Skip to content

Security: vavavadusik-crypto/wordpress-automation

Security

SECURITY.md

Security Policy

Secrets policy

Do not commit WooCommerce credentials, SMTP passwords, .env, config.yaml, SQLite data, or scraped customer/business data.

Use config.example.yaml as a template and keep the real config.yaml local. Provider keys such as GROQ_API_KEY should be loaded from environment variables.

If a credential is committed accidentally:

  1. Revoke it in WordPress/WooCommerce, email, or provider dashboards.
  2. Rotate the credential.
  3. Remove the secret from the repository before publishing another release.

Reporting a security issue

Report issues privately to the maintainer first. Include redacted logs and the affected command or module.

There aren't any published security advisories