File attachments and access control

Created by Mac Clemmens, Modified on Mon, 23 Sep, 2019 at 5:24 PM by Mac Clemmens

If I access-control a post, are file attachments secure?

While posts can be access-controlled, file attachments are public to anyone who has the URL. This is important functionality for email blasts and other types of content that will often link to attachments, but this is counterintuitive for many users who expect the file attachments to have the same access control as the post they are attached to. 


While most file attachment names would be impractical to guess, it is important that you do not put confidential, highly sensitive, or potentially damaging information on your website. Learn more about confidential information and your website.



How do I keep Google and other search engines from indexing my file attachments?


It is unlikely but possible that Google might index attachments on access-controlled pages. To tell Google (and other search engines) to not index the contents of your site files directory, system administrators may disable indexing of PDFs sitewide. Note that this will prevent indexing of all your site's PDF files.

This does not guarantee that users will not find these files, so confidential information should be further protected (for instance, with a PDF password) or not uploaded to this website.

Was this article helpful?

That’s Great!

Thank you for your feedback

Sorry! We couldn't be helpful

Thank you for your feedback

Let us know how can we improve this article!

Select at least one of the reasons
CAPTCHA verification is required.

Feedback sent

We appreciate your effort and will try to fix the article