Security.txt

CloudyBlake

Just saw a post that Plesk now supports/integrates this, and it's been around awhile.

I don't see it as a big priority, but should be on the roadmap. I'm thinking have UI that allows customers to generate and deploy the file, and have UI for Admins to deploy to all websites if customer hasn't already deployed. (or maybe in a skeleton dir that gets used as default for new sites, in cPanel parlance). It seems to be a growing thing in the EU, which is probably why Plesk rolled it out but haven't seen anything about cPanel announcing it.

Some info on it:
https://securitytxt.org
https://blog.mailchannels.com/what-is-security-txt-used-for/
https://en.wikipedia.org/wiki/Security.txt
https://www.cisa.gov/news-events/news/securitytxt-simple-file-big-value
https://www.sidn.nl/en/news-and-blogs/sidn-introduces-incentive-to-encourage-use-of-security-txt
https://findsecuritycontacts.com

cPFence

xyzulu

What would you want Enhance to do? Roll this out automatically, and if so how does Enhance know what values to set?

Isn't it simple enough just to create the file yourself in File Manager?

CloudyBlake

xyzulu More just thinking of an easy interface for customer to implement.

Given that Plesk just announced this is really why I bring it up, seems to be big in europe. Cpanel hasn't even announced it yet. Like my post said, not a big priority, but why not put it on the list.

JohnB

Its for automated scanners to automatically report vulnerabilities. Most wordpress users won't want that as there will be a ton of false positives. Those that do won't be afraid to create a text file that literally can be generated from the site you link.

Just because Plesk, Cpanel, CloudRun or any other panel does something doesn't mean it should be added. Its literally one file that won't get changed very often.

FabioP

+1 for me.