diff --git a/docs/pages/community-management/discord.mdx b/docs/pages/community-management/discord.mdx
deleted file mode 100644
index f4d17916..00000000
--- a/docs/pages/community-management/discord.mdx
+++ /dev/null
@@ -1,371 +0,0 @@
----
-title: "Discord Security"
-tags:
- - Community & Marketing
- - Security Specialist
-contributors:
- - role: wrote
- users: [mattaereal, zedt3ster, fredriksvantes]
- - role: reviewed
- users: [mattaereal]
- - role: fact-checked
- users: [nftdreww]
----
-
-import { TagList, AttributionList, TagProvider, TagFilter, ContributeFooter } from '../../../components'
-
-
-
-
-# Discord Security
-
-
-
-
-> 🔑 **Key Takeaway for Discord:** To secure your Discord server, focus on implementing robust access controls and
-> enforcing two-factor authentication for all administrators. Regularly audit roles and permissions, and maintain
-> vigilant moderation. Educate your community about security best practices to prevent unauthorized access and protect
-> against potential threats.
-
-Discord offers a variety of security features that are essential to use. Despite these, users should stay alert to
-threats like phishing, which can target server moderators. Such threats may appear as QR code scams, fake login screens,
-or misleading direct messages pretending to be from Discord support.
-
-To enhance the security of your Discord server, take into account these suggestions. They cover important aspects like
-server settings, roles and permissions, moderation, bots, channels, invites, member screening, logging, and other
-security measures.
-
-## Essential Security Measures
-
-### Server Settings
-
-a) **Enable 2FA Requirement for Moderation**
-
-- Go to Server Settings > Safety Setup > Moderation
-- Toggle on "Require 2FA for moderation"
-- This ensures all moderators have an extra layer of security
-
-b) **Set Appropriate Verification Level**
-
-- Go to Server Settings > Safety Setup > Verification Level
-- Choose from: None, Low, Medium, High, Highest
-- Recommended: "Moderate" for public servers (requires users are registered on discord for longer then 5 min.)
-- Higher levels protect against spammers and raids
-
-c) **Enable Explicit Content Filter**
-
-- Go to Server Settings > Safety Setup > Content Filter
-- Set to "Scan messages from all members"
-- This automatically blocks messages containing explicit images in non-age-restricted channels
-- Age-restricted channels are exempt from this filter
-
-d) **Enable Raid Protection and CAPTCHA**
-
-- Go to Server Settings > Safety Setup > Raid Protection and Captcha
-- Activate all relevant settings to require CAPTCHA for new user actions
-- This protection uses machine learning to detect and block bot-driven join-raids
-- When activated:
- - Sends alerts to a specified channel
- - Requires CAPTCHA verification for new users for one hour after detection
-
-### Roles and Permissions
-
-a) **Implement Role Hierarchy**
-
-- Go to Server Settings > Roles
-- Create roles like: Cold Admin, Team, Moderator, & Verified.
-- Drag to reorder; higher roles override lower roles
-- Restructure the role hierarchy by dragging roles higher or lower in the roles list:
- - Cold Admin
- - Team
- - Moderator
- - Verified
-
-b) **Restrict Administrative Permissions**
-
-- For each role, carefully review the 32 available permissions
-- Key permissions to restrict: Administrator, Manage Webhooks, Manage Server, Manage Roles, & Manage Channels
-- Never give Admin or Kick permissions to anyone you don't fully trust
-- Good permissions for moderators: Manage Channels, Manage Roles, Manage Messages, Ban Members, Delete Messages
-- Good permissions for members: View Channels, View audit logs, Create Invite, Manage Messages, Read Message History,
- Connect, Speak & Use Voice Activity, & Ban/Kick/Timeout
-
-c) **Use Channel-Specific Permissions**
-
-- Right-click on a channel > Edit Channel > Permissions
-- Set custom permissions for roles or members in specific channels
-
-d) **Use the "View Server as Role" Feature**
-
-- Go to Server Settings > Roles > Select a role > View Server as Role
-- This allows you to see what members with a certain role can see and access
-
-## Advanced Security Measures
-
-### Moderation
-
-a) **Set Up Auto-Moderation Rules**
-
-- Go to Server Settings > AutoMod
-- Set up rules for: Spam, Harmful Links, Mention Spam, Inappropriate Words
-- Configure custom keyword filters and exempted roles
-- Customize the response to spam, like blocking the message, sending an alert, or timing out the member
-- Add to the existing automod rule to block keywords in a users name, and put Support, Bot, Admin, Tech, Helpdesk, etc.
-
-b) **Configure Timeout Duration**
-
-- Go to Server Settings > Safety Setup > Timeout
-- Set default duration (e.g., 60 minutes)
-- Educate moderators on using timeouts effectively
-
-c) **Establish Clear Server Rules**
-
-- Create a #rules channel
-- Use Discord's built-in rules screening feature
-- Include sections on: Behavior, Content, Moderation Actions, Appeals Process
-
-### Extra Moderation Best Practices
-
-a) **Leverage "Default Notifications to Mentions Only"**
-
-- Go to **Server Settings > Overview** and set **Default Notifications** to **Mentions Only**.
