- I’m just one guy, and I don’t make any money from my websites, so I’m afraid there’s no bug bounty. I can also be quite slow to respond because I have a full-time day job.
- I don’t consider having XML-RPC enabled for WordPress a vulnerability, so please don’t report it.
- I don’t consider having the Google Maps API key in my Javascript a vulnerability either. Embedding the API key in source code is literally the only way to have the Google Maps API work, and is Google’s recommended practice for using Google Maps. It’s fine. Take a chill pill.
- I’ll consider most other things on a case-by-case basis. If you’ve found a real problem, at least you’ll get into my Security Hall of Fame.
Thanks!