fix: harden WordPress content rendering

This commit is contained in:
bisco
2026-06-26 15:54:57 +02:00
parent 482928a296
commit 0762b98fc6
8 changed files with 43 additions and 18 deletions
+3
View File
@@ -6,6 +6,9 @@
ignored and real secrets must come from the deployment secret manager.
- WordPress uses its normal capability, nonce, authentication, cookie, and password
controls. Theme settings sanitize input and templates escape output.
- Structured Shows and Gallery content is editable in WordPress admin but is consumed
by the homepage only; it is not exposed as standalone public routes or REST
collections.
- File editing is always disabled. Production also disables web-based core, theme, and
plugin changes; patched images are rebuilt and redeployed instead.
- XML-RPC and comments are disabled. NGINX blocks PHP execution below uploads, dotfiles,