CAA for wordpress.org

A report came in via HackerOne recommending that Certificate Authority Authorization be implemented for wordpress.orgWordPress.org The community site where WordPress code is created and shared by the users. This is where you can download the source code for WordPress core, plugins and themes as well as the central location for community conversations and organization. https://wordpress.org/ (and other W domains).

CAA allows a domain owner to restrict which CAs are allowed to issue certificates for the domain. It’s been useless until quite recently: the CAB Forum recently voted to enforce CAA checks for all new certificates starting next month, so it’s definitely a useful measure to implement.

More info: https://scotthelme.co.uk/certificate-authority-authorization/

#prio3