WordPress.org

Make WordPress Core

Opened 5 years ago

Closed 5 years ago

#10026 closed enhancement (fixed)

Login & Registration pages should be noindex followed

Reported by: joostdevalk Owned by: joostdevalk
Milestone: 2.8 Priority: normal
Severity: normal Version:
Component: General Keywords: has-patch commit
Focuses: Cc:

Description

Login and registration pages are linked to from the meta widget, which often times causes them to be linked to from every page within a blog. These pages thus get indexed in the search engines, making it very easy for hackers to find those pages.

To prevent this, I propose we add a meta robots tag with the value noindex, follow to the login, lost password and registration pages.

Attachments (2)

wp-login.php.patch (504 bytes) - added by joostdevalk 5 years ago.
Patch
10026.patch (493 bytes) - added by Viper007Bond 5 years ago.
Add noindex via hook rather than hard coding

Download all attachments as: .zip

Change History (5)

joostdevalk5 years ago

Patch

comment:1 Denis-de-Bernardy5 years ago

  • Component changed from Security to General
  • Keywords commit added; dev-feedback removed

comment:2 Viper007Bond5 years ago

Security through obscurity isn't security. ;)

However there's no need to pollute your indexing with the login form, so +1 to ticket.

I'd opt for a hooked version though rather than hard coding it on the weird off chance that someone wants their login form indexed. Incoming patch.

Viper007Bond5 years ago

Add noindex via hook rather than hard coding

comment:3 ryan5 years ago

  • Resolution set to fixed
  • Status changed from new to closed

(In [11513]) noindex for login. Props Viper007Bond, joostdevalk. fixes #10026

Note: See TracTickets for help on using tickets.