-- Reduces potential spam notifications for members, making them more vigilant about suspicious or phishing content.
-
-b) **Stay Alert to New Features & Potential Exploits**
-
-- Keep track of newly introduced features such as Threads, Scheduled Events, or Stage Channels.
-- Configure their permissions carefully (e.g., who can start or join a Thread) to prevent abuse by spammers or scammers.
-
-c) **Regularly Check Third-Party Bot Security**
-
-- Ensure bots are from reputable sources and receive frequent updates.
-- Review bot permissions after each significant update to avoid newly introduced vulnerabilities.
-
-### Bots
-
-a) **Audit Bot Permissions**
-
-- Go to Server Settings > Integrations
-- Review each bot's permissions
-- Remove unnecessary permissions
-- Remove permissions for bots that ask for Admin or other permissions that aren't needed, use least privilege with
- permissions at the role level and channel level.
-
-b) **Remove Unnecessary Bots**
-
-- Uninstall any bots that aren't actively used or needed
-
-c) **Implement Security/Moderation Bots**
-
-- Consider bots like:
- - Dyno for advanced moderation and logging
- - Carl-bot for reaction roles and custom commands
- - Set up security Bots
-
-### Security-Specific Bots
-
-Various third-party Discord bots offer valuable security and protection features, facilitating automated moderation for
-your server. In the sections below, we'll explore different categories of security bots and highlight popular options
-for each category.
-
-#### Anti-Impersonation Bots
-
-Set up custom rules to prevent other users from joining using the same username and PFP (profile picture) to impersonate
-you or other important members of the server. A popular bot in this category is Wick Bot.
-
-#### Anti-Raid Bots
-
-to prevent spam bots from joining your server all at once, an attack known as raiding, you can also set up bots with
-particular rules. Beemo is a good example of a bot in this category.
-
-#### Anti-Nuke Bots
-
-This is a monitoring system to observe and note any changes (spontaneous or planned) that take place in your discord
-server. Some key observation markers are channel and role creation/deletions, banning or kicking members, and webhook
-creation/deletion.
-
-#### Moderation & Link Whitelisting Bots
-
-Only allows approved links to be used in the discord server. A popular bot in this category is Goodknight Bot.
-
-_The bots above are not all-inclusive but rather a recommended list of bots to help protect your Discord server in these
-categories._
-
-## Enhanced Server Configuration
-
-### Channels
-
-a) **Organize Channels Logically**
-
-- Use categories to group related channels
-- Suggested categories: Information, General, Voice Channels, Topic-Specific
-
-b) **Set Slow Mode Where Needed**
-
-- Channel Settings > Overview > Slow Mode
-- Set appropriate cooldown (e.g., 5-30 seconds) for busy channels
-
-c) **Use Age-Restricted Channels Appropriately**
-
-- Channel Settings > Overview > Age-Restricted Channel
-- Enable for channels with mature content
-
-### Invites
-
-a) **Disable Permanent Invites**
-
-- Server Settings > Invites
-- Un-check "Allow anyone with administrative permissions to create invites"
-
-b) **Set Invite Expiration and Usage Limits**
-
-- When creating an invite: Set "Expire After" and "Max Number of Uses"
-- Recommended: 24 hours expiration, 50-100 uses
-
-c) **Regularly Audit Active Invites**
-
-- Server Settings > Invites
-- Review and delete unnecessary or old invites
-
-### Member Screening
-
-a) **Enable Membership Screening**
-
-- Server Settings > Safety Setup > Membership Screening
-- Toggle on "Enable Membership Screening"
-
-b) **Set Up Screening Questionnaire**
-
-- Add questions about server rules, age verification, etc.
-- Require members to agree to rules before joining
-
-c) **Set Up Membership Requirements**
-
-- Require users to react to a message or post an introduction
-- This helps filter out bots and spam accounts from joining
-
-### Logging
-
-a) **Enable Audit Logs**
-
-- Ensure admin/mod roles have "View Audit Log" permission
-
-b) **Set Up a Private Logging Channel**
-
-- Create a private channel visible only to admins/mods
-- Use a logging bot like Logger or Dyno to send detailed logs
-
-## Best Practices & Administrative Security
-
-### Regular Reviews
-
-a) **Conduct Periodic Permission Audits**
-
-- Monthly: Review all role permissions
-- Use a spreadsheet to track changes and justifications
-
-b) **Review and Update Server Rules**
-
-- Quarterly: Assess if rules need updating
-- Announce any changes in a dedicated announcements channel
-
-c) **Check for Unused Channels/Roles**
-
-- Bi-annually: Delete or archive inactive channels
-- Remove roles that are no longer needed
-
-### Cold Admin Accounts
-
-a) **Set Up a "Cold" Admin Account**
-
-- Create a new account on a separate device never used for chatting or clicking links
-- This account is highly resistant to phishing and provides an extra layer of security for the server owner
-
-b) **Secure the Cold Account**
-
-- Create a new email account for the cold account
-- Factory reset the device used for this account
-
-c) **Use the Cold Account for Critical Actions**
-
-- Manage bots, modify server settings, and respond to compromises
-- Never use this account for regular server activities
-
-d) **Disable QR Code Login on Cold Device**
-
-- In **User Settings > Privacy & Safety**, deselect any quick login or QR scan options.
