uploaded resumes appear in google search

Hey Allisond,

This happened to me too. The problem is that Job Manager puts all the uploaded documents into the /wp-content/uploads folder. Because this folder is not secure out-of-the-box, you have to defend yourself from search engine crawlers and snoopers with a few security tricks:
1. Create a new robots.txt file with the following information in it:

User-agent: *
Disallow: /wp-admin/
Disallow: /wp-includes/
Disallow: /wp-content/

Put this file at the root level of your WordPress site (same folder as your wp-config.php file).

2. Put a blank or redirect index.php file in your /wp-content folder AND in your /wp-content/uploads folder. Mine looks something like this:

<?php
header('Location: https://www.myhomepage.com');
?>

This will cause web browsers to not show anything, or if it is a simple redirect, kick them out of the folder and push them to a page of your choice (like the homepage).

3. Edit your .htaccess file to require a login to view anything in the /uploads folder:

RewriteCond %{REQUEST_URI} ^.*uploads/.*
RewriteCond %{HTTP_COOKIE} !^.*wordpress_logged_in.*$ [NC]
RewriteRule . /wp-login.php?redirect_to=%{REQUEST_URI} [R,L]

This file goes a root as well, and if you have one already, just add the above code to it. I’m not sold on how well it works since I have to clear my cache to test it every time (removing the cookie), but it should add some security against snoopers.

Try those three things, and you should have your documents somewhat protected. Hopefully the next release of Job Manager will allow it to upload documents in its own, secure folder. But until then, this is what you have to do if you want to use the plugin and not have resumes show up in Google Search!

Cheers!

Hello leafbreeze. Thank you so much for responding to my post and your in depth solution and answer. After doing some research on the internet, I did create a robots.txt file like you said but I put the following on it to hopefully stop Google from crawling on the resume images:
User-agent: Googlebot-Image
Disallow: /*.pdf$

User-agent: Googlebot-Image
Disallow: /*.docx$

Will this fix the problem or do I need to do what you explain above.
Thank you so much for your help with this.
Allison

Hey Allison,

Not sure if the Disallow statements will stop all the robots, since the only robots that obey at Robots.txt file are legitimate ones (Google, Bing, Yahoo!). But if you’re just trying to stop Google, you may want to go the next level:

1. Have a Gmail account with Google
2. Open a Google Webmaster Tools account (Google Search Console)
3. Add your site to the account
4. Test your Robot.txt file using the Google Search Console
5. Modify your sitemap.xml and tell Google what is allowable

If you try those things, you benefit from three (3) types of things:
1. You manage Google Search behavior
2. You can discover keywords that are used to find pages on your site.
3. You can ask/force Google to “forget” links that are now broken or removed

It may take some reading to get completely up to speed, but this will help you improve your site by seeing “behind the curtain” on how Google see your site in search results.

Cheers!
Kyle