| Version | Supported |
|---|---|
| 1.0.x | ✅ |
Please do not report security vulnerabilities through public GitHub issues.
Instead, please report them via email to: contact@developerruhban.com
Include:
- Type of vulnerability
- Full paths of source file(s)
- Location of the affected source code
- Step-by-step instructions to reproduce
- Proof-of-concept or exploit code (if possible)
- Impact of the issue
- Acknowledgment within 48 hours
- Status update within 7 days
- Fix timeline provided if vulnerability confirmed
- Credit in security advisory (if desired)
- Change Default Password
// Generate strong password hash
php -r "echo password_hash('your-strong-password', PASSWORD_DEFAULT);"-
Use HTTPS
- Always access admin panel over HTTPS
- Configure SSL certificate
-
Restrict Admin Access
# .htaccess
<Files "admin.php">
Require ip YOUR_IP_ADDRESS
</Files>-
Regular Updates
- Keep PHP updated
- Monitor security advisories
- Backup regularly
-
File Permissions
chmod 755 *.php
chmod 777 articles/
chmod 600 articles.json-
Input Validation
- Sanitize all user inputs
- Use
htmlspecialchars()for output - Validate file uploads
-
SQL Injection Prevention
- Use prepared statements (if adding DB)
- Escape special characters
-
XSS Prevention
- Sanitize markdown input
- Escape HTML in templates
- Use Content Security Policy
-
CSRF Protection
- Implement CSRF tokens (future feature)
- Validate request origins
-
Session Security
- Use secure session configuration
- Implement session timeout
- Regenerate session IDs
✅ Password Hashing - Bcrypt encryption ✅ Session Management - PHP sessions ✅ Input Sanitization - HTML escaping ✅ Access Control - Login required ✅ File Validation - Extension checks
- Security issues are addressed promptly
- Public disclosure after fix is released
- Credit given to security researchers
- Timeline: 30-90 days for fixes
Subscribe to security advisories:
- Watch this repository
- Enable email notifications
- Check releases regularly
Last Updated: January 2026