Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
By surfgatinho on
For the last 15 years I've made my living as a webmaster, so SEO is quite a big part of what I do.
Recently I've started moving some of my sites over to Drupal. I'm currently in the middle of moving over one of my biggest earning sites.
On other sites I've moved over to Drupal I've ended up hacking the core to get rid of the itok query string that is appended to the end of image URIs. Frankly, it gives me the fear what this could do to my image search rankings and isn't worth the risk. Losing rankings massively outweighs the risks of a DOS attack for me, but that's a different issue.
This also presents a security risk in that I don't update my sites as often as I should because I know I have to hack the core image file every time...
Anyway, last time I checked there didn't seem to be a way of disabling the itok. I'm assuming that this is still the case but what I was wondering is whether anyone has any real world, concrete evidence that leaving the itok query string in place will not wreck my image search rankings.
Thanks,
Chris
Comments
There are security
There are security implications on disabling itok but you can do it using this contrib module https://www.drupal.org/project/image_allow_insecure_derivatives
or
Also no need to hack drupal, simply add the following code to your settings.php file:
$conf['image_allow_insecure_derivatives'] = TRUE;With regards to your SEO question, I did find a considerable drop in image search traffic after the 7.20 update though over the last couple of months our image search traffic has increased back to almost as it was. To say if Google's algorithms now take this kind of security improvement into account is something to be seen
Offering Drupal website services to the UK - www.my-local-trades.co.uk
Thanks for the feedback. I
Thanks for the feedback. I think I'll try allowing itok on one of my less important sites and seeing how it goes. I think you can tell Google about certain parameters in Webmaster Central but I still have my reservations.
Regarding the methods for disabling itok I think I tried them all and none of them did the trick. It was only patching the core image module that worked for me.
How is your image search traffic?
It is about 12 months ago since your last comment, let us know if the itok change affected your rankings. Thanks!