying any content here.