-- Prevents attackers from using QR phishing tactics to hijack this high-privilege account.
-
-### Additional Community Features
-
-a) **Enable the Community Feature (Newer Discord Update)**
-
-- Go to **Server Settings > Community** to activate the Community Feature.
-- Unlocks tools like membership screening, server insights, welcome screen, and discovery settings.
-- Helps maintain a structured, secure environment by surfacing official rules and critical info to newcomers.
-
-b) **Review Updated Discord Moderation Resources**
-
-- Consult the official [Discord Moderator Academy](https://discord.com/moderation) for ongoing best practices and new
- features.
-- Implement recommended strategies (e.g., improved spam filters, updated role recommendations).
-
-## Platform-Specific Security Considerations
-
-### Additional Security Measures
-
-a) **Verification Systems**
-
-- Implement a verification bot like Wick
-- Require users to complete an in-channel captcha before accessing the server
-- Advance Settings: Have verification bot filter based on account age, PFP set, and timeout for incomplete captcha
-
-b) **Raid Protection**
-
-- Use anti-raid bots like Wick or Dyno
-- Configure automatic lock-down settings for suspicious activity
-
-c) **Privacy Settings**
-
-- Server Settings > Privacy Settings
-- Disable "Allow direct messages from server members"
-
-d) **Integration Whitelisting**
-
-- Server Settings > Integrations > Allow new integrations to be added by:
-- Set to "Only Administrators" to prevent unauthorized bot additions
-
-e) **Server Insights**
-
-- Enable Server Insights for detailed analytics
-- Use this data to inform moderation strategies and server improvements
-
-f) **Backup Systems**
-
-- Use a bot like ServerBackup to regularly backup your server configuration
-- Store backups securely off-platform
-
-g) **Audit New Integration/Link Safety Settings**
-
-- Regularly review **Server Settings > Integrations** for newly added apps or link shorteners.
-- Disable suspicious integrations or automate link scanning with a bot that checks URLs against known phishing
- databases.
-
-h) **Enable Safe Direct Messaging for All Users**
-
-- In **User Settings > Privacy & Safety**, select **Keep Me Safe** for direct messages.
-- Encourages moderators and community members to adopt the same setting to minimize phishing DMs.
-
-## Additional Resources
-
-- [Securing Your Server - Discord](https://discord.com/community/securing-your-server)
-- [Four Steps for a Super Safe Server -
- Discord](https://discord.com/safety/360043653152-four-steps-to-a-super-safe-server)
-- [How to setup a Discord server
- securely](https://www.ledger.com/academy/basic-basics/launch-a-crypto-project-securely/how-to-set-up-a-crypto-project-discord-server-securely)
-{/* Test change: vie 23 may 2025 19:59:52 -03 */}
-
----
-
-
-
diff --git a/docs/pages/community-management/index.mdx b/docs/pages/community-management/index.mdx
index a6dee555..012d545b 100644
--- a/docs/pages/community-management/index.mdx
+++ b/docs/pages/community-management/index.mdx
@@ -12,6 +12,6 @@ title: "Community Management"
## Pages
- [Community Management](/community-management/overview)
-- [Discord Security](/community-management/discord)
+- [Google Security](/community-management/google)
- [Telegram](/community-management/telegram)
- [Twitter](/community-management/twitter)
diff --git a/docs/pages/config/contributors.json b/docs/pages/config/contributors.json
index d75b9d34..f341b51d 100644
--- a/docs/pages/config/contributors.json
+++ b/docs/pages/config/contributors.json
@@ -286,5 +286,17 @@
"company": "Web3Sec.News & Digibastion.com",
"job_title": "Creator",
"description": "Steward of DNS and Domain Registration Security"
+ },
+ "auditware": {
+ "slug": "auditware",
+ "name": "Auditware",
+ "role": "contributor",
+ "avatar": "https://avatars.githubusercontent.com/auditware",
+ "github": "https://github.com/Auditware",
+ "twitter": "https://x.com/audit_wizard",
+ "website": "https://www.auditware.io/",
+ "company": "Auditware",
+ "job_title": null,
+ "description": "Industry leading OpSec audits, security tools, and code reviews performed by true security wizards"
}
}
\ No newline at end of file
diff --git a/docs/pages/guides/community-management/discord.mdx b/docs/pages/guides/community-management/discord.mdx
new file mode 100644
index 00000000..e7b5b7d4
--- /dev/null
+++ b/docs/pages/guides/community-management/discord.mdx
@@ -0,0 +1,367 @@
+---
+title: "Discord Security"
+tags:
+ - Community & Marketing
+ - Security Specialist
+contributors:
+ - role: wrote
+ users: [mattaereal, zedt3ster, fredriksvantes, auditware]
+ - role: reviewed
+ users: [mattaereal]
+ - role: fact-checked
+ users: [nftdreww]
+---
+
+import { TagList, AttributionList, TagProvider, TagFilter, ContributeFooter } from '../../../../components'
+
+
+
+
+# Discord Security
+
+
+
+
+## Summary
+
+> 🔑 **Key Takeaway for Discord:** To secure your Discord server, focus on implementing robust access controls and
+> enforcing two-factor authentication for all administrators. Regularly audit roles and permissions, and maintain
+> vigilant moderation. Educate your community about security best practices to prevent unauthorized access and protect
+> against potential threats.
