| title | description | category | type | audience | date |
|---|---|---|---|---|---|
Security Policy |
Security vulnerability reporting and response policy |
Project |
Policy |
Developers, Security Researchers |
2025-12-01 |
We actively support the following versions of {{theme_name}}:
| Version | Supported |
|---|---|
| {{version}}.x | ✅ |
| < {{version}}.0 | ❌ |
If you discover a security vulnerability in {{theme_name}}, please report it responsibly:
DO NOT open a public GitHub issue for security vulnerabilities.
Instead, please send an email to: {{security_email}}
When reporting a security vulnerability, please include:
- Description: A clear description of the vulnerability
- Impact: What an attacker could achieve
- Steps to Reproduce: Detailed steps to reproduce the issue
- Affected Versions: Which versions are affected
- Suggested Fix: If you have ideas for a fix (optional)
- Your Contact Information: So we can follow up with you
- Acknowledgment: We'll acknowledge receipt within 24 hours
- Assessment: We'll assess the vulnerability within 72 hours
- Timeline: We'll provide an estimated timeline for a fix
- Updates: We'll keep you informed of our progress
- Resolution: We'll notify you when the vulnerability is fixed
- Disclosure: We'll coordinate responsible disclosure
- Critical vulnerabilities: Fixed within 7 days
- High severity: Fixed within 14 days
- Medium severity: Fixed within 30 days
- Low severity: Fixed in next regular release
When using {{theme_name}}, we recommend:
- Keep WordPress core updated
- Keep the theme updated to the latest version
- Use strong passwords and two-factor authentication
- Regular security audits
- Proper file permissions
- Regular backups
- Follow WordPress security best practices
- Sanitize and validate all user inputs
- Use nonces for form submissions
- Escape output properly
- Follow principle of least privilege
- Regular security code reviews
{{theme_name}} includes these security features:
- Input Sanitization: All user inputs are properly sanitized
- Output Escaping: All output is properly escaped
- Nonce Verification: Forms use WordPress nonces
- Security Headers: Basic security headers are included
- No Direct File Access: PHP files prevent direct access
- WordPress Standards: Follows WordPress security guidelines
If you find security issues in our dependencies:
- WordPress Core: Report to WordPress Security Team
- Third-party Libraries: Report to the respective maintainers
- Our Theme: Follow our reporting process above
Security updates will be:
- Released as soon as possible
- Documented in the changelog
- Announced on our security advisory page
- Backwards compatible when possible
We recognize security researchers who responsibly disclose vulnerabilities:
No vulnerabilities reported yet
For security-related questions or concerns:
- Email: {{security_email}}
- GPG Key: [Available upon request]
Thank you for helping keep {{theme_name}} secure! 🔒