Keyword

K2 Users crawled by Google

  • Trevor J Ellis
  • Trevor J Ellis's Avatar Topic Author
  • Offline
  • New Member
More
3 weeks 8 hours ago - 3 weeks 7 hours ago #178724 by Trevor J Ellis
K2 Users crawled by Google was created by Trevor J Ellis
We have encountered a MAJOR security flaw where people can easily find part of the site that we want hidden. If this isn't the right forum, please let me know where to post it.We are using the K2 component extension with the Uber template. When somebody Google searches our website + SuperUser (see Img01). They are able to find a list of all the K2 items created by that user (see Img02).We DON'T want Google (or any search engine) to index these pages for any user. Can we either disable these list pages or alternatively, just stop Google from indexing them? Do we need to use a robots.txt to achieve this? Any help would be greatly appreciated!

UPDATE: We have found part of a solution here - www.joomlart.com/forums/d/35521-remove-author-meta-tag-on-k2-items/2. We disable Show Author Meta Tag in the Global Config for the Joomla site. When Google nexts recrawls the site, will it lose these pages from the indexing or do we need to request a full manual recrawl from Google webmaster?
Attachments:
Last edit: 3 weeks 7 hours ago by Trevor J Ellis. Reason: UPDATE!

Please Log in or Create an account to join the conversation.

More
2 weeks 5 days ago #178741 by Uzi
Replied by Uzi on topic K2 Users crawled by Google
This is not really a security flaw, this is just the author of the items being visible. I think you can disable the user pages altogether, but you can also do a override to remove the content of the pages.

Please Log in or Create an account to join the conversation.

  • Fotis
  • Fotis's Avatar
  • Away
  • Administrator
  • JoomlaWorks Support Team
More
2 weeks 5 days ago #178743 by Fotis
Replied by Fotis on topic K2 Users crawled by Google
Actually, this is not a security flaw at all. This is called great SEO to be exact. It's why Google's E-A-T algorithm loves K2 content.

If you want to hide the names and URLs of users, you can do so with your category view options (for the names) and a redirect or custom message on the user.php override which lists a user's (author's) items.

If you use & love K2, please take a moment to add your review and rate it
at the Joomla Extensions Directory: extensions.joomla.org/extension/k2/


IMPORTANT: Please search the forum before posting a question!

JoomlaWorks Support Team Member

Please Log in or Create an account to join the conversation.

  • Trevor J Ellis
  • Trevor J Ellis's Avatar Topic Author
  • Offline
  • New Member
More
2 weeks 3 hours ago #178801 by Trevor J Ellis
Replied by Trevor J Ellis on topic K2 Users crawled by Google
Thank you very much. We've gone into the K2 Global Config settings and turned off all the user/author info so now the pages are blank. It was a security risk for us as we had some K2 items that were being password protected by another extension. However, you were able to read the content without entering a password by looking at the Super User's list of K2 items page.

Please Log in or Create an account to join the conversation.

  • Fotis
  • Fotis's Avatar
  • Away
  • Administrator
  • JoomlaWorks Support Team
More
1 week 6 days ago #178803 by Fotis
Replied by Fotis on topic K2 Users crawled by Google
Yeah, this is like saying Joomla has a security flaw because the admin account is auto-filed when you go into /administrator...

If you use & love K2, please take a moment to add your review and rate it
at the Joomla Extensions Directory: extensions.joomla.org/extension/k2/


IMPORTANT: Please search the forum before posting a question!

JoomlaWorks Support Team Member

Please Log in or Create an account to join the conversation.


Powered by Kunena Forum