+
+Discord offers a variety of security features that are essential to use. Despite these, users should stay alert to
+threats like phishing, which can target server moderators. Such threats may appear as QR code scams, fake login screens,
+or misleading direct messages pretending to be from Discord support.
+
+To enhance the security of your Discord server, take into account these suggestions. They cover important aspects like
+server settings, roles and permissions, moderation, bots, channels, invites, member screening, logging, and other
+security measures.
+
+---
+
+## For Individuals
+
+These settings apply to your personal Discord account. All team members, moderators, and admins should configure these on their own accounts.
+
+### Account Security Checklist
+
+- [ ] User Settings > My Account: Ensure **2FA** is enabled (authenticator app and/or security key), Remove a phone number if you have one added to your account, and after 2FA is setup select **View Backup Codes**, and note down your backup codes offline
+- [ ] User Settings > My Account: Ensure **SMS Backup Authentication** is **disabled**
+- [ ] User Settings > Content & Social > Social Permissions: Allow DMs from other server members > **Disabled**
+- [ ] User Settings > Content & Social > Direct Message Spam: Select **Filter all** to filter all DMs for spam (encourages moderators and community members to adopt the same setting to minimize phishing DMs)
+- [ ] User Settings > Authorized Apps: Review and **Deauthorize** any unnecessary apps
+- [ ] User Setting > Devices: Review and remove unnecessary devices, or **Log Out All Known Devices**
+- [ ] User Settings > Connections: Review and remove any unnecessary connections
+
+---
+
+## For Team Members
+
+These guidelines apply to moderators and team members who help manage the server but don't have full administrative access.
+
+Team members should:
+- Understand the permissions their role grants using **Server Settings > Roles > View Server as Role** — this allows you to see what members with a certain role can see and access
+- Be aware of the server's AutoMod rules for: Spam, Harmful Links, Mention Spam, Inappropriate Words, and any custom keyword filters and exempted roles
+
+---
+
+## For Admins
+
+These settings and practices apply to server administrators with elevated privileges.
+
+### Server Settings Checklist
+
+#### Safety Setup
+
+- Safety Setup > Moderation:
+ - [ ] Require 2FA for moderation > **Enabled**
+ - This ensures all moderators have an extra layer of security
+- Safety Setup > Verification Level:
+ - [ ] Choose from: None, Low, Medium, High, Highest
+ - [ ] Set to at least **Medium** (registered on Discord for 5+ minutes) — Recommended: "Moderate" for public servers
+ - Higher levels protect against spammers and raids
+- Safety Setup > Raid Protection and CAPTCHA:
+ - [ ] Activate all relevant settings to require CAPTCHA for new user actions
+ - [ ] Activity Alerts > **Enabled**
+ - [ ] CAPTCHA suspicious accounts before they are able to join > **Enabled**
+ - [ ] CAPTCHA all accounts before they are able to join during a suspected raid > **Enabled**
+ - This protection uses machine learning to detect and block bot-driven join-raids. When activated, it sends alerts to a specified channel and requires CAPTCHA verification for new users for one hour after detection.
+- Safety Setup > DM and Spam Protection:
+ - [ ] Hide DMs from suspicious users > **Enabled**
+ - [ ] Filter DMs from unknown users > **Enabled**
+ - [ ] Warn members before they visit outbound links > **Enabled**
+ - [ ] Hide all messages from and delete suspected spammers > **Enabled**
+
+#### AutoMod
+
+- Server Settings > Safety Setup > AutoMod:
+ - [ ] Set up rules for: **Spam**, **Harmful Links**, **Mention Spam**, **Inappropriate Words**
+ - [ ] Configure custom keyword filters and exempted roles
+ - [ ] Customize the response to spam (block message, send alert, timeout member)
+ - [ ] Add to the existing automod rule to block keywords in a user's name: Support, Bot, Admin, Tech, Helpdesk, etc.
