Doyenhub

logo
logo
logo
logo

OUR BLOGS

June 17, 2013

Hiding SharePoint Application page (_Layouts Pages ) For Public Facing Site

Hiding _Layouts Pages in SharePoint

Hiding_layouts pages in SharePoint is essential for improving security and SEO. These application pages handle backend operations and should not be accessible to the public or search engines. By hiding them, you can prevent unauthorized access and ensure search engines focus on indexing the right content.

For sites built using the “publishing site” template, the ViewFormPagesLockDown feature is activated automatically. This feature blocks access to “_layouts” pages, ensuring they remain hidden from unauthorized users and search engines. However, if you’re using other templates like “team site” or “blank site”, this feature is not enabled by default. Fortunately, you can activate it manually to protect your site.

What Are _Layouts Pages?

_Layouts pages are application pages stored in the “_layouts” directory in SharePoint. These pages manage administrative tasks such as settings and configurations. While they are vital for backend operations, they:

  1. Pose Security Risks: Exposing these pages may allow unauthorized users to access sensitive information.
  2. Cause SEO Issues: Search engines may index these irrelevant pages, lowering your site’s visibility for more important content.
  1. Security Risks: Unprotected “_layouts” pages allow unauthorized users to view or manipulate backend operations.
  2. SEO Issues: These pages add unnecessary content for search engines to index, leading to poor site rankings.

How to Activate the ViewFormPagesLockDown Feature

If your site template does not enable the ViewFormPagesLockDown feature, you can activate it manually. Follow these steps:

  1. Open the SharePoint Management Shell.
  2. Run the following command:

php

stsadm -o activatefeature -url <YourSiteURL> -filename ViewFormPagesLockDownfeature.xml

Important Note:
If anonymous access is enabled before running this command, you must disable it and then re-enable it after activation to apply the changes successfully.

Making Specific Pages Public

If certain “_layouts” pages must remain accessible to anonymous users, use the UnsecuredLayoutsPageBase class. This approach allows you to exclude specific pages from the restrictions while keeping others hidden.

Why Hide _Layouts Pages?

Hiding “_layouts” pages offers the following benefits:

  • Improved Security: Prevents unauthorized access to backend tools.
  • Better SEO: Ensures only relevant content is indexed, avoiding duplication and irrelevant search results.

Best Practices for SharePoint Public-Facing Sites

  1. Activate the ViewFormPagesLockDown feature for all public-facing sites.
  2. Use a robots.txt file to restrict search engine crawlers further.
  3. Monitor your site’s anonymous access permissions to maintain security.
  4. Regularly audit indexed pages using tools like Google Search Console to confirm that “_layouts” pages are not visible.

Also Read – Guide for installing vuestorefront pwa for magento2

By hiding “_layouts” pages and managing access permissions effectively, you can create a secure, user-friendly, and SEO-optimized SharePoint public-facing site.

Shraddha Shah
SharePoint Developer

 

Leave a comment

Your email address will not be published. Required fields are marked *