Skip to content

Version

1.7 (Stable) Current 1.8 (Beta)

Folder Structure

Updating Grav & Plugins

Headers / Frontmatter

Page Collections

Markdown Syntax

Twig Tags, Filters & Functions

Theme Configuration

Theme Variables

Plugin Installation

Plugin Tutorial

Using Flex in a Plugin

Administration Panel

Configuration (System)

Configuration (Site)

User Accounts and Groups

Editor (Content)

Editor (Options)

Editor (Advanced)

Editor (Security)

Page Permissions

2-Factor Authentication

Flood Protection

Admin Event Hooks

Reference: Blueprint Form Fields

Example: Plugin Blueprint

Example: Plugin Configuration

Example: Page Blueprints

Example: Config Blueprints

How to: Add a file upload

Advanced Blueprint Features

Reference: Form Options

Reference: Form Field Index

Example: Contact Form

Reference: Form Actions

How to: Forms in modular pages

How to: Ajax Submission

Command Line Intro

Scripted Upgrades

Getting Started

Content Listing

Using Flex Objects

Flex Collection

Custom Directory Types

Performance & Caching

Debugging & Logging

Environment Configuration

Multisite Setup

Plugin Prioritization

Grav Development

Upgrading from Grav <1.6

Upgrading to Grav 1.6

Upgrading to Grav 1.7

Upgrading to Grav 1.8 beta

Groups and Permissions

Change the site URL

Web Servers & Hosting

Grav Built-in Web Server

Rochen Web Hosting

Crucial Web Hosting

Fortrabbit - PHP hosting

Cloudways - Managed Cloud for PHP Hosting

Microsoft Azure

Local Development with ddev

Deploying with Git

Php-built-in-web-server

Windows Subsystem for Linux

General Recipes

Troubleshooting

Grav Server Error

500 Internal Server Error

Invalid Security Token

Common Problems

Migrating from Drupal 7 to Grav

Migrating from WordPress to Grav

Recommended Configuration

Blogging Metadata

Grav CMS Github

Powered by Grav + Helios

ESC

No results found

Try a different search term

Type at least 2 characters to search

↑↓ to navigate Enter to select Esc to close

Powered by YetiSearch Pro

Version

1.7 (Stable) Current 1.8 (Beta)

Folder Structure

Updating Grav & Plugins

Headers / Frontmatter

Page Collections

Markdown Syntax

Twig Tags, Filters & Functions

Theme Configuration

Theme Variables

Plugin Installation

Plugin Tutorial

Using Flex in a Plugin

Administration Panel

Configuration (System)

Configuration (Site)

User Accounts and Groups

Editor (Content)

Editor (Options)

Editor (Advanced)

Editor (Security)

Page Permissions

2-Factor Authentication

Flood Protection

Admin Event Hooks

Reference: Blueprint Form Fields

Example: Plugin Blueprint

Example: Plugin Configuration

Example: Page Blueprints

Example: Config Blueprints

How to: Add a file upload

Advanced Blueprint Features

Reference: Form Options

Reference: Form Field Index

Example: Contact Form

Reference: Form Actions

How to: Forms in modular pages

How to: Ajax Submission

Command Line Intro

Scripted Upgrades

Getting Started

Content Listing

Using Flex Objects

Flex Collection

Custom Directory Types

Performance & Caching

Debugging & Logging

Environment Configuration

Multisite Setup

Plugin Prioritization

Grav Development

Upgrading from Grav <1.6

Upgrading to Grav 1.6

Upgrading to Grav 1.7

Upgrading to Grav 1.8 beta

Groups and Permissions

Change the site URL

Web Servers & Hosting

Grav Built-in Web Server

Rochen Web Hosting

Crucial Web Hosting

Fortrabbit - PHP hosting

Cloudways - Managed Cloud for PHP Hosting

Microsoft Azure

Local Development with ddev

Deploying with Git

Php-built-in-web-server

Windows Subsystem for Linux

General Recipes

Troubleshooting

Grav Server Error

500 Internal Server Error

Invalid Security Token

Common Problems

Migrating from Drupal 7 to Grav

Migrating from WordPress to Grav

Recommended Configuration

Blogging Metadata

Grav CMS Github

Powered by Grav + Helios

Security

1.7 (Stable) - Current

Grav CMS Github

Home
Security

Security

This chapter details Grav's security policies, how to report security issues, and the status of current and previous reports.

Overview If you discover a possible security issue related to Grav or one of its extensions, please send an email to the core team at [email protected] and we'll address it as soon as possible. Issues should not be publicly disclosed - including on GitHub, Discord, or the Discourse forum - b...

Recommended Configuration

Recommended Configuration Like with every other application, it is important that you check through the configuration options to secure and optimize your site. Production Site It is important to secure your production site by hardening the configuration. To do this, we recommend you to set you...

Users When running Grav, with or without an Administration Panel installed, there are some best practices to keep in mind. These relate to who can access what on your website, and the potential risks of not limiting risk factors in this regard. Grav Users and the Administration Panel When...

Developers When creating a plugin or theme for Grav, it is not only important to follow best practices, but to consider whether your work opens up any avenues of attack for potential intruders to a site. As Grav is a flat-file CMS and reliant on few dependencies, it is by nature more secure than s...

Server-side Protecting your Grav-installation server-side consists of using sensible options for your server and PHP. This guide does not cover settings for the server you run Grav on, nor ideal conditions, but rather highlights some tips and best practices in securing Grav or links to resources w...

Reports Since GitHub now have support for security advisories for each repository, this is where you'll find up-to-date reports and policies. You can always find more details on MITRE's CVE-program, and an overview on CVE Details. Most prominently, Grav itself and the Admin-plugin are what e...

Previous Migrating from WordPress to Grav

Edit this page on Github

© 2026 Grav Documentation. All rights reserved.