+ - [ ] Create a private channel that mods, team, and admins have visibility to and set each AutoMod rule to send logs to that channel for review
+
+#### Server Overview
+
+- Server Settings > Engagement > Default Notification Settings: Select **Only @mentions**
+ - Reduces potential spam notifications for members, making them more vigilant about suspicious or phishing content
+
+#### Roles
+
+- Server Settings > Roles:
+ - [ ] Review admin role members — high-privilege roles with **Administrator** permission should have **2-3 members max**
+ - [ ] Review bot role permissions and confirm members list contains only the bot user
+ - [ ] Review mod role permissions and members list
+ - [ ] Review user role permissions — watch for: **Manage Channels**, **Manage Roles**, **Manage Webhooks**, **Manage Server**, **Administrator**
+ - [ ] Remove any lingering or overly broad permissions, and any roles with excess or unintended members
+ - [ ] Check channel-level permission overrides on private channels
+
+> **Note on Role Permissions:** For each role, carefully review the 32 available permissions. Key permissions to restrict: Administrator, Manage Webhooks, Manage Server, Manage Roles, & Manage Channels. Never give Admin or Kick permissions to anyone you don't fully trust.
+>
+> **Administrator** should ideally be reserved for a single admin role with minimal members. It is recommended to have no more than 2-3 admins with this privilege in order to reduce risk due to account compromise and insider threats, but to retain some redundancy.
+>
+> Minimal bots actually need **Administrator** permissions. Review what permissions a bot actually needs and do not default to Admin permissions just because developers request it as the easy option. If a bot does require Administrator, mitigate this risk by monitoring the Discord audit logs frequently or create alerts on a private channel to notify when admin permissions are exercised within the server.
+>
+> Permissions can also be set at the channel level. It is important to check your private channels for any permission overrides that may have been set!
+
+#### Integrations
+
+- Server Settings > Integrations:
+ - [ ] Review each bot's permissions and remove unnecessary permissions
+ - [ ] Remove any unnecessary integrations & reevaluate necessity of integrations with excessive permissions
+- Server Settings > Integrations > Manage Bot/App > **Roles & Members** / **Channels**:
+ - [ ] Remove permissions for bots that ask for Admin or other permissions that aren't needed — use least privilege with permissions at the role level and channel level
+ - [ ] Uninstall any bots that aren't actively used or needed
+ - [ ] Confirm all bots and apps are [**Verified**](https://support-dev.discord.com/hc/en-us/articles/23926564536471-How-Do-I-Get-My-App-Verified)
+ - [ ] Restrict command permissions of integrations where possible (Manage > Roles & Members / Channels / Command Overrides)
+- Server Settings > Integrations > Webhooks:
+ - [ ] Review and remove any unnecessary webhooks
+ - [ ] Reevaluate necessity of webhooks with excessive permissions
+
+> **Note on Integration Security:** Integrations and webhooks add 3rd party risk and permission misconfiguration risk. Ensure that permissions are correct, and either remove external integrations or understand the risk they present.
+
+#### Invites
+
+- Server Settings > Invites:
+ - [ ] Review and delete unnecessary or old invites regularly
+
+#### Privacy Settings
+
+- Server Settings > Privacy Settings:
+ - [ ] Disable **Direct Messages** — this prevents users from DMing other members in this server
+
+#### Community Features
+
+- Server Settings > Community:
+ - [ ] Enable the Community Feature
+ - Unlocks tools like membership screening, server insights, welcome screen, and discovery settings. Helps maintain a structured, secure environment by surfacing official rules and critical info to newcomers.
+- Server Settings > Server Insights:
+ - [ ] Enable Server Insights for detailed analytics
+ - Use this data to inform moderation strategies and server improvements
+
+> **Note on Safety Features:**
+> - Activity alerts notify on anomalous DM activity, which could indicate your community is being targeted by scammers or social engineering attackers.
+> - Raid Protection and CAPTCHA can also be satisfied by a bot, if preferred over Discord's built-in functionality.
+> - Hiding/filtering DMs between server members is recommended to prevent scams, spam, and social engineering of your users.
+> - In the event of a security incident, Discord provides [**Security Actions**](https://support.discord.com/hc/en-us/articles/17439993574167-Activity-Alerts-Security-Actions#h_01HAD80CK67WF59GDGR7XGVAN8) for pausing invites and DMs to allow you to protect your community while responding to ongoing threats.
+
+---
+
+### Role Hierarchy Setup
+
+Roles should be structured with higher-privilege roles at the top. Go to Server Settings > Roles, create roles like Cold Admin, Team, Moderator, & Verified, and drag to reorder (higher roles override lower roles):
+
+1. Cold Admin (highest)
+2. Team
+3. Moderator
+4. Verified (lowest)
+
+**Recommended permissions by role:**
+
+| Role | Recommended Permissions |
+|------|------------------------|
+| **Moderators** | View Channels, View Audit Log, View Server Insights, Kick Members, Ban Members, Timeout Members, Send Messages and Create Posts, Embed Links, Attach Files, Add Reactions, Add External Emoji, Use External Stickers, Manage Messages, Bypass Slowmode, Read Message History, Request to Speak |
+| **Members** | View Channels, Send Messages and Create Posts, Embed Links, Add Reactions, Read Message History, Request to Speak |
+
+Use **Server Settings > Roles > [Role] > View Server as Role** to see what members with a certain role can see and access.
