First posted: Mar 21 2022
Read time: 7 minutes
Written By: Steven Godson
It may sound like a contradiction, but there are times when you upload content to your web fronted Content Management System but do not want it to be publicly visible.
Business use cases for this scenario include;
This article will address each of these scenarios and identify options for achieving the desired outcome. The choices I talk about are WordPress specific, but the context and principles are relevant to any technology.
When your business provides legal services and your CRM uses WordPress, it is vital to keep the documents (images, PDFs) hidden from general view.
If you do not take specific action to secure your data, it will be indexed by search engines and can be accessed via the directory of your website e.g. <a target="_blank" rel="" href="http://www.example.com/wp-content/[$filename]">www.example.com/wp-content/[$filename]</a>.
This means you are unlikely to comply with local data protection regulations e.g. GDPR in the EU. Not to mention being open to litigation from clients who find their data is open to the world!
There are two specific actions you can take to negate these issues. Each has different layers of complexity depending on what needs to be delivered.
If your website is there to showcase your talent you do not want visitors to download it without permission.
Failure to protect your work can have the following consequences:
If you produce content and want to monetise it or only make it available to who you want, you need to ensure that it is only accessible to those who should have access.
Depending on your specific use case(s) three options available to you are:
robots.txt file
Adding a ‘robots.txt’ file to your website is a way of discouraging search engine crawlers (think leaf cutter ants, collecting info and returning with it to the hive) which URLs on your site they can access.
This is by no means foolproof and is not a guarantee of your content not appearing on search engine results.
Redirect
Adding redirect functionality to your website is a way of ensuring that direct access to your content, media files etc, is restricted to logged-in users.
In essence, it performs a check against content type and whether the browser trying to access it has an active session. If both conditions are not met, it redirects the browser to a specified URL (typically the home or login page).
This tends to be an “all or nothing” approach and does not differentiate between user roles. It also does not have any impact on search engine indexing.
Plugins
If you need a more robust solution, then there are plugins available for WordPress that will give you the following:
Ensuring that your business is compliant with the relevant legislation and industry standards is critical to its continued success in building trust.