[Plugin: Job Manager] All Resume's are crawled by Google and publicly available

  • aarongray

    (@aarongray)


    12 years ago

    Hello,

    Thanks for the awesome plugin. It really is great. But, today, to my horror, I discovered that all our resume’s are publicly crawled by Google. So, any competitor, or anyone interested in who is applying to our company, or anyone searching for a particular person by name will see that this person has applied to work with us. This is not good.

    My first thought was simply to disallow the wp-content/uploads folder in my robots.txt file, or to disallow all docx/pdf/doc/etc. files. But then I realized that this might hurt our site from an SEO standpoint, because Google would not be able to access any of our images or pdf’s.

    My second thought would be to immediately delete a person’s resume after they apply. This would hide it from the world, but it would also seriously hamper our ability to use Job Manager to track applicants and resume’s. We’d have to start storing them in a local folder in addition to using Job Manager. Which really defeats a lot of the advantages of managing H/R through your website.

    My best guess would be to change the Job Manager plugin code so that it stores all resume’s in a subfolder, for example, wp-content/uploads/resumes. Then, you could add a checkbox to the Job Manager Settings inside WordPress Admin that would allow people to hide or show their resume’s to the world. I’d assume that most people would want to hide them by default.

    How difficult would this be for you to program into an updated version of Job Manager? Is it possible you could add this improvement to keep resume’s private? I think that this is a very important feature, and I look forward to hearing if you can add it.

    Thanks again for the wonderful plugin.

    –Aaron

    http://wordpress.org/extend/plugins/job-manager/

Viewing 15 replies - 1 through 15 (of 23 total)
1 2
  • oklahomafire

    (@oklahomafire)

    12 years ago

    I agree, this a huge privacy issue!!!!

    kenfections

    (@kenfections)

    11 years, 11 months ago

    Does anybody have a solution for a Jobs Manager plugin that doesn’t have this privacy issue? My client is pretty pissed.

    websmythe

    (@websmythe)

    11 years, 11 months ago

    Possible workaround…??
    1. Dissallow resume uploads in Job Manager
    2. Provide a clickable link (the email link defined for that job) for email upload, eg:
    <a href="mailto:name@site.com">Click here to email your resume</a>

    kenfections

    (@kenfections)

    11 years, 11 months ago

    Thanks websmythe!!! I’ll try the second one.

    websmythe

    (@websmythe)

    11 years, 11 months ago

    @kenfections – You need to do both 1 & 2

    websmythe

    (@websmythe)

    11 years, 11 months ago

    In your App. Form Settings, use an HTML field instead of a ‘File Upload field’, and use a mailto: link like the above, with what ever email address your using.

    You can also specify the subject line as well, eg: ‘Click here to email your resume

    kenfections

    (@kenfections)

    11 years, 11 months ago

    But if I add that field to the application form, the user would have to come back to their browser after sending their resume via an email and click “submit application”, no?

    dvinedno

    (@dvinedno)

    11 years, 8 months ago

    That’s correct. the mailto: would defeat having an application form.

    I’m looking at this issues and currently my only work around is have the apply now direct to a contact form 7 application.

    websmythe

    (@websmythe)

    11 years, 8 months ago

    Hmmm… Let’s see, I’m sure I said “Possible workaround…??”

    Recruiter1

    (@recruiter1)

    11 years, 8 months ago

    It was an excellent idea websmythe. Haven’t heard anyone come up with better idea. It is worth just having an email your resume link instead of putting candidates’ resumes out for public consumption.

    Has Gary responded to anyone?

    blinqx

    (@blinqx)

    11 years, 8 months ago

    Why not just remove the read flag from (group and world) directory

    http://www.yourdomain.com/wp-content/uploads/2012/

    This will disallow the world and groups to reach out to the above folder. But you “admin” can always follow the link in the emails that you receive everytime a user registers for a job posting. And that works fine.

    Unless I am missing something and or this is causing other issues?

    Hope this helps.

    Thread Starter aarongray

    (@aarongray)

    11 years, 8 months ago

    Thanks for the suggestion blinqx, but I believe that changing the permissions on that directory would prevent all not-logged-in site visitors from being able to view any of the images or files that you have uploaded to your WordPress site. Many times WP sites use content in this folder for their site design or content, and so if you change the permissions on that folder, it would cause your website to look horrible.

    webrightnow

    (@webrightnow)

    11 years, 8 months ago

    Half the problem with this plugin is that instead of using its own set of functions to handle job posts and applications, it simply hijacks the core WordPress functions for creating posts and attachments. For this reason you can’t change where attachments are stored – you would have to change the core WordPress files, making future updates a real hassle.
    I can see why the developer did this: it made his job much easier, but unfortunately this way of creating plugins is not future-proof, which is why all sorts of problems are starting to appear with Job Manager as WordPress moves on (broken pagination etc.) whilst the plugin is no longer supported.
    I just wish some other kind soul would take over development of this plugin and keep it up to date. It’s the only one that really does what I need it to – but it’s no longer safe or reliable.

    Plugin Author Gary Pendergast

    (@pento)

    11 years, 7 months ago

    As webrightnow pointed out, the problem here is that Job Manager relies entirely on the the Media Library, instead of handling the upload itself. It was a cute idea at the time, but in retrospect, the wrong decision.

    There is a large amount of cruft in the Job Manager codebase (the basis of problems such as this and the pagination issue), so a friend and I have started rewriting it to more modern WordPress standards.

    For those interested in following along at home, I’ve started a Rewrite Plan (for which comments are always welcome), and the (currently non-functional) branch is here, if you want to follow development progress:
    http://wordpress-job-manager.googlecode.com/svn/branches/1.0.0/

    If following development progress isn’t your thing, but you’d like to be notified when an alpha or beta version is available for testing, please follow me on Twitter: @GaryPendergast.

    I understand Job Manager is a critical part of your website for many of you, and it hasn’t had much love recently – I do apologise for that. Thank you all for your patience in this.

    webrightnow

    (@webrightnow)

    11 years, 7 months ago

    Thanks Gary, it’s great to hear that you are rewriting the plugin and bringing it up to date. I’m sure a lot of users will be very grateful.
    I will follow you on Twitter to find out about beta releases. Just one question: will you be able to rewrite it in such a way as to allow previous users to update the plugin via WordPress, retaining the existing database of jobs and applications, or failing that, will there be some sort of import facility built into the program? I am sure this would be a welcome feature.

    Thanks!

Viewing 15 replies - 1 through 15 (of 23 total)
1 2
  • The topic ‘[Plugin: Job Manager] All Resume's are crawled by Google and publicly available’ is closed to new replies.