Hiding and Private Pages

I have Lockdown Stack on my Rapidweaver website which hides Private Pages brilliantly using passwords BUT, and this is a big BUT, when someone has visited a hidden page the URL is shown in the search bar.

Also I have noticeed Google shows the hidden pages URLs as well.

Is there any way to prevent this happening as the pages are Private and should not be so easily accessed?


I use Page Safe from Joe Workman. The page will not get past the Page Safe login until you enter the password/passcode. It does not matter if the URL is known, you won’t see the content.

1 Like

I believe LockDown from Yourhead(@isaiah) should work the same way as PageSafe does. No password, No access.

Of course, without a password, someone wouldn’t be able to get access to the private page. LockDown and Pagesafe both put page content behind a password(or passcode), neither product will ”hide” a URI from being ng displayed in the browser’s address bar or being discovered and found.

If what you’re looking for is to try and ”hide” the existence of a page, then neither product will achieve that goal by themselves.

If you are looking to conceal the URL in the address bar, you can do a search for ”URL masking using htaccess” and you can find a bunch of how-to guides.

Search engines like Google, don’t have any special abilities, they can’t index what’s on a page that they can’t access. Since they don’t have the password or passcode they can’t crawl the content of the page.

However, they can know that the page exists, because there are links to the page in the navigation, in a sitemap, on another page on your site, or other sites.

You can’t just check the box not to index the page on the page inspector because the search engine can’t go scan the page because of the password. You can use a robots.txt file. However, there is no guarantee that a page might still show up in search results, and the robots.txt is accessible by anyone and can point bad folks to a page that you are trying to hide.

You also should be aware that neither of these products will protect resources or subdirectories if someone knows the URI of what they are looking for.

Thanks for some great suggestions Guys.

Having the URL doesn’t give Google or anyone else access to the page.

There is a stack called PageSafe.
This stack is from JoeWorkman. This stack hides any content you put inside of it with a server-side script written in php to load the hidden content only when a user has a password. Google will be able to see the sign-in form – but since Google doesn’t have the password, the hidden content is never loaded or indexed by the search engine. The hidden content is stored in a file on the server that only the server-side script knows about. Google will not know about or index that hidden file because there will not be any links to that file on your site – the only reference to the file is inside the script which Google can’t access.

There is also a plugin called LockDown.
This is a page-type plugin (just like Stacks is a plugin) written by LogHound and maintained by me. It’s in maintenance only mode now. We still sell licenses to it for folks still using it but don’t recommend it to anyone any longer. Because it modifies server settings indirectly it’s very difficult to support when things go wrong.
Lockdown uses your server’s access privileges to make a folder of your web server accessible only after entering a password.
Again, even though the URLs are visible to the visitor does not mean that Google can access those URLs or index those pages. Since Google doesn’t have the passwords, it can’t access the pages.

You can affect which URLs you want Google to index through changes to your sitemap.xml file. But that really doesn’t have anything to do with security, so I’m just going to leave it at that.


I recommend using a stack like PageSafe above if you’re after convenience or learning how to edit your server’s .htaccess files directly if you need a more direct way to change permissions.

If you want more advanced ways of protecting a lot of content, need finely tuned access privileges, have a lot of users with different passwords, or need privacy as well as security – and thus need encryption – then you should look to a enterprise class service. Dropbox did offer such a service for about a year – however I think they’re phasing it out now – but there are other similar sharing services that allow you to specify users, encryption, etc. These sorts of things don’t really come cheap however, enterprise grade encryption is marketed towards corporations with fat wallets – so you’ll probably pay more monthly for that sort of thing than most of these RapidWeaver and addons combined.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.