Form Login Instructions

The form login feature allows you to setup a form login that the Link Checker uses to login to your site. This allows the Link Checker to check pages behind a login, for example a membership area.

Please be very CAREFUL with this feature and always backup your site before using it because using this feature can lead to DATA LOSS if you make a mistake!

Please read the following instructions carefully before using this feature.

When to NOT use this feature

If your login area contains very sensitive information that should be protected under all circumstances, you should not use this feature at all. The main reason for this is, that the password needs to be stored in plaintext.

Please see the Dedicated Read-only Account section below for further information.

Important Preparations

Dedicated Read-only Account

It is highly recommended that you create and use a dedicated read-only account without access to the administration area for the Link Checker.

Read-only because the Link Checker simulates a click on every link on your website and if you for example have an delete button, the Link Checker clicks on it and may delete data if write access is given.

A dedicated account is highly recommended because it is technically necessary to store the PASSWORD IN PLAINTEXT. You should thus not use this password anywhere else. If you use the scheduler, the provided password is also saved on the Link Checker server.

Block access to admin area and prevent logout

Even if you use a read-only account as suggested, it is recommended to block access to the admin area for the Link Checker. This limits the impact and damage if the account gets for some reason access to the admin area or write-access. For example if an administrator is not aware of the purpose of the account and gives it more permissions because he/she likes to reuse it for another use case in the future.

It is also necessary to block access to the logout button. Otherwise the Link Checker may logout before the whole website got checked.

Both can be done with the robots.txt file by adding global rules or just rules for the Link Checker. The Link Checker uses the user-agent MB-LinkChecker.

You can validate your robots.txt file for example with the Yandex Robots.txt Analysis tool.

Please note that the following are just examples and just work if the default logout mechanism is used. However, some extensions or plugins use there own mechanism.

WordPress

WordPress has no robots.txt file by default, so you may need to create one or edit your existing one if you have already created one in the past.

Your WordPress robots.txt could look like the following. Please note that the rule *action=logout* only works for the default logout, plugins may add other mechanisms that you need to block additionally.

User-agent: *
Disallow: /search
Disallow: /support/rss
Disallow: /archive/

User-agent: MB-LinkChecker
Disallow: /wp-admin/
Disallow: *action=logout*

Joomla

The default Joomla robots.txt file already prevents access to the backend, so no special rules are necessary.

Joomla uses a form and not a link for the logout by default and thus no special protection is necessary if you use the standard Joomla login system. However, if you use a membership extension or an extension that provides an own logout button, you may need to modify your robots.txt file.

Configuration

The configuration is basically the same for WordPress and Joomla. The values for the options depend on the extensions you are using. In the examples below I provide the values for the default login system of both CMS.

Login Page URL

The URL of the login page. The URL can be absolute or relative to the website URL. Using an absolute URL is less error-prone, but has the disadvantage, that you need to change it when you for example move your website to another domain.

WordPress

wp-login.php

or

https://www.example.com/wp-login.php

Joomla

index.php?option=com_users&view=login

or

https://www.example.com/index.php?option=com_users&view=login

Form Selector

The DOM query selector to select the login form on the login page.

WordPress

#loginform

Joomla

.login form

Data

Provide all data necessary to login in the POST query format, for example username=xyz&password=qwerty.

If the values contain special characters, they have to be percent encoded. For example if your password is mf5dDo&f, the & has to be replaced by %26 so that the final data string should look like username=linkchecker&password=mf5Do%26f.

WordPress

log=your_username&pwd=your_password&rememberme=forever

Joomla

username=your_username&password=your_password&remember=yes