Having URL preview problems in LinkedIn? Bot Blacklist is blocking them!

jeromeparadis
(@jeromeparadis)

10 years, 10 months ago

Hello,

I had multiple sites (in WordPress multisite) where the URL preview wasn’t working on LinkedIn: I was only seeing the blog’s domain name as the title and URL. Previews were working fine on Facebook and other social platforms.

After days of trying to pinpoint the issue after migrating some blogs and changing my WordPress security plugin to Better WP Security, I finally found that LinkedIn was blocked and Apache was returning an HTTP 403 error.

After investigating, I noticed it is due to activating the “Enable Default Banned List” feature in the “Ban” section of the Better WP Security plugin.

To deactivate this feature, it isn’t too intuitive: you need to uncheck the checkbox and click “Add Host and Agent Blacklist”. Otherwise, clicking “Save changes” at the bottom of this page doesn’t do anything.

I hope this will save days of hair pulling to others.

Cheers.

http://wordpress.org/extend/plugins/better-wp-security/

Viewing 7 replies - 1 through 7 (of 7 total)

John3121
(@john3121)

10 years, 8 months ago
Thank you very much for this solution! You really saved me a lot of time!

From my point of view, completely disabling the banlist may not be very secure. So I’ve done some research and found out that the following lines are blocking LinkedIn bot.
```
RewriteCond %{HTTP_USER_AGENT} libwww [NC,OR]
RewriteCond %{HTTP_USER_AGENT} libwww-perl [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Link [NC,OR]
RewriteCond %{HTTP_USER_AGENT} LinksManager.com_bot [NC,OR]
RewriteCond %{HTTP_USER_AGENT} linkwalker [NC,OR]
```
I propose to turn on the “Enable Default Banned List” option and then manually remove the following code from .htaccess file. (The “Remove write permissions from .htaccess and wp-config.php” should be disabled before editing). This solution works for me and it would be great if someone could check it too.

I read a lot of information and realized that the problem with the incorrect link preview in LinkedIn is very popular. Many people (including me) were not even aware that it may be caused by security measures in WordPress CMS. Therefore, I would like to ask the Better WP Security author to make some changes in the next releases or investigate this problem and include the solution to the FAQ.
Oderinde Oluwasegun
(@webcreative)

10 years, 7 months ago

Thanks for this reply John.

But doesn’t this create a security loophole if these useragents are removed from the banned list?

Also doesn’t the plugin re-add them when upgraded, deactivated and Reactivated or reconfigured?

Thanks

jamieflashpoint
(@jamieflashpoint)

10 years, 5 months ago

This helped me too, thanks a million!

realtech
(@realtech)

10 years, 1 month ago

It would be very cool if there was a whitelist ability in that section of the settings….

The Hack Repair Guy
(@tvcnet)

10 years ago

Which specific bot does LinkedIn report as?

I notice you listed a number of them.
RewriteCond %{HTTP_USER_AGENT} libwww [NC,OR]
RewriteCond %{HTTP_USER_AGENT} libwww-perl [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Link [NC,OR]
RewriteCond %{HTTP_USER_AGENT} LinksManager.com_bot [NC,OR]
RewriteCond %{HTTP_USER_AGENT} linkwalker [NC,OR]

of which I know at least two are not LinkIn.

Would be helpful if someone with LinkedIn experience can pinpoint this for me, so I work to update the Default Banned List appropriately.

The Hack Repair Guy
(@tvcnet)

10 years ago

Ok, I found the Linkedin bot name:
“LinkedInBot

This line within the ban list prevents LinkedIn from properly grabbing a preview:
RewriteCond %{HTTP_USER_AGENT} ^Link [NC,OR]

I will work to have the removed in future updates.

DragNfLy
(@dragnfly)

9 years, 11 months ago

Any progress on this as the above work-around does not work for me.