Prevent User Profiles From Getting Indexed by Search Engines

Hi! I’ve just found out that there’s a big problem with user account spam on xwiki.org.

Since there’s no restriction on user posted links, there seem to be quite a few accounts that are created for the sole purpose of redirecting to some other website in their user “about” section for SEO gain.

This is detrimental to XWiki as it could lead to lower rankings in search engines and also lost time from the maintainers dealing with removing the spam accounts.

@MichaelHamann made a proposal on matrix about adding the following to user accounts on xwiki.org, and I agree that it would be a good fix for the short term:

## Don't index user profiles as they frequently contain spam
#if (!$doc.getObjects('XWiki.XWikiUsers').isEmpty())
<meta name="robots" content="noindex, nofollow" />
#end

What does everyone else thing? What other solutions would be there for the long term.

Note: this issue doesn’t only affect xwiki.org, but all XWiki public instances that didn’t modify this behavior.

Also note that we have a tool to remove inactive accounts that can help. I run it from time to time but I’m often forgetting: https://extensions.xwiki.org/xwiki/bin/view/Extension/AntiSpam%20Tool%20Application#HInactiveUsers

Another point discussed in the past is to:

• Install Change Request extension on xwiki.org (after it’s been fixed to work for guest users) and set it so that committers are validators.
• Disable registration by default but still allow users to ask for an account if they want to contribute regularly for example.

Thanks!

I’m obviously +1 to add that snippet as I suggested it. This should remove any SEO value (and harm) from these spam user profiles.

In general, I think we need to put some time into optimizing XWiki for a public wiki use case with rel="nofollow" in appropriate places, noindex rules for content that is duplicated in each instance like the help application, and an admin dashboard to manage these noindex rules. Further, a sitemap (that also considers these noindex rules) could help crawlers to index the whole wiki.

As discussed in the chat, I’m not convinced that using Change Request with guest accounts is the solution as it just moves the spam.

A more long-term solution I would suggest is to make user profiles private. Basically, I would suggest to:

• Make user profiles private to the user
• Remove global edit right for all users and just grant it to trusted users (maybe a new user group)
• Use change request for contributions

And if we want to make user registration easier, we should use SSO with popular providers like Google and GitHub.

Related workaround: https://snippets.xwiki.org/xwiki/bin/view/Extension/Initialize%20rights%20of%20user%20profiles/

Related posts:

• User profile are visible from outside - #4 by watery
• How to secure users profile on xwiki with public space
• Permission of some properties of user's profile
• Hide user list in xwiki 9.6
• Hiding user profile list from all
• Hide the user directory for non-admin users - #17 by vmassol
• How to restrict users from accessing other users profiles and profile data - #3 by gerritjankoekkoek

I agree that we need a built-in option to make user profiles private. We need to handle the user directory too so that maybe it’s accessible only to admins when this option is turned on.