Owner account maintain ownership, without any other roles, and offline

Administrator permissions are designated to correct user/s and bots

Vanity Admin and Moderators do NOT have Administrator permission
Ensure only bots that absolute need Administrator have it
Outside of + role (hidden admin) no other role has Administrator

Join Gate separates Verified from Unverified users

No users visible in list except hidden admin, server owner, and unverified users
No unverified users visible outside of Verified channels

Management and Staff roles don't have Manage Roles, Manage Channels, Manage Server, Manage Webhooks and all other High Threat Permissions

Management and Staff roles don't have access to High Threat Channels

Channels synced with their Category permissions, with exceptions to Social, Bot feed channels that may grant access to one specific bot in otherwise read-only channels

No roles other than Administrator and Owner have ability to configure bots

/kick /ban /timeout commands working (if disabled in permissions and tied only to automod)

Webhooks removed from Server Integrations after use

No unaccounted for bots

Channels are only visible to the roles intended

Non-staff can't see staff channels/private channels
Non-holders can't see token-gated channels

Log Channels configured correctly and logging events as intended

Staff accounts had read-only or no access to channel logs

Last updated 2 years ago

Security Audit Checklist

This is merely a guide of the essentials. Individuals may wish to customize/make additions to this for their own personal needs and/or create their own version. This is the bare necessities.

PreviousSecurity Education NextChannels & Permissions

Last updated 2 years ago

Security Audit Checklist

Auditing Discord Security