generated from bisco/codex-bootstrap
fix: harden WordPress content rendering
This commit is contained in:
@@ -6,6 +6,9 @@
|
||||
ignored and real secrets must come from the deployment secret manager.
|
||||
- WordPress uses its normal capability, nonce, authentication, cookie, and password
|
||||
controls. Theme settings sanitize input and templates escape output.
|
||||
- Structured Shows and Gallery content is editable in WordPress admin but is consumed
|
||||
by the homepage only; it is not exposed as standalone public routes or REST
|
||||
collections.
|
||||
- File editing is always disabled. Production also disables web-based core, theme, and
|
||||
plugin changes; patched images are rebuilt and redeployed instead.
|
||||
- XML-RPC and comments are disabled. NGINX blocks PHP execution below uploads, dotfiles,
|
||||
|
||||
Reference in New Issue
Block a user