nicolas wrote: Hi,
Note that this is the only result you see for your whole website.
This means that the link to that order what somewhat shared somewhere on the internet by someone with access to that order or the email.
If there really was a "databreach", then, these searches should give back all the orders of your website, not just one.
So it's not a databreach of HikaShop. It would be more likely a "databreach" of the email account of that customer (so even unrelated to your website) or more likely that the notification email to that customer with this link was shared by himself and ended up being indexed by Google for some reason.
If you want that to be absolutely impossible in the future, the only solution is to not allow customers to checkout as a guest. That way, the access to the order will only be possible if the customer who made the purchase is the one logged in trying to access it.
Or you can also customize the order page to not display (you can add a <?php return; ?> at the beginning of the view file for that, and then remove the link to the order page in the notification emails so customers cannot access their order page after the purchase.
Hi Nicolas,
Thanks for the explaination. I also saw only one result was displayed, so that is very perculiair. At least nice to hear it is not an Hikashop issue, but something else. I'll inform my client and see what we can do.
In the meantime is it possible to add a robots=nofollow to that page. Can you suggest which file to edit?
HIKASHOP ESSENTIAL 60€The basic version. With the main features for a little shop.
HIKAMARKETAdd-on Create a multivendor platform. Enable many vendors on your website.
HIKASERIALAdd-on Sale e-tickets, vouchers, gift certificates, serial numbers and more!
MARKETPLACEPlugins, modules and other kinds of integrations for HikaShop
