Blog, Website & Page Publishing

helen_c
Contributor

Turning off private content

SOLVE

Is there any way to disable or block access to pages/emails for private content? (/content-membership/all-domains/basics)? We don't use these, but I can see from the activity logs that people have still managed to find/access these pages and have attempted to register/log in/password reset even though there is nothing to login to.

 

Our security team originally flagged this as a possible vulnerability. The pages were found by a bug hunter and the assumption was that this was a log in to our CMS. I assured them that was not the case, but I am still unsure if there are any other potential risks here. If not, I do also have a slight concern that this is quite poor UX if our customers were to somehow stumble on these. 

2 Accepted solutions
Lucila-Andimol
Solution
Most Valuable Member | Platinum Partner
Most Valuable Member | Platinum Partner

Turning off private content

SOLVE

Hey @helen_c 

so there quite a few things that you can do just reassure that no more contacts are accesing any private content

- Remove contacts from the access list

- create URL redirect for that content so that they finish in another page (home/blog/etc)

- add no index tags to pages/blog so that its no longer found by search engines or bots

 

hope this helps

María Lucila Abal
COO Andimol | Platinum Accredited Partner
HubSpot Expert, Top Community Champion | Hall of Fame IN23&IN24
Certified Trainer (12+ years) | SuperAdmins Bootcamp Instructor

Have questions? Get answers:

Get Premium Support

Did my post help answer your question? Mark this as a solution.

View solution in original post

Lucila-Andimol
Solution
Most Valuable Member | Platinum Partner
Most Valuable Member | Platinum Partner

Turning off private content

SOLVE

Hey @helen_c 

are you following this steps?

https://knowledge.hubspot.com/domains-and-urls/create-and-manage-url-redirects

 

just to summarize the previous conversation you can also use a password protect page (1 password for all) that you can only give to your contacts/leads

Another option is to use smart conent with a tracking URL: this way you show the page content to people accessing from the url with the parameters you define, and other people just dont see it or see anything else.

hope this other ideas help

María Lucila Abal
COO Andimol | Platinum Accredited Partner
HubSpot Expert, Top Community Champion | Hall of Fame IN23&IN24
Certified Trainer (12+ years) | SuperAdmins Bootcamp Instructor

Have questions? Get answers:

Get Premium Support

Did my post help answer your question? Mark this as a solution.

View solution in original post

0 Upvotes
7 Replies 7
JMistretta
Participant

Turning off private content

SOLVE

Was the answer to this question posted?  We are also trying to do the same thing within the application to prevent people from accessing pages we dont use and since the page is a reserved on, we can't implement re-directs.

0 Upvotes
JMistretta
Participant

Turning off private content

SOLVE

Was this ever resolved as we are trying to do the same thing.  We don't have any secure content and don't want people finding the page at all.

0 Upvotes
helen_c
Contributor

Turning off private content

SOLVE

For added clarity, I'm not trying to restrict access to any content. We don't have any content we wish to gate/restrict access to. I'm trying to determine if it's possible to disable the registration, log in and password reset pages set up for private content purposes, so that these cannot be found by external parties. 

0 Upvotes
Lucila-Andimol
Solution
Most Valuable Member | Platinum Partner
Most Valuable Member | Platinum Partner

Turning off private content

SOLVE

Hey @helen_c 

so there quite a few things that you can do just reassure that no more contacts are accesing any private content

- Remove contacts from the access list

- create URL redirect for that content so that they finish in another page (home/blog/etc)

- add no index tags to pages/blog so that its no longer found by search engines or bots

 

hope this helps

María Lucila Abal
COO Andimol | Platinum Accredited Partner
HubSpot Expert, Top Community Champion | Hall of Fame IN23&IN24
Certified Trainer (12+ years) | SuperAdmins Bootcamp Instructor

Have questions? Get answers:

Get Premium Support

Did my post help answer your question? Mark this as a solution.

helen_c
Contributor

Turning off private content

SOLVE

Thanks! As said, we don't use private content - people are finding our default template pages for registration, sign in, password e.g. /_hcms/mem/login - so I'm unsure how to apply solutions 1 and 3. For 1) we don't have an access list because we don't use the functionality at all and for 3) I can't edit the code on the default templates.

 

URL redirect seemed like the most viable option but I just tried that and was denied. The following message pops up - 

helen_c_0-1712138832392.png

 

Lucila-Andimol
Solution
Most Valuable Member | Platinum Partner
Most Valuable Member | Platinum Partner

Turning off private content

SOLVE

Hey @helen_c 

are you following this steps?

https://knowledge.hubspot.com/domains-and-urls/create-and-manage-url-redirects

 

just to summarize the previous conversation you can also use a password protect page (1 password for all) that you can only give to your contacts/leads

Another option is to use smart conent with a tracking URL: this way you show the page content to people accessing from the url with the parameters you define, and other people just dont see it or see anything else.

hope this other ideas help

María Lucila Abal
COO Andimol | Platinum Accredited Partner
HubSpot Expert, Top Community Champion | Hall of Fame IN23&IN24
Certified Trainer (12+ years) | SuperAdmins Bootcamp Instructor

Have questions? Get answers:

Get Premium Support

Did my post help answer your question? Mark this as a solution.

0 Upvotes
PamCotton
Community Manager
Community Manager

Turning off private content

SOLVE

Hello @helen_c, thank you for posting in our Community!

 

Thank you for bringing this concern to our attention. I understand the importance of maintaining security and ensuring a smooth user experience for our customers.

 

 

I want to invite our top experts to this conversation @Crystal_Hopper, @Edouardbrunetot, and @Lucila-Andimol any recommendations for @helen_c matter?

 

Thank you,

Pam

Você sabia que a Comunidade está disponível em outros idiomas?
Participe de conversas regionais, alterando suas configurações de idioma !


Did you know that the Community is available in other languages?
Join regional conversations by changing your language settings !




0 Upvotes