I was a little disconcerted to find my WordPress login page had been cached by Googlebot and I was particularly alarmed when Googlebot later spidered its way to the lost password screen. Now that might not have been a genuine security threat but I didn’t want to take any chances. Nobody wants to be a Googledork, right?
The simple fix is to simply tell Googlebot and other search engine spiders to steer clear of my WordPress administration files. This can be accomplished by the use of a robots.txt file in the root directory.
But I now had a new problem. My blog entries were in the same directory as those admin files and the robots.txt file was also preventing search engines from indexing my entries. I’m not big-headed enough to believe that this site would be tremendously useful to most folks but there might be an entry or two in here with useful links for others if they could only find it. The trick was to allow the search engines to index my blog entries without indexing the admin files.
So I moved my blog entries to the root directory. The WordPress site has instructions for doing this and the process is straightforward. I did lose the ability to edit the blog entries directly but it’s a relatively minor inconvenience and I’m willing to accept the trade-off for the added peace of mind.