UPDATED 8/30/17! A reader just let us know that the noreferrer issue has been fixed! TinyMCE no longer forces noreferrer to be attributed to external links that open in new tabs!
UPDATED! So there is finally confirmed word from Amazon!
So there is a lot of scary thoughts out there about the newly implemented code in WordPress websites that forces your links to have “noopener noreferrer” in them and we wanted to try and clear it up the best we can without being too technical.
First, this is a change implemented by Tinymce, the editor used in WordPress – not WordPress itself.
A REVIEW OF LINK ELEMENTS
So now if you insert a link and mark it as nofollow, the code will look like this:
<a href=”https://www.tinymce.com/docs/changelog/#version450-november232016″ target=”_blank” rel=”noopener noreferrer”>
We did not add a nofollow tag to this link because it is an educational link that we believe adds value to this post and is a source we endorse and value, but you can see the target=”_blank” which then appends the new tag right after it. Here is a breakdown of the tags.
target=”_blank”
Tells a browser to open the link in a new tab allowing your website page to remain open in its own tab.
rel=”nofollow”
Nofollow simply means you are not endorsing the page you are linking to in any way and that you are linking to it solely for commercial gain.
This tag should be used on every link for which you receive product, services or money in exchange for that link.
rel=”noreferrer noopener”
This tag when combined basically means that no referrer information should be passed to the website being linked (noreferrer) to and noopener prevents the newly opened page from having the ability to control the page that delivered the traffic.
There is something called a http “referrer header” in your website code that adds information about your visitor like browser, device, location etc. to pass through to the page that visitor is clicking through to. This new tag prohibits that information from being passed to the referral page.
WHAT INSPIRED THIS CHANGE
There was a vulnerability that was found in links with “target=”_blank” – they basically call it reverse tab-napping.
The vulnerability found happened when using “target=”blank” on your links. There was an ability for the newly opened tab to essentially take control of the page it came from.
So this means the page could then inject JavaScript or change YOUR link to go to some phishing website.
Because the page is already opened – the actual user that clicked the link would never notice what is going on behind the scenes.
CONCERNS ABOUT SEARCH ENGINE OPTIMIZATION
There is no direct affect at all on your search engine optimization efforts. None of the search engines are concerned with noopener or noreferrer.
AFFILIATE LINKS
This is where we think most of the concern about this new feature is coming into play!
What a lot of people do not know is that the noreferrer tag has been around for a while. You can see in this forum question from 2014 that people were purposely adding it to their affiliate links. So if it was a problem – people would not be using it for years.
We found this recent comment on a forum when people were asking about the repercussions on affiliate links – cannot confirm validity but wanted to share it.
There is also another person who noted they spoke to the head of Amazon’s affiliate program as well and they also stated you will still get commissions. You can read the comments and full post here for that information.
Their is also a decent thread going on on an Amazon Associates forum about this very issue where there are comments that it will be a problem with Amazon because of the terms of service about blocking referrers.
So you can see there is a wide array of thoughts on whether or not it is an issue.
We were not able to find anything in the Amazon associates program policies about blocking referrer information in our search though — if it does exist, we were not able to find it.
So do we know for sure that affiliate links will not be affected in some way?
No! Although we do not believe affiliate links will be hurt by this change, we cannot find anything out there that says with 100% certainty that blocking referrer information will be a problem or not.
Many are waiting on word from a higher up at Amazon to confirm the affects of this change. We will also post an update when we find anything new!
If you are part of other networks – you may want to reach out and ask them if the lack of referrer information will pose a problem with your account.
FEELING WORRIED?
We get it! If you really have concerns and want to stop having these tags auto-inserted you have a couple of options.
1) Do not open the link in a new window.
The easiest way to avoid this is to just not have your affiliate links open in new windows.
Yes, the downside is that people will leave your page and have to click back to get to it, but if you are concerned about the potential affects on your earnings – this is the easiest way to get around this new functionality
2) Remove the noreferrer noopener tag completely
Whether or not you want to have these tags in your URL’s are totally up to you. By default, they are now there – but you can remove them if you so wish with the code below.
You can copy and paste this code to the bottom of your functions.php file to have this feature disabled. We DO NOT RECOMMEND it since it does open up your risk of a vulnerability.
// Note that this intentionally disables a tinyMCE security
feature.
add_filter(‘tiny_mce_before_init’,’tinymce_allow_unsafe_link_target’);function tinymce_allow_unsafe_link_target( $mceInit ) {
$mceInit[‘allow_unsafe_link_target’]=true;
return $mceInit;
}
Carol Bryant says
Great explanation and so very much appreciated!
Jill Caren - 2Dogs Media says
Thank you so much Carol, glad it was useful.
Mothwabit says
Helped me understand what was going on. Very easy to understand. Thanks!!
Jill Caren - 2Dogs Media says
Thank you.
Janice (@Kitchen Heals Soul) says
This was very clear! Thanks! But now I’m wondering, all my 400 old blog posts which have affiliate links that opened in new tabs and were coded as nofollow… I’m going to have to go into each post, unclick the open in new tab box, and then swap the rel to a nofollow? That’s A LOT of work 🙁
Jill Caren - 2Dogs Media says
Of course there is a plugin for that! https://wordpress.org/plugins/nofollow-for-external-link/#description
Janice (@Kitchen Heals Soul) says
Awesome! Thank you so much! But will this add nofollow code to all links, even those that don’t need a nofollow? I guess at this point, what choice do I have, hah! Sigh.
Jill Caren - 2Dogs Media says
I am not familiar with the plugin, but it looks like you can exclude some links….
Gaurav Jain says
Hi, I think WordPress only adds rel=”noopener” and this does not affect SEO or affiliate links. “noreferrer” has been removed now.
Jill Caren - 2Dogs Media says
Thank you so much for letting us know this! We have updated our post!
Best Binocular Reviews says
Great easy to read and understand – thanks very much – cleared up some questions that I had for my site.
Briar-Rose Schaus says
I was told by another affiliate program that I am connected with that if the server is not secured (HTTPS) that it is missing the information as to where the click came from. I was wondering why my affiliate earnings seemed to be down. I’m really not sure how to fix this, aside from going through each post and securing each link. Would it be the same if I had a self hosted wordpress site?
Jill Caren - 2Dogs Media says
I am a little confused if you are syaing your website is not HTTPS or the links you are using to the affiliate websites. Technically speaking https/http are 2 DIFFERENT websites so yes, it is usually an issue if you are linking to a website with the wrong website version – although we have not confirmed an issue with affiliate links and losing commissions. We are not too familiar with WordPress hosted websites and are not sure what is available to you — in a self hosted platform you would be able to access the database to update all your http links or use a plugin though — otherwise doing it manually may be your only option.
Grace Godwin says
This is very helpful, thank you! So, if I just keep the default “noreferrer noopener” code and want to add the nofollow code to the link, can I just insert it like this? rel=”nofollow noopener noreferrer” Will that be the correct code to have all three in there?
Jill Caren - 2Dogs Media says
That is correct @gracegodwin:disqus !