@ways2web opened this Issue on October 29th 2014

or an possibility to add own meta tags

@tsteur commented on October 29th 2014 Owner

Maybe makes sense to set this by default anyway?

If not, maybe rather allow plugins to define meta tags and implement it as a plugin and publish it on the marketplace

@mattab commented on November 3rd 2014 Owner

by default anonymous user has no access, so it should block search engines from finding the content
I don't think we want it in core as it's good to index the login pages of Piwik (for example they link to piwik.org)

+1 for doing it in a plugin

@tsteur commented on November 4th 2014 Owner

So why closing this issue when we could build a plugin? I still think this is actually very useful for users.

@mattab commented on November 4th 2014 Owner

@tsteur good point thanks for pointing out!

@ryrun commented on June 3rd 2015

Hi, this issue should be re-evaluated. See my post here: #8036 Its about preveting for googling for piwik installations.

@mattab commented on June 8th 2015 Owner

Increasing priority.

Proposed steps:

  • show <meta name="robots" content="noindex,nofollow"> on Installation pages, Updater pages, Reporting UI pages, Admin pages, and others if any
  • show <meta name="robots" content="index,follow"> on the Login form.
@hpvd commented on October 28th 2015

just wanted comment on mattabs comment above:
"it's good to index the login pages of Piwik (for example they link to piwik.org)"

of course from seo point of view (backlinks) I could understand that.

From security point of view an easy to find login page is not that great.
One could e.g. easily do the following thing - FULLY AUTOMATED:
1) search for login page
2) start brute force attack
3) when you are successful: look for ecommerce
4) extract /download everything
5) make a database of ecommerce data
6) sell it to everyone (competitors)

on other systems their is a great effort to hide login page with the following:

  • of course for every visitor: noindex, no follow, no archive
  • have a possibility to easily change login url within the backend

so I would strongly vote for noindex, no follow, no archive also for login page

This Issue was closed on June 8th 2015
Powered by GitHub Issue Mirror