- Subscribe to RSS Feed
- Mark Thread as New
- Mark Thread as Read
- Float this Thread for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
Which plan features or site settings are necessary to prevent an attacker/crawler from downloading private files or pages from my web site?
My private pages were initially configured (in Starter plan) as follows:
- Each with a non-advertized URL
- Enable “Hide In Navigation”
- Under SEO Settings: Enable “Hide this page from search engines”.
My public pages (e.g. About) are configured as follows:
- No explicit URL
- Under SEO Settings: Disable “Hide this page from search engines”.
I just upgraded to the Pro plan in order to secure private pages with a site password. However, the upgrade may have been premature.
Tests with a common tool (i.e. wget) suggest:
- bulk file downloads are blocked [Except for the index.html file and a robots.txt file that contains “Disallow: /“]
- individual files can be downloaded, provided their URL is known and they are not password-protected.
It looks like the level of file protection is the same in both the Starter and Pro plans, except for the site password feature.
- Labels:
-
file security
-
private page
-
settings
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report
That is correct, @skyline. If someone knows the full url to a file, they would be able to access it. Are you concerned that someone would be able to figure out the full url easily?
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report
Hi Bernadette,
No, I’m not concerned with URL guesses (which is why I was using the Starter package until my web site was ready for launch).
However, after recently noticing an increase in traffic (which was unexpected and followed by an external request to buy my domain), I thought my site might be vulnerable to “site suckers”. How hard can it be to query the contents of a root directory given that files are individually accessible? So I upgraded to the Pro plan to protect private pages.
Any other security tips would be appreciated.
Thanks!
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report
I agree with you. Any file thats on a pasword protected page, or a member page should not be able to be accessed by the general public with that URL. It defeats the purpse of locking pages. its easy for someone to scan a site and be able to download all files. I need a more secure way. If anyone know how to do this, pelase let me know!
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report
weebly, this request is everywhere! each time the answer is "not enough interest" but clearly there if the threads were amalgamated. we have to be able to upload member only files
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report