Comentario handles public write traffic and moderation workflows. Security posture should prioritize account policy, anti-abuse gates, and careful handling of OAuth/SMTP credentials.
¶ 1) Secure administrator and moderator identities
- use strong password policy and MFA where your identity provider supports it
- assign moderation roles with least privilege; avoid shared admin accounts
- disable or limit self-registration modes if not required for your community
- place Comentario behind reverse proxy with TLS and rate limiting
- enforce request size limits to reduce comment flood and payload abuse
- configure moderation defaults for first-time users and flagged content
¶ 3) Protect secrets and content data lifecycle
- keep database, SMTP, and OAuth client secrets out of repository files
- encrypt backups containing comments and user profile data
- define retention and deletion policy for user-generated content
- Comentario source and docs entry: https://docs.comentario.app/en/about/source-code/
Any questions?
Feel free to contact us. Find all contact information on our contact page.