# ==============================================================================
# BUG BOUNTY & SECURITY POLICY
# ==============================================================================
# We welcome responsible disclosure of severe, exploitable security vulnerabilities.
#
# IMPORTANT: WE DO NOT OPERATE A PAID BUG BOUNTY PROGRAM.
#
# To save everyone time, the following issues are known, accepted risks,
# or OUT OF SCOPE. Reports about the following will be DELETED and IGNORED:
#
# - Missing HTTP Security Headers (CSP, X-Frame-Options, HSTS, etc.)
# - Email spoofing and configuration issues (SPF, DKIM, DMARC)
# - WordPress user enumeration (WP-JSON endpoints, author archives)
# - xmlrpc.php or wp-cron.php being accessible
# - Banner grabbing or software version disclosure
# - Lack of rate-limiting or generic brute-force attacks
# - Clickjacking / UI Redressing
# - Any report generated by an automated scanner without a working,
#   impactful Proof of Concept (PoC).
# ==============================================================================

Contact: mailto:security@networklessons.com
Preferred-Languages: en
Expires: 2026-12-31T23:59:00.000Z

# Please see https://securitytxt.org/ for details of the specification of this file.