Make WordPress Core

Opened 7 years ago

Closed 4 years ago

#42295 closed defect (bug) (invalid)

NOFOLLOW for logout page

Reported by: abtop's profile ABTOP Owned by:
Milestone: Priority: normal
Severity: normal Version: 4.8.2
Component: Login and Registration Keywords:
Focuses: Cc:

Description

The logout page — site.com/logout/ has a link in the second sentence "Do you really want to log out?"
it has wpnonce value which makes the link unique. Somehow Google picks up this link(s) and puts it in "Access denied".
Can we have rel="nofollow" added to this link please?

Change History (7)

#1 @ABTOP
7 years ago

This is in function wp_nonce_ays ()
wp4/wp-includes/functions.php line:2582

#2 @lopo
7 years ago

From what I know, it's not happening in the "logout page", but in the error page if you click on a logout link which does not have a nonce (and the <title> of the page is "WordPress Failure Notice").
Using wp_logout_url or wp_loginout to generate the logout link, it already has the nonce and the failure page is not reached.

#3 @lopo
7 years ago

  • Keywords reporter-feedback added

#4 @SergeyBiryukov
7 years ago

  • Component changed from General to Login and Registration

#5 in reply to: ↑ description ; follow-up: @SergeyBiryukov
7 years ago

Replying to ABTOP:

The logout page — site.com/logout/ has a link in the second sentence "Do you really want to log out?"

There is no logout page at that URL in WordPress core. Are you using a plugin like Theme My Login?

Last edited 7 years ago by SergeyBiryukov (previous) (diff)

#6 in reply to: ↑ 5 @ABTOP
7 years ago

Replying to SergeyBiryukov:

There is no logout page at that URL in WordPress core. Are you using a plugin like Theme My Login?

Yes, that's exactly what I am using.

I guess my point is that even if there is no bona fide logout page, and even if some other plugin is at fault for generating the error, Google still finds this link and freaks out.
The cheapest and quickest solution is to slap rel="nofollow" on the link.

Last edited 7 years ago by ABTOP (previous) (diff)

#7 @hellofromTonya
4 years ago

  • Keywords reporter-feedback removed
  • Milestone Awaiting Review deleted
  • Resolution set to invalid
  • Status changed from new to closed

Hello @ABTOP,

As Sergey notes, there is no logout page at that URL in WordPress core itself. Have you reached to the Theme My Login author? You can via their plugin's Support page https://wordpress.org/support/plugin/theme-my-login/.

I'm closing this ticket. Why? The issue/question/suggestion is related to a plugin.

Note: See TracTickets for help on using tickets.