securitytxt module provides the security.txt
standard for Backdrop CMS.
Its purpose is to provide a standardised way to document your
website’s security contact details and policy. This allows people to
securely disclose vulnerabilities to you.
If you are using backdrop version 1.22.0 or later then there are no
However, if you are using backdrop version 1.21.4 or earlier then
you must replace your
.htaccess file with the one provided by this
htaccess/modified.htaccess. This is because the original
.htaccess file does not allow backdrop to serve pages starting with
.well-knownpath, see issue
htaccess/original.htaccess is a copy of the default
.htaccess file from backdrop version 1.21.4 which
modified.htaccess is based on, it is only present for comparison
Install this module in the usual way, see the contributed
of the user guide for details.
If you are using backdrop version 1.21.4 or earlier then you must
.htaccessfile with the one provided by this module
cp PATH_TO_CONTRIB_MODULES/securitytxt/htaccess/modified.htaccess PATH_TO_DOCUMENT_ROOT/.htacess.
Visit the configuration page under Administration > Configuration > System >
admin/config/system/securitytxt) and enter the
required information to create your security.txt file.
Once you have created your security.txt file you should provide a
signature for it by visiting Administration > Configuration > System >
admin/config/system/securitytxt/sign) and following the
Once you have completed all this configuration your security.txt
and security.txt.sig files will be available at the following standard URLs:
Bugs and feature requests should be reported in the Issue
This project is GPL v2 software. See the LICENSE.txt file in this
directory for complete text.