Beginner's Guide for WordPress / Start your WordPress Blog in minutes

How to Stop Search Engines from Crawling a WordPress Site

Recently, one of our users asked us how they can stop search engines from crawling and indexing their WordPress site? There are many scenarios when you would want to stop search engines from crawling your website or listing it in search results. In this article, we will show you how to stop search engines from crawling a WordPress site.

Stop search engines from crawling your WordPress site

Why and Who Would Want to Stop Search Engines

For most websites, search engines are the biggest source of traffic. You may ask, why would anyone want to block search engines?

When starting out, a lot of people don’t know how to create a local development environment or a staging site. If you’re developing your website live on a publicly accessible domain name, then you likely don’t want Google to index your under construction or maintenance mode page.

There are also many people who use WordPress to create private blogs, and they don’t want those indexed in search results because they’re private.

Also some people use WordPress for project management or intranet, and you wouldn’t want your internal documents being publicly accessible.

In all the above situations, you probably don’t want search engines to index your website.

A common misconception is that if I do not have links pointing to my domain, then search engines will probably never find my website. This is not completely true.

There are many ways search engines can find a website linked elsewhere. For example:

  1. Your domain name could have been previously owned by someone else, and they still have some links pointing to your website now.
  2. Some domain search site’s results could get indexed with your link on them.
  3. There are literally thousands of pages with just list of domain names, your site can appear on one of those.

There are a lot of things happening on the web and most of them are not under your control. However, your website is still under your control, and you can instruct search engines to not index or follow your website.

Video Tutorial

Subscribe to WPBeginner

If you don’t like the video or need more instructions, then continue reading.

Blocking Search Engines from Crawling and Indexing Your WordPress Site

WordPress comes with a built-in feature that allows you to instruct search engines not to index your site. All you need to do is visit Settings » Reading and check the box next to Search Engine Visibility option.

Search engine visibility setting in WordPress

When this box is checked, WordPress adds this line to your website’s header:

<meta name='robots' content='noindex,follow' />

WordPress also modifies your site’s robots.txt file and add these lines to it:

User-agent: *
Disallow: /

These lines ask robots (web crawlers) not to index your pages. However, it is totally up to search engines to accept this request or ignore it. Even though most search engines respect this, some page or random image from your site may get indexed.

How to Make Sure Your Site Doesn’t Appear in Search Results?

The default WordPress visibility settings instruct search engines not to index your website. However, search engines may still end up crawling and indexing a page, file, or image from your website.

The only way to to make sure that search engines don’t index or crawl your website at all is by password protecting your entire WordPress site on the server level.

This means when anyone tries to access your website, they are asked to provide a username and password even before they reach WordPress. This includes search engines as well. Upon login failure, they are shown 401 error and the bots turn away. Here is how to password protect an entire WordPress site.

Method 1: Password Protecting an Entire Site using cPanel

If your WordPress hosting provider offers cPanel access to manage your hosting account, then you can protect your entire site using cPanel. All you have to do is log in to your cPanel dashboard and then click on ‘Password Protect Directories’ icon under the ‘Security’ section.

Password protect directories

Next, you will need to choose the folder where you have installed WordPress. Usually, it is the public_html folder.

Select the root folder

If you have multiple WordPress sites installed under public_html directory, then you need to click on the folder icon to browse and select the folder for the website you want to password protect.

On the next screen, you need to enter a name for the protected directory and click on the ‘Save’ button.

Enter a name for protected directory

Your information will be saved and cPanel will reload the page. After that, you need to add an authorized user by entering a username and password.

Add authorized user

That’s all, you have successfully added password protection to your WordPress site.

Now, whenever a user or search engine visits your website they will be prompted to enter the username and password you created earlier to view the site.

Password protected website

Method 2: Password Protecting WordPress with a Plugin

If you are using a managed WordPress hosting solution, sometimes you don’t have access to cPanel.

