@ways2web opened this issue on October 29th 2014

or an possibility to add own meta tags

@tsteur commented on October 29th 2014

Maybe makes sense to set this by default anyway?

If not, maybe rather allow plugins to define meta tags and implement it as a plugin and publish it on the marketplace

@mattab commented on November 3rd 2014

by default anonymous user has no access, so it should block search engines from finding the content I don't think we want it in core as it's good to index the login pages of Piwik (for example they link to piwik.org)

+1 for doing it in a plugin

@tsteur commented on November 4th 2014

So why closing this issue when we could build a plugin? I still think this is actually very useful for users.

@mattab commented on November 4th 2014

@tsteur good point thanks for pointing out!

@ryrun commented on June 3rd 2015

Hi, this issue should be re-evaluated. See my post here: #8036 Its about preveting for googling for piwik installations.

@mattab commented on June 8th 2015

Increasing priority.

Proposed steps: - show <meta name="robots" content="noindex,nofollow"> on Installation pages, Updater pages, Reporting UI pages, Admin pages, and others if any - show <meta name="robots" content="index,follow"> on the Login form.

@hpvd commented on October 28th 2015

just wanted comment on mattabs comment above: "it's good to index the login pages of Piwik (for example they link to piwik.org)"

of course from seo point of view (backlinks) I could understand that.

From security point of view an easy to find login page is not that great. One could e.g. easily do the following thing - FULLY AUTOMATED: 1) search for login page 2) start brute force attack 3) when you are successful: look for ecommerce 4) extract /download everything 5) make a database of ecommerce data 6) sell it to everyone (competitors)

on other systems their is a great effort to hide login page with the following: - of course for every visitor: noindex, no follow, no archive - have a possibility to easily change login url within the backend

so I would strongly vote for noindex, no follow, no archive also for login page

This issue was closed on June 8th 2015
Powered by GitHub Issue Mirror