alan Posted September 17, 2012 Share Posted September 17, 2012 Has anyone implemented a simple method of hiding the login to PW from Google bot and the average person clicking about a site? I want to allow clients to login but I assume from a security POV it's better to not have a link to, say, /processwire/ in the footer as doing so publishes to anyone what is underneath. I know I can (and do) change the URL from /processwire/ to /something-else/ which helps, but I just wondered if anyone had implemented something better or if in almost all cases this [change of URL] is probably perfectly adequate? Link to comment Share on other sites More sharing options...
Soma Posted September 17, 2012 Share Posted September 17, 2012 Who said you have to include the admin link in your footer? *confused* Link to comment Share on other sites More sharing options...
arjen Posted September 17, 2012 Share Posted September 17, 2012 You could apply a NOINDEX and NOARCHIVE to the page to tell search engines not to spider or store the page. If you definately (good advice above) want a link you could only show them if a user has a certain IP adress, but this won't work with dynamic IP's. Link to comment Share on other sites More sharing options...
SiNNuT Posted September 17, 2012 Share Posted September 17, 2012 The PW admin pages all have <meta name="robots" content="noindex, nofollow" /> in the head section. Though no guaranties most search engines respect this. Changing the admin url is basically security through obscurity, but it's fine to do. Of course, if you then link to it on the public facing website you are making it 'public' So maybe just tell clients to login at mysite/mysecretadmin Link to comment Share on other sites More sharing options...
alan Posted September 17, 2012 Author Share Posted September 17, 2012 Who said you have to include the admin link in your footer? *confused* Yes true I certainly don't need to do that, I'd just assumed the best way to let my editors edit their sites was to give them a link on the site itself. But of course I don't need to (stupid me) I can just give them alone the URL by email. Thanks Soma for pointing out to me Thanks arjen and SiNNuT for the points and info, good to know that as usual PW has great sense and care and so uses these search engine bot rejections in the head. I will get rid of the login link 1 Link to comment Share on other sites More sharing options...
thistimj Posted September 19, 2012 Share Posted September 19, 2012 I don't know if this helps out with the part of your question regarding bots, but I learned about robots.txt files via this post: http://perishablepress.com/wordpress-robots-rules/ . That link pertains specifically to WP, but the basics are there. http://www.robotstxt.org/ offers more info. That may keep Google, etc. from crawling your admin area. Link to comment Share on other sites More sharing options...
alan Posted September 19, 2012 Author Share Posted September 19, 2012 Thanks @thistimj I'll check that out, 'tho I think with the other stuff it looks like my fears are dealt with. Link to comment Share on other sites More sharing options...
Pete Posted September 19, 2012 Share Posted September 19, 2012 In the PW admin you can simply change the URL of the admin page itself to be something completely different. Just remember you'll need to remember what you changed it to in order to type that URL in the address bar and log in again afterwards! Link to comment Share on other sites More sharing options...
ryan Posted September 19, 2012 Share Posted September 19, 2012 I'm not really a fan of robots.txt for keeping bots out of URLs I'd like to keep confidential. Why? Because if someone wants to know where they can find the "interesting" URLs, they just have to take a look at your robots.txt. The meta noindex,nofollow at least doesn't broadcast the location of the page. So far my experience is that search engines that honor robots.txt also honor the noindex,nofollow meta tag. Link to comment Share on other sites More sharing options...
alan Posted September 19, 2012 Author Share Posted September 19, 2012 Thanks Pete and Ryan, I agree with both, I routinely re-name my Admin login and that point Ryan plus just not linking to my Admin leaves me feeling 100% happy. Link to comment Share on other sites More sharing options...
thistimj Posted September 19, 2012 Share Posted September 19, 2012 @ryan, thanks for that info. That makes a lot of sense. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now