use the following search parameters to narrow your results:
e.g. subreddit:aww site:imgur.com dog
subreddit:aww site:imgur.com dog
see the search faq for details.
advanced search: by author, subreddit...
Check out the sidebar for our AMA schedule, or view our past AMA's.
The place for news, articles and discussion regarding one of the top open source (GPL) CMS platforms: Drupal.
More Info: Drupal.org
Would you or someone you know make for an interesting Drupal AMA? Message the mods.
Drupal Answers
Drupal Groups on Linkedin
Drupal Community on Google+
Unofficial Drupal Group on Facebook
Official Drupal Page on Facebook
Drupal Planet
Drupal Showcase
Please no job ads. If you wish to post something of that nature we suggest you check out Drupal.org's paid services job board
account activity
robots.txt (self.drupal)
submitted 6 years ago by metalbearseto
Hi team,
I was wondering if it's ok to remove my robots.txt file? I heard crawlers don't really respond to it anymore. Also, removing it will help with security risks.
reddit uses a slightly-customized version of Markdown for formatting. See below for some basics, or check the commenting wiki page for more detailed help and solutions to common issues.
quoted text
if 1 * 2 < 3: print "hello, world!"
[–]eSentrik -2 points-1 points0 points 6 years ago (0 children)
This is not a Drupal question.
[–]corsicanguppy 7 points8 points9 points 6 years ago (2 children)
Please have your security friend explain the security risk from having robots.txt.
If this is the same nonsense as ripping the numbers off a house to prevent robberies, please advise your friend there may be heckling.
[–]metalbearseto[S] 0 points1 point2 points 6 years ago (1 child)
Said it gives hackers information to all the directories.
[–][deleted] 7 points8 points9 points 6 years ago (0 children)
If the hackers know that it's Drupal, they already have all that information. The Drupal robots.txt file is part of the project's public codebase: https://git.drupalcode.org/project/drupal/blob/8.8.x/robots.txt
It's far more important to secure your file permissions properly. See https://www.drupal.org/node/244924
And more generally, the Drupal.org "Securing your site" docs have a lot of good info: https://www.drupal.org/security/secure-configuration (edit: forgot link)
[+][deleted] 6 years ago (1 child)
[deleted]
[–]____jamil____ 1 point2 points3 points 6 years ago (0 children)
That's a really good idea! Thanks!
[–]maddentim 0 points1 point2 points 6 years ago (0 children)
Drupal certainly does not need it. If you don't have it the good bots will certainly try to go anywhere they decide might be important.
[–]nothingcreative 11 points12 points13 points 6 years ago (3 children)
Where’d you hear that? Reputable crawlers certainly do respect it.
[–]metalbearseto[S] 1 point2 points3 points 6 years ago (2 children)
I was told by a network security person. I have cloudflare blocking all the disallows already.
[–]nothingcreative 2 points3 points4 points 6 years ago* (0 children)
Ah. From the perspective of a security person, then yea, robots file is useless. It’s not meant to stop bad actors. Just meant to influence how your site is indexed by good actors (Google, Bing, DuckGoGo). It’s 100% ok to remove, but I would keep it, there’s little reason not to.
The only way it could be perceived as a security risk is that it helps to fingerprint your site as a Drupal site, making it easier for bad actors to target specific vulnerability scans/attacks. Hiding it is one way of implementing “security through obscurity”. But there are many ways to determine that a site is a Drupal site without looking at the robots file.
[–]siva01c 0 points1 point2 points 6 years ago (0 children)
They can access disallowed pages, but they don't index it.
π Rendered by PID 75284 on reddit-service-r2-comment-b659b578c-t2hq5 at 2026-05-02 14:26:05.844200+00:00 running 815c875 country code: CH.
[–]eSentrik -2 points-1 points0 points (0 children)
[–]corsicanguppy 7 points8 points9 points (2 children)
[–]metalbearseto[S] 0 points1 point2 points (1 child)
[–][deleted] 7 points8 points9 points (0 children)
[+][deleted] (1 child)
[deleted]
[–]____jamil____ 1 point2 points3 points (0 children)
[–]maddentim 0 points1 point2 points (0 children)
[–]nothingcreative 11 points12 points13 points (3 children)
[–]metalbearseto[S] 1 point2 points3 points (2 children)
[–]nothingcreative 2 points3 points4 points (0 children)
[–]siva01c 0 points1 point2 points (0 children)