WordPress.org

Make WordPress Core

Opened 6 years ago

Closed 6 years ago

#10026 closed enhancement (fixed)

Login & Registration pages should be noindex followed

Reported by: joostdevalk Owned by: joostdevalk
Milestone: 2.8 Priority: normal
Severity: normal Version:
Component: General Keywords: has-patch commit
Focuses: Cc:

Description

Login and registration pages are linked to from the meta widget, which often times causes them to be linked to from every page within a blog. These pages thus get indexed in the search engines, making it very easy for hackers to find those pages.

To prevent this, I propose we add a meta robots tag with the value noindex, follow to the login, lost password and registration pages.

Attachments (2)

wp-login.php.patch (504 bytes) - added by joostdevalk 6 years ago.
Patch
10026.patch (493 bytes) - added by Viper007Bond 6 years ago.
Add noindex via hook rather than hard coding

Download all attachments as: .zip

Change History (5)

@joostdevalk6 years ago

Patch

comment:1 @Denis-de-Bernardy6 years ago

  • Component changed from Security to General
  • Keywords commit added; dev-feedback removed

comment:2 @Viper007Bond6 years ago

Security through obscurity isn't security. ;)

However there's no need to pollute your indexing with the login form, so +1 to ticket.

I'd opt for a hooked version though rather than hard coding it on the weird off chance that someone wants their login form indexed. Incoming patch.

@Viper007Bond6 years ago

Add noindex via hook rather than hard coding

comment:3 @ryan6 years ago

  • Resolution set to fixed
  • Status changed from new to closed

(In [11513]) noindex for login. Props Viper007Bond, joostdevalk. fixes #10026

Note: See TracTickets for help on using tickets.