Jump to content

How to hide the admin (backend) login from bots and most people


alan
 Share

Recommended Posts

Has anyone implemented a simple method of hiding the login to PW from Google bot and the average person clicking about a site?

I want to allow clients to login but I assume from a security POV it's better to not have a link to, say, /processwire/ in the footer as doing so publishes to anyone what is underneath.

I know I can (and do) change the URL from /processwire/ to /something-else/ which helps, but I just wondered if anyone had implemented something better or if in almost all cases this [change of URL] is probably perfectly adequate?

Link to comment
Share on other sites

You could apply a NOINDEX and NOARCHIVE to the page to tell search engines not to spider or store the page. If you definately (good advice above) want a link you could only show them if a user has a certain IP adress, but this won't work with dynamic IP's.

Link to comment
Share on other sites

The PW admin pages all have

<meta name="robots" content="noindex, nofollow" />

in the head section. Though no guaranties most search engines respect this.

Changing the admin url is basically security through obscurity, but it's fine to do.

Of course, if you then link to it on the public facing website you are making it 'public' So maybe just tell clients to login at mysite/mysecretadmin

Link to comment
Share on other sites

Who said you have to include the admin link in your footer? *confused*

Yes true I certainly don't need to do that, I'd just assumed the best way to let my editors edit their sites was to give them a link on the site itself. But of course I don't need to (stupid me) I can just give them alone the URL by email. Thanks Soma for pointing out

to me ;)

Thanks arjen and SiNNuT for the points and info, good to know that as usual PW has great sense and care and so uses these search engine bot rejections in the head.

I will get rid of the login link :D

  • Like 1
Link to comment
Share on other sites

I don't know if this helps out with the part of your question regarding bots, but I learned about robots.txt files via this post: http://perishablepress.com/wordpress-robots-rules/ . That link pertains specifically to WP, but the basics are there. http://www.robotstxt.org/ offers more info. That may keep Google, etc. from crawling your admin area.

Link to comment
Share on other sites

In the PW admin you can simply change the URL of the admin page itself to be something completely different. Just remember you'll need to remember what you changed it to in order to type that URL in the address bar and log in again afterwards!

Link to comment
Share on other sites

I'm not really a fan of robots.txt for keeping bots out of URLs I'd like to keep confidential. Why? Because if someone wants to know where they can find the "interesting" URLs, they just have to take a look at your robots.txt. The meta noindex,nofollow at least doesn't broadcast the location of the page. So far my experience is that search engines that honor robots.txt also honor the noindex,nofollow meta tag.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...