diff --git a/docs/guide/security-best-practices.md b/docs/guide/security-best-practices.md
index 87a3231272..72e1a92607 100644
--- a/docs/guide/security-best-practices.md
+++ b/docs/guide/security-best-practices.md
@@ -202,7 +202,7 @@ In debug mode Yii shows quite verbose errors which are certainly helpful for dev
 verbose errors are handy for attacker as well since these could reveal database structure, configuration values and
 parts of your code. Never run production applications with `YII_DEBUG` set to `true` in your `index.php`.
 
-You should never enalble Gii at production. It could be used to get information about database structure, code and to
+You should never enable Gii at production. It could be used to get information about database structure, code and to
 simply rewrite code with what's generated by Gii.
 
 Debug toolbar should be avoided at production unless really necessary. It exposes all the application and config