Here is some of the countermeasure you need to take to defend you from “Google Hacking”

Google hacking: Google Hacking or Google Dorking is a hacking technique, where an attacker will
use this technique to find sensitive information, misconfiguration and
vulnerabilities on target by Applying advance google search operators.

Defense against google hacking:

1. Use robots.txt file to block the URLs which is hacking sensitive

A robots.txt file is a file at the root of the site which indicates those parts
of the sites, we don’t want to be accessed by search engine crawlers. This
the file uses the Robots Exclusion Standard, which is a protocol with a small
set of commands that can be used to indicate access to the site by section
and by specific kinds of web crawlers (such as mobile crawlers vs desktop
User-agent: *
Disallow: /wp-admin/
Allow: /wp-admin/admin-ajax.php

2. Using meta tag in HTML.

Mention “no index” meta tag in the HTML code of the page so google
crawlers will ignore that page and that will go next page.


meta name=”robots” content=”noindex”>
To prevent only Google web crawlers from indexing a page:
<meta name=”googlebot” content=”noindex”>

3. Protecting all server directories with passwords.

Google crawl and other crawlers not having access over the file which are
protected with a password and when you feel there is some sensitive
information on the server and you don’t want to give chance to index with
Google, visit: .htaccess file and mention password-protect directories on

Example with apache server:

Open apache configuration file:  nano /etc/apache2/site-available/000-default.conf

Add below tags, this is to protect /var/www/html directory

Apache2.2 versions

<Directory /var/www/html>
Option Indexes Include FollowSymLink MultiView
AllowOverride All
Order allow,deny
Allow from all

Apache 2.4

<Directory /var/www/html>
Option Indexes Include FollowSymLink MultiView
AllowOverride All
Required all granted

And save it – restart the apache server.
And give passwords for directories using .htaccess file with file and
username and password.
After implementing this all security measures also we can’t say our web
site is fully secure. best way to secure and find out organization security poster
is hiring a security professionals like ethical hacker or penetration tester.

WhatsApp WhatsApp us