Remark42 is privacy-oriented but still exposes public write endpoints and optional social login flows. Hardening must cover auth providers, API limits, and admin token control.
¶ 1) Secure authentication providers and admin access
- enable only required login providers; disable unused OAuth providers
- rotate OAuth client secrets and admin credentials regularly
- restrict admin UI access to trusted networks where feasible
- enforce HTTPS and reverse-proxy rate limits for posting endpoints
- set request-size limits and spam filtering for anonymous traffic
- monitor unusual burst patterns and block abusive sources quickly
¶ 3) Protect storage, notifications, and backups
- secure comment storage backend and notification credentials with secret management
- keep SMTP and webhook endpoints restricted and audited
- test restore of comments and moderation metadata from backups
- Remark42 documentation: https://remark42.com/
- Remark42 source repository: https://github.com/umputun/remark42
Any questions?
Feel free to contact us. Find all contact information on our contact page.