Security objectives
Four principles that shape every architectural decision in WallabyX.
Strong multi-tenant isolation
Every site is scoped by site_id at every layer — application logic, database queries, and RLS policies. One tenant cannot access another's data.
No secrets exposed client-side
All sensitive operations run server-side. API keys, service role credentials and HMAC secrets never reach the browser.
Anti-abuse on public endpoints
Comments, reviews and forms are protected by honeypot, minimum time-on-page, IP+UA rate limiting, deterministic spam analysis and moderation states.
RLS at database level
Supabase Row Level Security policies enforce access rules directly in the database. App-level checks and DB-level checks are always consistent.
Active security controls
Trust boundaries
Public
Unauthenticated
- → Public site frontend
- → Comments, reviews, forms
- → Public media bucket (intentional)
- → All protected by anti-abuse layer
Authenticated
Dashboard users
- → Access gated by site membership
- → All CRUD scoped to their site_id
- → Profile RLS: only own + shared-site members
- → No cross-tenant data access possible
Elevated
Server / service role
- → server-only routes with service_role
- → Always requires ownership check first
- → Fail-hard if env secrets missing in prod
- → Admin client used only for specific ops
Compared to WordPress
WordPress's biggest security risks don't exist in WallabyX.
WordPress risks
- ✗ xmlrpc.php exposed by default
- ✗ Vulnerable PHP plugins (CVEs weekly)
- ✗ Database directly accessible if misconfigured
- ✗ wp-admin brute force attacks
- ✗ Plugin update chains create attack surface
- ✗ jQuery, wp-embed, heartbeat API overhead
WallabyX architecture
- ✓ No PHP, no xmlrpc.php, no legacy attack surface
- ✓ No plugins — zero third-party CVE exposure
- ✓ Database never directly accessible from client
- ✓ API key auth with granular scopes
- ✓ RLS enforced at database level
- ✓ No unnecessary JavaScript or runtime overhead
Security you don't have to think about.
Built into the architecture from day one. Not bolted on with plugins.