[Solved] Admin folder name can be seen in google?

[CraigMeade]

I've just been googling my website name, looking for similar websites.

On the 5th page of Google I see this:

PrestaShop™ - Administration panel
milspectvcom.powweb.com/prestashop/admin2043/index.php?... - Cached
MilspecTV.com. E-mail address: Password: Lost password? © Copyright by PrestaShop. all rights reserved.

That's me. And that's the name of my 'specially renamed for security reasons' admin folder.

Doesn't this defeat the purpose of renaming it? Or have I buggered something up?

I have now put password protection on the htdocs folders and changed the name of the admin file.

But I don't know know how to stop the web spiders from crawling it. Advice?

[LouisF]

I've just been googling my website name, looking for similar websites.<br/><br/>On the 5th page of Google I see this:<br/><br/>PrestaShop™ - Administration panel<br/>milspectvcom.powweb.com/prestashop/admin2043/index.php?... - Cached<br/>MilspecTV.com. E-mail address: Password: Lost password? © Copyright by PrestaShop. all rights reserved.<br/><br/>That's me. And that's the name of my 'specially renamed for security reasons' admin folder.<br/><br/>Doesn't this defeat the purpose of renaming it? Or have I buggered something up?<br/><br/>I have now put password protection on the htdocs folders and changed the name of the admin file.<br/><br/>But I don't know know how to stop the web spiders from crawling it. Advice?

 

Would like to know how this was solved please ...

[noesac]

Good question I'm curious what the cause is here!

[damian5000]

the cause is that google spiders everything it can...

 

i asked the solution to preventing google from logging the admin folder in another thread and didn't get an answer...

 

my best guess to a solution is "put password protection on the htdocs folders and changed the name of the admin file.".

 

not sure if that works or not...

 

???

[Carl Favre]

You can prevent google from indexing your admin folder.

 

You have to create robots.txt (if it is not already created) to the root of your website and write :

 

User-agent: *

Disallow: /youradminfolder/

 

 

This way admin folder will not be indexed by google.

[damian5000]

+1 . Excellent tip man! Thank you.

[phrasespot]

You can prevent google from indexing your admin folder.

 

You have to create robots.txt (if it is not already created) to the root of your website and write :

 

User-agent: *

Disallow: /youradminfolder/

 

 

This way admin folder will not be indexed by google.

Bad advice. By adding your renamed admin folder to robots.txt you are making it obvious to anyone who cares to look in robots.txt what you named it to.

 

If anyone's admin folder is indexed by a search engine, first thing to do is to rename it to something else so the indexed name is outdated, then contact the indexing search engine (e.g. Google via webmaster tools) and request removal if you wish, though not strictly necessary as you've already changed it.

 

To stop further indexing, create a .htaccess in the admin folder root and disallow any IPs except yours if you access to admin interface from a static IP address. If you have a dynamic address, find out the ranges you are likely to be using and allow access to that range to eliminate the majority of IPs accessing to that folder.

 

Do not add your renamed admin folder to robots.txt.

[Carl Favre]

Yes good point, I had not the security issues in mind .

[leszekem]

.htaccess in the admin folder root and disallow any IPs except yours if you access to admin interface from a static IP address.

can you write something more? its v.useful tip, but i dont know how to applay this change to disallow any IPs.

thank you in advance

[CraigMeade]

This is going to sound really dumb but honest. I have no clear memory of how I fixed this.

 

A lot of prestashop water has gone under the bridge since then.

 

I did put the password protection on my htdocs folder, but found that highly annoying quite quickly.

 

My best guess is the answer was in the domain pointing on my CPanel - getting that right so the URL resolved as a proper website address and not some crazy filepath.

 

So it kind of fixed itself as I was preping the shop for launch and cleaning up loose ends.

 

I think. It's all hazy.

 

If you can remember your first days with Prestashop then you weren't really there...

[CraigMeade]

It's all coming back to me now after a little think. You'll see why I had forced it from my mind in just a moment.

 

[Note: I'm still a novice here]

 

One of the problems when you install P'shop into your hosting environment is that you never get the opportunity to tell P'shop what URL it should be. It forces you to use a filepath.

 

I used domain pointing to paste a proper URL over the filepath URL, but that's all it is - the equivalent of gluing a sticker on something and I'm sure anybody with half a brain could figure out how to look under that sticker and see your admin folder's name.

 

I was pulling my hair out trying to figure how to REALLY use the domain name I owned and my host was no help at all. It was like talking to HAL. They basically said it couldn't be done by them and had to be done through P'shop. Good luck finding that option on your P'shop control panel.

 

I was maintaining that connecting MY URL with MY P'SHOP logically had to be done on some level outside and above the P'shop software. This conversation went on for weeks. HAL always used a different name on Livechat, but I knew it was HAL all along.

 

So through the forum here I hired an expert to sort it out. My own personal P'shop stormtrooper. He was great, but HAL quickly defeated him too. Tossed him aside like used confetti. His best answer was a valiant rescue plan to help me move hosts, like I was some kind of battered [spam-filter].. plus a few lovely French expletives.

 

So in a moment of desperation I thought I might try one of my host's pre-installed shopping carts to see if I could get the URL working that way. Which would mean it was actually possible and I could talk to HAL about that. By now I was obsessed with getting what I wanted from HAL.

 

And lo and behold, I discovered my host had introduced P'shop as a pre-installed option some time after I had signed up with them and I hadn't realized it.

 

So I hit the install button on Prestashop and the first question it asks me is, what URL are you going to use! Crikey - that's the holy grail of questions! I hit the payload!

 

So I installed that P'shop with a real live URL, and never had the problem of an exposed admin folder again.

 

And HAL and I are now in a warm and loving relationship. I Livechat HAL with spurious questions whenever I am feeling lonely. Everybody lived happily ever after.

[Antonio Mecca]

Ok, but if i want only to deny the google indexing of my ajax cart?

In Google SERPS, the first thing Google view is my shopping cart (empty). How can fix this issue?

[CraigMeade]

Hi Antonio, isn't that best handled with your robots.txt file?

 

I'm surprised it's not blocked by that file already.

 

I ended up blocking all of my CMS pages with robots.txt as Google was doing the same thing with my delivery and security pages.

 

I've also removed these kind of pages from my sitemap.xml. It's not a total solution, but better than handing them to Google on a plate.

 

I then moved to adding no index to those kind of pages.

 

They are still visible on Google but I hope over time they will disappear or be overcome by my product pages with planned SEO.

[phrasespot]

leszekem, sorry I did not notice your post earlier.

 

Protecting your admin folder

 

1) The computer you are using to access the shop's BO has a static IP address

a)

find out your IP address

place a

.htaccess

file in

/prestaintall/renamedadminfolder/

directory with the following (replace 88.88.88.88 with the address from step a)

 

Order Allow, Deny
Allow from 88.88.88.88

 

Multiple addresses are possible if you access BO from multiple locations

 

Order Allow, Deny
Allow from 88.88.88.88
Allow from 11.11.11.11
Allow from 121.121.121.121

 

2) The computer you are using to access the shop's BO has a dynamic IP address

a)

You use cPanel

You don't use cPanel

[CraigMeade]

This is great Phrasespot. Thank you.