Hugo Web Site Add Security.txt

A short post about how to add security.txt to your Hugo web site. A security.txt file is used for displaying information if some security researchers need to get hold of someone in the organisation behind the web page if there is a security incident.

How to create security.txt

Start with creating a .well-known directory in the root of your static directory in your Hugo site. In the new directory, create a security.txt file.

Folder structure in Hugo

Goto https://securitytxt.org/ and use the guide to create your valid security.txt file. Copy the result from https://securitytxt.org/ to the security.txt file you have created. Save and upload your changes. If you are trying to view the security.txt in offline mode (for example if you are using the hugo server -D command), you need to restart the local hugo server. This is because Hugo is not automatically reloading .txt files.

If you go to <your web site>/.well-known/security.txt you should see the new security.txt file you have created.

security.txt Hugo web-site security securitytxt.org