Security

Status: 🚧 Stub

How we keep our work — and our clients' work — secure.

Topics to cover

• WordPress-specific security baseline (sanitization, escaping, nonces, capabilities)
• Dependency management and vulnerability scanning
• Secrets handling (never in repo, where they live, how they rotate)
• Access control: principle of least privilege for hosting, GitHub, client systems
• Hardening checklist for new sites
• Security plugin recommendations and configurations
• Incident response procedure
• Client-reported vulnerability handling
• Annual / periodic security reviews

Related

• Engineering Standards → Coding Standards
• Infrastructure → Backups

---

Owner: TBD | Last reviewed: TBD