Download
We're evolving to serve you better! This current forum has transitioned to read-only mode. For new discussions, support, and engagement, we've moved to GitHub Discussions.

Can I use Publii to create private / secret links?

  • #9476
    Avatar photo[anonymous]

    I am thinking of using Publii for a documentation that is not public but only accessible with a private link (similar to Google Docs). Everyone who has the private link can access a page or the entire site.

    I am not sure if a workaround by just using random characters in the page URL will do it.

    What do you think about that?

    #9487
    Avatar photo[anonymous]

    You can tick “Hide post” and “Exclude from homepage” in post editor, and it won’t be listed publicly.

    #9488
    Avatar photo[anonymous]

    Alright .. that’s what I thought .. and then just add a random URL mydocu.com/clientname-asdlj209u0s9d0942cj309

    Not sure if I feel confident with that though

    #9581
    Avatar photo[anonymous]

    Just to add to what privii mentioned: the hide post and exclude options only apply to how your pages are displayed within your site. If your users need to access a directory or post listing, you shouldn’t hide your posts.

    If your goal is to hide your entire website from search engines: go to your site settings, and under SEO, select “Noindex website”.

    If you only want to hide certain pages/posts from search engines, set the Meta robots index to “noindex, nofollow” for each post.

    Besides that, though, this won’t prevent people who shouldn’t access your site to view it if they get the link. Depending on how sensitive or private you really want the info to be, consider implementing some kind of password-protection or authentication. There are external options out there for static sites.

    #9586
    Avatar photo[anonymous]

    I notices already that Publii is perhaps not the ideal tool for that. There are no password protected pages / subpages.

    It’s interesting though that many of us just share private links e.g. to Google Docs, and in the end, it’s just a secret URL. It wouldn’t be that difficult to create manually such kind of URL with random characters. That’s why my initial thought to just create a permalink with a random string to “simulate a secret link” in Publii

    #9589
    Avatar photo[anonymous]

    Yeah, you can certainly make the slugs a series of random characters manually, but there’s no password-protection out of the box. It looks like it’s possible to do, but requires some external tools.

    Password protection is available if you deploy using Netlify Pro (as well as other site protection options), and based on a quick Google search of “static site password protection”, there are a couple of options out there like StaticShield.

    That said, your site could still be accessed if someone shared the password. As you’ve mentioned: a lot of what is seen as “private” or “secret” on the web is illusory. For example, it’s possible to share a photo from a private Facebook account with someone who isn’t signed in if you have the photo’s URL on the server. Granted, that link may dynamically change after a certain time, but the point remains: nothing is 100% safe…

    #9594
    Avatar photo[anonymous]

    I just checked my initial post – maybe now it’s time to reveal the use case 🙂

    My idea was to use Publii to make documentation for clients. Publii is easy to set up, it’s fast, easy to maintain, edit content, etc.

    Initially, I thought about using Gitbook for documentation. I could use any tool for it, but there is one thing that I find interesting.

    Some applications allow being integrated as iFrame within the WordPress backend. Notion for instance does not. But Publii does. That means I can make a client documentation within Publii, and just integrate it into the WordPress backend. The client just has the menu item in the WP backend “Documentation” and it shows the Publii site right in there.

    It would not contain passwords or the like, but it still should not be something that is public.

    That’s why I came up with the secret links that so many apps use. And I thought, well, a secret link would be something I could also create myself with random characters

    #9599
    Avatar photo[anonymous]

    Some interesting ideas.

    Here’s one more to consider to create a membership website.

    You could have two Publii websites with both possibly / probably using the same Publii theme:

    – The publicly accessible site would be uploaded to: https://www.yourdomain.com/ = content open to everyone.

    – All member-only content could be sync to: https://www.yourdomain.com/cgi-bin/members

    All member-only content inside /members/ could be protected behind your membership access wall using https://www.willmaster.com/software/membersonly/index.php

    One drawback: you would have a membership user database online in your web hosting, so that has some security implications to think about. Plus of course cookies implications, etc. But you can address these areas, strengthen security as your web host, plus deal with cookies implications in your Publii cookies options, terms of use / membership, privacy pages, etc.

    Yes, this membership software solution uses PHP so might be considered by some to be somewhat dated, but it is stable, proven, should work well into the future, do what it promises, and be as secure as we would hope. Each member will have their own unique username (email address) and unique password they create when joining or registering.

    I haven’t tested the combined solution yet but it looks like it could offer a promising ‘full membership website management’ option that might work well with Publii. The developer could probably help further.

    Or, who knows, a Publii wizard might come up with a Publii plugin that does something similar 🙂 – though it seems like a lot of work for a plugin.

    #9600
    Avatar photo[anonymous]
    [anonymous] wrote:

    It would not contain passwords or the like, but it still should not be something that is public. That’s why I came up with the secret links that so many apps use. And I thought, well, a secret link would be something I could also create myself with random characters

    Gotcha! If you only need a URL and a site that’s not public, you should be good to go with writing random slugs manually (or even using some kind of hash generator to do the work for you) and making sure to set the site to no-index.

    If you ever need password-protection, it would be done on the WordPress side, I presume.

    #9601
    Avatar photo[anonymous]
    [anonymous] wrote:

    Some interesting ideas. Here’s one more to consider to create a membership website.

    Thanks for sharing. I just wanted to mention: there are simpler (and cheaper) ways of implementing user authentication, some of which are open-source. I’ve listed some in another thread.

    #9602
    Avatar photo[anonymous]
    [anonymous] wrote:

    Some interesting ideas.

    Here’s one more to consider to create a membership website.

    It sounds like quite an overkill to go into a membership platform. Sound like a completely different solution / approach to me

    #9603
    Avatar photo[anonymous]
    [anonymous] wrote:

    Gotcha! If you only need a URL and a site that’s not public, you should be good to go with writing random slugs manually (or even using some kind of hash generator to do the work for you) and making sure to set the site to no-index.

    Thanks for confirming .. I’ll experiment with it a bit and see if I can make something out of it because if I follow that approach I want only one single Publii setup for several client documentation. It’s just not worth it to set up a separate site on a subdomain for each client. In the end, it’s just a bit fancier documentation instead of PDF, so I can not invest too much and it must be simple to set up for each client.

    Let’s see if I figure something out here 🙂

    Thanks so far!

    #9604
    Avatar photo[anonymous]

    Maybe you can find a solution with PageCrypt ( https://www.maxlaumeister.com/pagecrypt/ )

    For a documentation website you can check if docsify fits your goals ( https://docsify.js.org/ )

    #9606
    Avatar photo[anonymous]
    [anonymous] wrote:

    Maybe you can find a solution with PageCrypt ( https://www.maxlaumeister.com/pagecrypt/ )

    For a documentation website you can check if docsify fits your goals ( https://docsify.js.org/ )

    Thanks. I thought I have seen most of the tools, but I think Docsify is new to me. Maybe it’s a good fit.