Security and trust
ErrorNotifier is built with WordPress-native security controls and conservative monitoring defaults.
- SSRF protections block localhost, private IPs, loopback, link-local, reserved, multicast, metadata IPs, and non-HTTP schemes.
- Secrets are encrypted or protected with WordPress salts and masked in the UI.
- Role-based organization access covers owners, admins, responders, viewers, and billing users.
- Audit logs track org, monitor, alert, incident, project key, artifact, and billing events.
- PII redaction filters tokens, passwords, API keys, authorization headers, card-like values, and email addresses before event storage.
- SOC 2, ISO, HIPAA, SAML, and DPA workflows are planned or Enterprise foundations unless explicitly contracted.