+
+---
+
+### Channel Management
+
+**Organization**
+- Use categories to group related channels
+- Suggested categories: Information, General, Voice Channels, Topic-Specific
+
+**Per-Channel Settings** (Right-click channel > Edit Channel > Permissions):
+- [ ] Set custom permissions for roles or members in specific channels
+
+**Channel Settings > Overview:**
+- [ ] Slow Mode: Set appropriate cooldown (e.g., 5-30 seconds) for busy channels
+- [ ] Age-Restricted Channel: Enable for channels with mature content
+
+---
+
+### Member Screening Setup
+
+Beyond enabling in Safety Setup:
+- Implement a verification bot like Wick that does in-channel captcha for users to join the server
+- Require users to complete an in-channel captcha before accessing the server
+- Advance Settings: Have verification bot filter based on account age, PFP set, and timeout for incomplete captcha
+
+---
+
+### Invite Best Practices
+
+When creating invites:
+- Set "Expire After" (recommended: 24 hours)
+- Set "Max Number of Uses" (recommended: 50-100)
+
+---
+
+### Logging Setup
+
+- Ensure admin/mod roles have "View Audit Log" permission
+- Create a private logging channel visible only to admins/mods
+- Use a logging bot like Logger or Dyno to send detailed logs
+- Configure audit log output to a private channel for easier monitoring
+
+---
+
+### Security Bots
+
+Various third-party Discord bots offer valuable security and protection features, facilitating automated moderation for your server. In the sections below, we'll explore different categories of security bots and highlight popular options for each category.
+
+**Anti-Impersonation Bots**
+
+Set up custom rules to prevent other users from joining using the same username and PFP (profile picture) to impersonate you or other important members of the server. A popular bot in this category is [Hashbot](https://hashbot.com).
+
+**Anti-Raid Bots**
+
+to prevent spam bots from joining your server all at once, an attack known as raiding, you can also set up bots with particular rules. Beemo is a good example of a bot in this category.
+
+**Anti-Nuke Bots**
+
+This is a monitoring system to observe and note any changes (spontaneous or planned) that take place in your discord server. Some key observation markers are channel and role creation/deletions, banning or kicking members, and webhook creation/deletion.
+
+**Moderation & Link Whitelisting Bots**
+
+Only allows approved links to be used in the discord server. A popular bot in this category is Goodknight Bot.
+
+**General Moderation Bots**
+
+Consider bots like Dyno for advanced moderation and logging, or Carl-bot for reaction roles and custom commands. Set up security Bots as described above.
+
+_The bots above are not all-inclusive but rather a recommended list of bots to help protect your Discord server in these categories._
+
+---
+
+### Establish Clear Server Rules
+
+- Create a #rules channel
+- Use Discord's built-in rules screening feature
+- Include sections on: Behavior, Content, Moderation Actions, Appeals Process
+
+---
+
+### Regular Reviews
+
+| Frequency | Action |
+|-----------|--------|
+| **Monthly** | Review all role permissions; use a spreadsheet to track changes and justifications |
+| **Quarterly** | Assess if server rules need updating; announce any changes in a dedicated announcements channel |
+| **Bi-annually** | Delete or archive inactive channels; remove roles that are no longer needed |
+
+Also regularly:
+- Ensure bots are from reputable sources and receive frequent updates
+- Review bot permissions after each significant update to avoid newly introduced vulnerabilities
+- Keep track of newly introduced features such as Threads, Scheduled Events, or Stage Channels and configure their permissions carefully (e.g., who can start or join a Thread) to prevent abuse by spammers or scammers
+
+---
+
+### Cold Admin Accounts
+
+A Cold Admin account provides enhanced security because it serves exclusively as the server owner and is not used for everyday activities. If a regular admin account is compromised, attackers gain full access to the server or account, making it challenging to involve support and potentially requiring days or weeks to resolve the issue. Using a Cold Admin means creating a separate account dedicated solely to ownership functions, keeping it isolated from routine operations.
+
+#### What is a Cold Device?
+
+A Cold Device is a factory-reset device with no previous configuration. This should be a dedicated phone or laptop — you can use an old iPhone/Android, Windows device, or even a Chromebook to keep costs down. Everyone involved in setup and maintenance must ONLY access the Cold Admin account from a cold device.
+
+#### Cold Admin Setup
+
+**Step 1: Create a dedicated email account**
+
+Create a brand new Gmail account specifically for this Discord account. Do not use a VPN during this process, and it's best to use an incognito browser. After creating the Gmail account:
+
+- [ ] Set up 2FA immediately (authenticator app recommended, or Security Key for maximum security)
+- [ ] Ensure "Skip password when possible" is **off**
+- [ ] Do not add a phone number to the account
+- [ ] Note down the 10 backup codes **offline on paper** (DO NOT store online)
+- [ ] Write down the email, password, and backup codes on paper and store securely
+
+**Step 2: Create the Discord account**
+
+Head to https://discord.com and create a new account using the Gmail account you just created.
