For more information about changing these configuration settings, see Security issue reporting.
To access the store configuration settings, choose Stores > Settings > Configuration from the Admin sidebar.
Field | Scope | Description |
---|---|---|
Enable | Website | When enabled, a security.txt file is saved that contains information that is needed by security researchers to report potential vulnerabilities to you. Options:Yes - Creates the security.txt file based on information entered in the Contact information and Other information sections.No - (default) Does not create the security.txt file. |
Field | Scope | Description |
---|---|---|
Website | The email address where security reports can be sent. | |
Phone | Website | A phone number that can be used to report security concerns. |
Contact Page | Website | The URL of a page on your site that lists security contacts, or your Contact Us page. Examples: https://mystore.com/security-contact.html https://mystore.com/contact/ |
Field | Scope | Description |
---|---|---|
Encryption | Website | A URL that points to the location of an encryption key that security researchers can use to send encrypted communications. Do not enter the encryption key in this field. It is the responsibility of the researcher to verify that the key is from a trustworthy source. Researchers must not assume that the key is the same as that used to generate the digital signature. Example: OpenPGP key from web server - https://mystore.com/pgp-key.txt |
Acknowledgments | Website | A URL that points to a page in your store where security researchers are acknowledged, such ashttps://mystore.com/hall-of-fame.html . To prevent future attacks, include only a general description without revealing specific information about vulnerability issues. Example:We would like to thank the following researchers: (yyyy/mm/dd) Justin Thyme - SQL injection |
Preferred Languages | Website | Specifies at least one preferred security reporting language. Separate multiple two-character language codes with a comma. All specified languages have the same priority. For example, to specify English, Spanish, and French, enter en, es, fr . |
Hiring | Website | The URL of a page on the site that lists security-related job positions. Example: https://mystore.com/jobs.html |
Policy | Website | The URL of the page that describes your security policy and vulnerability reporting practices. Example: https://mystore.com/security-reporting.html Default: https://mystore.com/security |
Signature | Website | A link to your digital signature file. The digital signature must be generated from the command line, and is saved in the .well-known folder on the server. For more information, see Security.txt on GitHub. Example: https://mystore.com/.well-known/security.txt.sig |