Welcome to WebmasterWorld Guest from 54.224.148.71

Forum Moderators: Robert Charlton & aakk9999 & andy langton & goodroi

Message Too Old, No Replies

How to Handle Google Authorization Errors for Wordpress

     
2:16 pm on Apr 24, 2013 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member 10+ Year Member

joined:Aug 27, 2003
posts:1597
votes: 0


I posted in the Global Wordpress Hack Underway [webmasterworld.com...] my problem of the sudden increase in authorization permission errors being reported in GWT.

The errors were of this form:

wp-login.php?redirect_to=http%3A%2F%2Fwww.DOMAIN.com%2FCATEGORY%2FPOSTNAME

The errors started a week after I introduced a password protection for extra layer of security for the site

I have removed the password protection in htaccess and deleted .htpasswd which I thought triggered the authorization permission errors. What that did was to halt the rise of the authorization permission errors. However, the errors simply remained constant - it did not increase but it also did not decrease. And yes, I keep getting messages in GWT about the authorization permission errors

Where else should I look at?

My robots.txt file currently has

User-agent: *
Disallow: /wp-admin/
Disallow: /wp-includes/
Disallow: /wp-content/plugins/

Should I add

Disallow: /wp-

to prevent Googlebot from accessing wp-login.php?

Note that:

- Wordpress has been installed since Jan 2012, and I've never had any authorization permission errors.
- WP-login.php is not linked anywhere on the site

This started April 1, and traffic has started to fall last week. Any direction you can point me to will be greatly appreciated.
1:53 am on Apr 25, 2013 (gmt 0)

Senior Member

WebmasterWorld Senior Member tedster is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:May 26, 2000
posts:37301
votes: 0


No, I wouldn't just Disallow /wp- Although that would probably fix your immediate issue, it might disallow other files that you don't want to block, because it's a bit too open-ended for my taste and that could lead to unintended issues in the future.

Since you want to block crawling of /wp-login.php, why not Disallow exactly that?
12:00 pm on Apr 26, 2013 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member 10+ Year Member

joined:Aug 27, 2003
posts:1597
votes: 0


Thanks Tedster. We're seeing some very little progress even with the

Disallow /wp-

From 687 errors at its peak, we're down to 683 then 681. It seems like a slow climb down. But I'm hoping that the downward trend continues, albeit slow

Funny thing is even with Disallow: /wp-content/plugins/ , GWT includes URLs like this as one of the authorization permission errors:

wp-content/plugins/si-captcha-for-wordpress/si-captcha-admin.php

Given the constant attacks we've had since last year, we moved to a new webhost this year and are making sure that the server this time is properly configured and hardened. Once the migration is done this week, I'll revisit the robots.txt file again and simply do /wp-login.php disallow
10:07 am on July 9, 2013 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member 10+ Year Member

joined:Aug 27, 2003
posts:1597
votes: 0


I ended up doing a

Disallow: /wp-login.php

Google finally recognized that on 7/6 and access denied errors dropped. It took a while before GWT showed the drop in access denied, from the time it first started on 4/10.

Now the wait when the traffic I lost coinciding with the rise of access denied errors will come back up