Security Issue Reporting

The security.txt file contains contact information and security-related links that can be used by security researchers to report security concerns about your site. If your security information changes over time, ensure that the information in the security.txt file is up to date.

Configure security.txt

  1. On the Admin sidebar, go to Stores > Settings > Configuration.

  2. In the left panel under Security, click Security.txt.

  3. In the General section, set Enable to Yes.

  4. Under Contact Information, enter the following:

    • The Email address and Phone number of the person who manages security issues for your store.

    • The URL of your store’s Contact Page. This page could either be a list of store security contacts or your Contact Us page.

    Contact Information

  5. Under Other Information, enter the following:

    • The URL of your public Encryption key. For example: https://example.com/pgp-key.txt

    • The URL of an Acknowledgements page where security researchers are recognized for their efforts on behalf of your store.

    • Your Preferred Languages for security-related communications. Enter the standard two-character language code for each supported language, separated by a comma. For example, to specify English, Spanish, and French, enter en, es, fr. All specified languages have the same priority, regardless of their order of appearance.

    • The URL of a Hiring page that lists security-related employment opportunities with your store.

    • The URL of your security Policy page.

    • The URL of a digital Signature file that is saved on your server. For example:https://mystore.com/.well-known/security.txt.sig

    The digital signature must be set up from the CLI (command line interface) of the server. To learn more, see Security.txt on GitHub.

    Other Information

  6. When complete, click Save Config.