diff --git a/docs/src/content/docs/fr-ca/getting-started/security.mdx b/docs/src/content/docs/fr-ca/getting-started/security.mdx
new file mode 100644
index 00000000..90d6f66b
--- /dev/null
+++ b/docs/src/content/docs/fr-ca/getting-started/security.mdx
@@ -0,0 +1,44 @@
+---
+title: Security concerns
+---
+
+Castopod is built on top of [CodeIgniter4](https://codeigniter.com/), a PHP
+framework that encourages
+[good security practices](https://codeigniter.com/user_guide/concepts/security.html).
+
+To maximize your instance's safety and prevent any malicious attack, we
+recommend you update all your Castopod files permissions after installation or
+updates (to avoid any prior permission error):
+
+- `writable/` folder must be **readable** and **writable**.
+- `public/media/` folder must be **readable** and **writable**.
+- any other file must be set to **readonly**.
+
+For instance, if you are using Apache or NGINX with Ubuntu you may do the
+following:
+
+```bash
+sudo chown -R root:root /path/to/castopod
+sudo chown -R www-data:www-data /path/to/castopod/writable
+sudo chown -R www-data:www-data /path/to/castopod/public/media
+```
+
+## Third-party Plugins
+
+Since v2's [Plugins Architecture](../../plugins), Castopod can be extended with
+all sorts of cool features. Anyone can choose to create their own plugins and
+even share them with the community.
+
+👉 Plugins are a way to inject code in parts of Castopod through
+[Hooks](../../plugins/hooks).
+
+Now, if you create your own plugin and install it in your own Castopod, that
+means you control both the code that gets injected and the environment: all is
+good!
+
+But as for **third-party plugins**, you must treat them as a **potential
+security risk _by default_**:
+
+1. Make sure you **trust the source before installing any third-party plugin**
+2. **Review the plugin's code** yourself if you can or
+   [ask developers from the community for help](https://castopod.org/chat)