+
+- [ ] Write down the email, username, password, and date of birth **offline**
+- [ ] Use a username that is not related to your project
+- [ ] Give the profile a profile picture in **My Account > Edit User Profile**
+- [ ] Go to **Content & Social** and disable DMs from server members and set spam filter to maximum
+- [ ] Set the account status to **Invisible** so no one can see if it's online (click profile in bottom left > change status)
+
+**Step 3: Join the server and transfer ownership**
+
+- [ ] Send the Cold Admin account a friend request from your personal Discord account
+- [ ] Have the Cold Admin join the Discord server and complete verification like a normal account
+- [ ] Assign the Cold Admin the highest admin role
+- [ ] Have the Cold Admin send a few messages in a private team chat
+- [ ] Wait approximately 24 hours, send a few more messages, then transfer ownership
+
+**To transfer ownership:** Go to **Server Settings > Members** > Search for the Cold Admin account > Click the three dots > Select **Transfer Ownership** > Input 2FA > Confirm
+
+> ⚠️ **CRITICAL:** Triple-check that you are transferring to the correct Cold Admin account. If you transfer to the wrong account, recovery will be extremely difficult.
+
+#### Use of Cold Admin Account
+
+- **Do not** use the Cold Admin account for day-to-day operations
+- Log into both the Gmail and Discord account at least once a month (set a phone reminder)
+- Use only for: inviting/adding bots, making major changes only the server owner can perform
+- If an incident or compromise occurs, log into the Cold Admin to regain control — the server owner always maintains full access rights
+
+---
+
+### Backup Systems
+
+- Use a bot like ServerBackup to regularly backup your server configuration
+- Store backups securely off-platform
+
+---
+
+### Additional Recommendations
+
+- Set up account leveling for new members for gradually enabling permissions
+- Regularly review server audit logs for admin and mod actions
+- Use anti-raid bots like Wick or Dyno and configure automatic lock-down settings for suspicious activity
+- Regularly review **Server Settings > Integrations** for newly added apps or link shorteners; disable suspicious integrations or automate link scanning with a bot that checks URLs against known phishing databases
+
+> **Important:** Discord servers should not be used for any confidential communication (i.e., any admin discussions beyond the scope of server moderation) — even restricted channels and DMs are not end-to-end encrypted.
+
+---
+
+### Stay Updated
+
+- Consult the official [Discord Moderator Academy](https://discord.com/moderation) for ongoing best practices and new features
+- Implement recommended strategies (e.g., improved spam filters, updated role recommendations)
+
+---
+
+## Additional Resources
+
+- [Securing Your Server - Discord](https://discord.com/community/securing-your-server)
+- [Four Steps for a Super Safe Server - Discord](https://discord.com/safety/360043653152-four-steps-to-a-super-safe-server)
+- [How to setup a Discord server securely - Ledger](https://www.ledger.com/academy/basic-basics/launch-a-crypto-project-securely/how-to-set-up-a-crypto-project-discord-server-securely)
+
+---
+
+
+
\ No newline at end of file
diff --git a/docs/pages/guides/community-management/index.mdx b/docs/pages/guides/community-management/index.mdx
new file mode 100644
index 00000000..cb3b7dad
--- /dev/null
+++ b/docs/pages/guides/community-management/index.mdx
@@ -0,0 +1,15 @@
+---
+title: "Community Management"
+---
+
+{/* AUTOGENERATED: This file is generated by utils/generate-folder-indexes.js */}
+
+# Community Management
+
+> _Note:_ This page is auto-generated. Please use the sidebar to explore the docs instead of
+> navigating directory paths directly.
+
+## Pages
+
+- [Community Management](/guides/community-management/overview)
+- [Discord Security](/guides/community-management/discord)
diff --git a/docs/pages/guides/community-management/overview.mdx b/docs/pages/guides/community-management/overview.mdx
new file mode 100644
index 00000000..73c787cd
--- /dev/null
+++ b/docs/pages/guides/community-management/overview.mdx
@@ -0,0 +1,87 @@
+---
+title: "Community Management"
+tags:
+ - Community & Marketing
+contributors:
+ - role: wrote
+ users: [mattaereal, robert]
+ - role: reviewed
+ users: [ghadi8]
+---
+
+import { TagList, AttributionList, TagProvider, TagFilter, ContributeFooter } from '../../../../components'
+
+
+
+
+# Community Management
+
+
+
+
+Communities might be the key of many Web3 projects, but they also represent a significant security challenge. From
+casual users to top-level executives, everyone within an organization can be targeted by social engineering tactics
+across platforms like Telegram, Discord, X (formerly Twitter), Google, and more. When a community channel is
+compromised—whether by phishing, fraudulent links, or account takeovers—it can quickly become a vehicle for wider
+attacks, putting both users and organizational reputations at risk.
+
+Here, we present essential best practices to safeguard your community. In the following sections, we will explore
+platform-specific recommendations in more depth.
+
+## Best Practices for Community Security
+
+### Strong Passwords and Two-Factor Authentication (2FA)
+
+- Use unique, complex passwords for each service and store them securely in a reputable password manager. Refer to the
+ [**Operational Security Framework**](/opsec/overview) and [**Wallet Security Framework**](/wallet-security/overview) for
+ more information on this.
+- Secure the email account linked to your community platforms with a unique password and 2FA.
