x
Your opinion in 1 minute.
Help us improve by answering 4 quick questions.
Take Survey Now
18.188.101.251
18.188.101.251
Start Thread
Can't find what you're searching for? Start Thread
Announcements
Welcome members of the Weebly Community to your new home! Feel free to say hello and introduce yourself. We’re excited for you to be here!
skyline1
‎01-30-2020 03:36 PM

Site Settings for File Security and Private Pages?

Which plan features or site settings are necessary to prevent an attacker/crawler from downloading private files or pages from my web site?

My private pages were initially configured (in Starter plan) as follows:
- Each with a non-advertized URL
- Enable “Hide In Navigation”
- Under SEO Settings: Enable “Hide this page from search engines”.

My public pages (e.g. About) are configured as follows:
- No explicit URL
- Under SEO Settings: Disable “Hide this page from search engines”.

I just upgraded to the Pro plan in order to secure private pages with a site password. However, the upgrade may have been premature.

Tests with a common tool (i.e. wget) suggest:
- bulk file downloads are blocked [Except for the index.html file and a robots.txt file that contains “Disallow: /“]
- individual files can be downloaded, provided their URL is known and they are not password-protected.

It looks like the level of file protection is the same in both the Starter and Pro plans, except for the site password feature.

Reply
2,702 Views
Message 1 of 5
Report
4 REPLIES 4
Bernadette3
Square
‎01-31-2020 05:01 PM

That is correct, @skyline. If someone knows the full url to a file, they would be able to access it. Are you concerned that someone would be able to figure out the full url easily? 

Reply
0 Likes
2,685 Views
Message 2 of 5
Report
skyline1
‎02-03-2020 04:16 PM

In response to Bernadette3

Hi Bernadette,

No, I’m not concerned with URL guesses (which is why I was using the Starter package until my web site was ready for launch).   

However, after recently noticing an increase in traffic (which was unexpected and followed by an external request to buy my domain), I thought my site might be vulnerable to “site suckers”.  How hard can it be to query the contents of a root directory given that files are individually accessible?  So I upgraded to the Pro plan to protect private pages.

Any other security tips would be appreciated.  

Thanks!

Reply
0 Likes
2,675 Views
Message 2 of 5
Report
thomasjmroz
‎06-12-2020 07:04 AM

I agree with you. Any file thats on a pasword protected page, or a member page should not be able to be accessed by the general public with that URL. It defeats the purpse of locking pages. its easy for someone to scan a site and be able to download all files. I need a more secure way. If anyone know how to do this, pelase let me know!

Reply
0 Likes
2,574 Views
Message 4 of 5
Report
arsenallosealot
‎04-13-2021 02:21 AM

In response to thomasjmroz

weebly, this request is everywhere! each time the answer is "not enough interest" but clearly there if the threads were amalgamated. we have to be able to upload member only files

Reply
0 Likes
2,427 Views
Message 4 of 5
Report
Anonymous
© 2022 Square, Inc.