Commento combines public comments with administrator moderation tools. Hardening must cover authentication, API endpoint abuse controls, and secure storage for user content.
¶ 1) Protect admin interface and session controls
- enforce HTTPS-only access for admin and moderation routes
- apply strong password policy and restrict admin access by network where possible
- configure secure cookie handling and short session lifetimes for admin users
¶ 2) Throttle and validate public submissions
- apply reverse-proxy rate limiting to comment submission endpoints
- enable moderation workflows for anonymous or first-time commenters
- block oversized payloads and malformed requests before app processing
- keep Postgres and Redis (if used) on private interfaces only
- store SMTP and app secrets in secret manager, not compose files in Git
- back up comments and moderation state and test recovery regularly
- Commento installation docs: https://docs.commento.io/installation/
- Commento source repository: https://github.com/adtac/commento
Any questions?
Feel free to contact us. Find all contact information on our contact page.