A comprehensive guide for writing about WordPress and security with clarity, honesty, and empowerment.
This is an editorial reference — it answers "how do I write about it?"
It provides voice, tone, terminology, and formatting conventions for anyone communicating about WordPress security. The target reader is a technical writer, developer advocate, marketing team member, or security professional drafting advisories, blog posts, documentation, or incident communications.
This document is not a hardening guide (use the Hardening Guide for implementation advice), not an audit checklist (use the Security Benchmark for compliance verification), and not an operational runbook (use the Operations Runbook for step-by-step procedures).
This repository contains a style guide designed for communicators, developers, and security professionals in the WordPress ecosystem. It provides principles, technical formatting guidelines, and a specialized glossary to ensure security communication is accurate, accessible, and actionable.
- Principles & Practices: Core Philosophy on security as a shared responsibility.
- Writing Guidelines: Practical advice on leading with solutions rather than fear (FUD).
- Voice & Tone: Maintaining consistency across different contexts and audiences.
- Technical Formatting: Guidelines for using monospace fonts, acronyms, and technical terms correctly.
- Vulnerability Communication: Standards for describing security flaws, severity levels (CVSS/EPSS), and remediation.
- Glossary: A detailed reference for security terms used in the WordPress context.
- WP-Security-Style-Guide.md: Canonical source Markdown for editorial revisions.
- WP-Security-Style-Guide.docx: A Microsoft Word
.docxintermediary generated from Markdown and used as the template source for final publication formats. - WP-Security-Style-Guide.epub: The EPUB version generated from the
.docxintermediary. - WP-Security-Style-Guide.pdf: The PDF version generated from the
.docxintermediary.
Build pipeline: WP-Security-Style-Guide.md -> WP-Security-Style-Guide.docx -> WP-Security-Style-Guide.pdf and WP-Security-Style-Guide.epub.
This style guide is one of four complementary documents covering WordPress security from different angles:
| Document | Purpose |
|---|---|
| WordPress Security Benchmark | Audit checklist — "what to verify." Prescriptive, auditable hardening controls for compliance verification. |
| WordPress Security Hardening Guide | Advisory — "what to implement." Enterprise-focused security architecture and threat mitigation. |
| WordPress Operations Runbook | Operational — "how to do it." Step-by-step procedures, code snippets, and incident response playbooks. |
This guide is intended to be used as a reference when drafting:
- Security advisories and vulnerability disclosures.
- Technical documentation and blog posts.
- Educational content for WordPress users.
- Incident response communications.
- Dan Knauss — (Human) — author, editor, reviewer, researcher
- Claude (Anthropic) — review, revision, cross-document alignment
- Gemini (Google) — independent review and revision planning
- GPT-5 Codex (OpenAI) — independent review and revision planning
This document and the three related documents in this series are revised with the assistance of frontier LLMs. Multiple models independently review all four documents for factual errors, outdated guidance, and cross-document misalignments, with the WordPress Advanced Administration Handbook as primary authority. A human editor reviews, approves, or rejects every recommended change before it is applied. For the full methodology, see AI-Assisted Documentation Processes. The machine-readable editorial agent skills and cross-document consistency rules are in the skills directory.
- Contributions: see CONTRIBUTING.md.
- Security reporting: see SECURITY.md.
- Community expectations: see CODE_OF_CONDUCT.md.
- Support boundaries: see SUPPORT.md.
- License: LICENSE.
This project is licensed under the Creative Commons Attribution-ShareAlike 4.0 International License (CC-BY-SA-4.0).