In that case, you have the option to use different WordPress plugins to password protect your website. Below are the two most popular solutions:

  1. SeedProd – it’s the #1 coming soon and maintenance mode plugin for WordPress, used on over 800,000+ websites. It comes with complete access control and permissions features that you can use to hide your website from everyone including search engines. We have a step by step how-to guide for SeedProd.
  2. Password Protected – it’s a very simple way to password protect your WordPress site with a single password (no user creation needed). See our step by step guide on how to password protect a WordPress site.

We hope this article helped you stop search engines from crawling or indexing your WordPress site. You may also want to see our ultimate step by step WordPress security guide for beginners.

If you liked this article, then please subscribe to our YouTube Channel for WordPress video tutorials. You can also find us on Twitter and Facebook.

Disclosure: Our content is reader-supported. This means if you click on some of our links, then we may earn a commission. See how WPBeginner is funded, why it matters, and how you can support us.

The Ultimate WordPress Toolkit

Get FREE access to our toolkit – a collection of WordPress related products and resources that every professional should have!

Reader Interactions

20 CommentsLeave a Reply

  1. This is was just what I was looking for. After I moved my dev site to the client’s live site, I didn’t want any traffic coming back to the old one. Thank you!

  2. I deleted my site permanently from wordpress and when I google my name, the old wordpress site still appears, despite the fact that it’s gone. Can someone from the support team help me to delete it? I don’t want my clients getting confused with my actual, live site.

  3. if we disable indexing the wordpress site to prevent it from hackers, then will it affect google indexing or not, and if then how to allow google to index my pages

  4. Doesn’t seem to work. Followed the directions with confidence. My subdomain is still publicly viewable.

    • Hi Andy,

      If you have password protected your subdomain directory, then please review its settings again in cPanel. If everything looks alright, then you may want to contact your WordPress hosting provider.


    • Yeah, whats written under “Discourage search engines from indexing site” is very true. Google doesnt seems to honor this

  5. Hi, I have a doubt that if website have 1 million subpages, search engine block all subpage when we add
    User-agent: *
    Disallow: /
    in robots file?

    • Yes. Adding Disallow:/ in robot.txt will tell all search engine bots, do not crawl this site or web page.

  6. i want memebership pages member profile page to be not indes by any search engines how to do ????

  7. Hello,

    I’m currently having a Blog (Free Plan) & desire to sell my Digital Stuff online without setting-up a website and relying wholly on the Blog, at first (have been short of funds). Thus, going through with this thought I have made changes to my Blog, under this after making the payment, the customer is redirected to my blog page haivng a link to download the digital content. So, I just want the payment gateway to be able to redirect the traffic to the Download page on my blog and not have it searchable via search engines, etc. & neither be it listed under the Posts list/Pages, etc. because if the download page is searchable by the Search Engines & listed under my Blog’s post, I wouldn’t earn anything because then the customer would directly download the content without making the payment.


  8. I’m learning WP now and designing my site. For now, I don’t want the site crawled, so I’ve checked the Search Engine Visibility Box and I’ve add the password protection. However, in a few months, I’ll want the site to go live and I’ll want visitors to my site. If I uncheck the Search Engine Visibility box and take off the password protection, will the robots nofollow header automatically be updated? Or will I have to manually update this in the header section?

    • Yes, it will be. However, to be extra sure you need to submit your site’s xml sitemap using Google webmaster tools. This will allow you to see if any crawl errors are found on your site.


    • WordPress offers a Password Protect Option on any of your pages and posts. Simply change “visibility” in your page or post edit to “password protected”.

  9. How can I get Google and bing to crawl my site while stopping SeMalt from crawling my site. SeMalt sends traffic to my site making it look like I have more hits, however thesclicks leave my site straight away and by so doing so increase the bounce rate to my wordpress site.
    Any help on this matter would be great.

Leave A Reply

Thanks for choosing to leave a comment. Please keep in mind that all comments are moderated according to our comment policy, and your email address will NOT be published. Please Do NOT use keywords in the name field. Let's have a personal and meaningful conversation.