Security

Payments are processed by your provider, so Klub focuses on hardening the local endpoints and storage. Use this page for a quick security checklist.

Request hardening

  • CSRF protection on state-changing routes (bnomei.klub.csrf).
  • Rate limiting on public endpoints (bnomei.klub.ratelimit.*).
  • Optional captcha/Turnstile on login/signup.
  • Safe same-origin redirects via klub_safe_redirect.
  • Input sanitization through Data::sanitize (size limit and tag stripping).

Provider data protection

Provider user data (customer IDs, payments, and metadata) can be encrypted at rest via bnomei.klub.crypto.encrypt and bnomei.klub.crypto.password.

General Kirby hardening

Use HTTPS, a tight CSP, and disable debug mode in production. Refer to the Kirby security guide for platform-level hardening.

Data stored in the CMS
Resources
Legal
Support
Services
Kirby Klub is not affiliated with the developers of Kirby CMS. We are merely standing on the shoulder of giants.
© 2026 Bruno Meilick All rights reserved.