+- Always enable 2FA. Prefer hardware-based tokens (e.g., Yubikey) or mobile authenticator apps over SMS-based methods,
+ which are vulnerable to SIM-swapping.
+- If you use an authenticator app like Authy, 1Password, or Aegis to generate time-based one-time passwords (TOTP).
+ Ensure that the secret keys are stored encrypted and protected with robust security measures.
+- Configure your app to require a password, PIN, or biometric authentication (e.g., fingerprint or face recognition) to
+ unlock access to the tokens. This prevents unauthorized access and ensures the tokens remain secure even if someone
+ gains physical or remote access to your device.
+- Keep password generation and 2FA codes separate; do not use your password manager to generate 2FA codes. Otherwise, if
+ the password manager is compromised, it could render the 2FA ineffective, allowing unauthorized access to your
+ accounts.
+- Encourage community members to adopt these practices as well.
+
+### Phishing Awareness
+
+- Educate members on recognizing and reporting phishing attempts.
+- Clearly communicate to community members that your team will never send the first direct message to them. This is
+ important because attackers often impersonate team members and initiate direct messages to trick users into believing
+ they are legitimate, thereby gaining their trust and potentially compromising their security.
+- Publicly define all official communication channels used by your organization.
+
+Refer to the [**Security Awareness framework**](/awareness/overview) to learn more about social engineering techniques
+and security training best practices.
+
+### Operational Security (OpSec)
+
+- Be mindful of the devices you use to manage community channels. Malware or compromised hardware can give attackers an
+ entry point.
+- Regularly update software, run antivirus checks, and avoid installing untrusted applications that may compromise your
+ security.
+
+For a comprehensive understanding of Operational Security, including additional strategies and guidelines, please refer
+to the dedicated [**Operational Security framework**](/opsec/overview).
+
+### Emergency Response Plan
+
+- Prepare a clear protocol for handling security incidents, including how to quickly remove compromised accounts and
+ warn community members.
+- Adopt a proactive mindset: it's not a matter of if but when a breach will occur. Having a plan in place helps you act
+ decisively and contain damage.
+
+As part of the communication team, it is crucial to know when and how to communicate effectively during an incident.
+This involves understanding the appropriate timing and messaging to ensure clarity and prevent misinformation. For more
+insights on where this role fits within an incident, refer to the [**Incident Management
+framework**](/incident-management/overview).
+
+---
+
+
+
diff --git a/docs/pages/guides/index.mdx b/docs/pages/guides/index.mdx
new file mode 100644
index 00000000..daf8d756
--- /dev/null
+++ b/docs/pages/guides/index.mdx
@@ -0,0 +1,15 @@
+---
+title: "Guides"
+---
+
+{/* AUTOGENERATED: This file is generated by utils/generate-folder-indexes.js */}
+
+# Guides
+
+> _Note:_ This page is auto-generated. Please use the sidebar to explore the docs instead of
+> navigating directory paths directly.
+
+## Pages
+
+- [Community Management](/guides/community-management)
+- [Guides](/guides/overview)
diff --git a/docs/pages/guides/overview.mdx b/docs/pages/guides/overview.mdx
new file mode 100644
index 00000000..54ac3286
--- /dev/null
+++ b/docs/pages/guides/overview.mdx
@@ -0,0 +1,34 @@
+---
+title: "Guides"
+tags:
+ - Community & Marketing
+ - Security Specialist
+contributors:
+ - role: wrote
+ users: [nftdreww,dickson]
+---
+
+import { TagList, AttributionList, TagProvider, TagFilter, ContributeFooter } from '../../../components'
+
+
+
+
+# Guides
+
+
+
+
+This section contains practical, step-by-step guides that help you implement security best practices across various
+platforms and tools. Each guide provides actionable instructions you can follow to secure your operations.
+
+## Community Management
+
+Guides for securing your community platforms and channels.
+
+- [**Community Management Overview**](/guides/community-management/overview) - Best practices for community security
+- [**Discord Security**](/guides/community-management/discord) - Comprehensive guide to securing your Discord server
+
+---
+
+
+
diff --git a/vocs.config.ts b/vocs.config.ts
index b8799fe5..7f46d7ff 100644
--- a/vocs.config.ts
+++ b/vocs.config.ts
@@ -35,12 +35,26 @@ const config = {
collapsed: false,
items: [
{ text: 'Overview', link: '/community-management/overview' },
- { text: 'Discord', link: '/community-management/discord' },
{ text: 'Twitter', link: '/community-management/twitter' },
{ text: 'Telegram', link: '/community-management/telegram' },
{ text: 'Google', link: '/community-management/google' },
]
},
+ {
+ text: 'Guides',
+ collapsed: false,
+ items: [
+ { text: 'Overview', link: '/guides/overview' },
+ {
+ text: 'Community Management',
+ collapsed: false,
+ items: [
+ { text: 'Overview', link: '/guides/community-management/overview' },
+ { text: 'Discord Security', link: '/guides/community-management/discord' },
+ ]
+ },
+ ]
+ },
{
text: 'Awareness',
collapsed: false,