Secure your drupal intranet better, make it invisible for Google

A Drupal intranet is a closed, internal system. The privacy sensitive content is only visible after logging in. But in a standard Drupal installation the login page of your intranet will be indexed by Google. You would rather not see this happening, because even though people cannot log in you are still giving a large part of your security away. Namely: the location of your Drupal intranet.

And Google is smart, very smart, and is only getting smarter; there is a big chance that your intranet will be found and thus seen when somebody is searching for the keywords ‘your company’ and ‘intranet’. This will enable people to find the login link of your intranet via Google.

Make your Drupal intranet invisible for Google:

1. Install module Robots.txt

Install the module Robots.txt in your Drupal intranet.

2. Remove the standard robots.txt from your Drupal installation:

!) Please note, this is a Drupal core hack and should be avoided. But in this case there is no other option. Document this carefully using a patch for future updates.

3. Configure your new robots.txt via the module:

Go to /admin/config/search/robotstxt and enter the following:

To clarify, delete everything under the commentaries and enter:

User-agent: * Disallow: / Noindex: /

4. Add meta tag

A good additional measure is to include the following meta tag on the login page:
meta name="robots" content="noindex"

Can your Drupal intranet already be found in Google?

First apply the above module to avoid to be indexed again after the following action via the Google Search console (Webmaster tools):

When your Drupal intranet is not registered yet, you will need to do this first via a short verification process. This process is starting with the registration in the search console.

Once you have completed this process and have logged into the Search console:

1. Go to ‘Google index’ -> ‘Remove URL’.
2. Click ‘Temporary hide’.
3. Enter the URL of your Drupal intranet.

This is temporary. If you want to remove it permanently you will need to do this via robot.txt and meta tags as described above. See this Google guide for more information.

Wrap up

That’s it. Questions? Let me know!

PS,
Find more info on robots.txt here.