UPDATED 8/30/17! A reader just let us know that the noreferrer issue has been fixed! TinyMCE no longer forces noreferrer to be attributed to external links that open in new tabs!
UPDATED! So there is finally confirmed word from Amazon!
So there is a lot of scary thoughts out there about the newly implemented code in WordPress websites that forces your links to have “noopener noreferrer” in them and we wanted to try and clear it up the best we can without being too technical.
First, this is a change implemented by Tinymce, the editor used in WordPress – not WordPress itself.
A REVIEW OF LINK ELEMENTS
So now if you insert a link and mark it as nofollow, the code will look like this:
<a href=”https://www.tinymce.com/docs/changelog/#version450-november232016″ target=”_blank” rel=”noopener noreferrer”>
We did not add a nofollow tag to this link because it is an educational link that we believe adds value to this post and is a source we endorse and value, but you can see the target=”_blank” which then appends the new tag right after it. Here is a breakdown of the tags.
target=”_blank”
Tells a browser to open the link in a new tab allowing your website page to remain open in its own tab.
rel=”nofollow”
Nofollow simply means you are not endorsing the page you are linking to in any way and that you are linking to it solely for commercial gain.
This tag should be used on every link for which you receive product, services or money in exchange for that link.
rel=”noreferrer noopener”
This tag when combined basically means that no referrer information should be passed to the website being linked (noreferrer) to and noopener prevents the newly opened page from having the ability to control the page that delivered the traffic.
There is something called a http “referrer header” in your website code that adds information about your visitor like browser, device, location etc. to pass through to the page that visitor is clicking through to. This new tag prohibits that information from being passed to the referral page.
WHAT INSPIRED THIS CHANGE
There was a vulnerability that was found in links with “target=”_blank” – they basically call it reverse tab-napping.
The vulnerability found happened when using “target=”blank” on your links. There was an ability for the newly opened tab to essentially take control of the page it came from.
So this means the page could then inject JavaScript or change YOUR link to go to some phishing website.
Because the page is already opened – the actual user that clicked the link would never notice what is going on behind the scenes.
CONCERNS ABOUT SEARCH ENGINE OPTIMIZATION
There is no direct affect at all on your search engine optimization efforts. None of the search engines are concerned with noopener or noreferrer.
AFFILIATE LINKS
This is where we think most of the concern about this new feature is coming into play!
What a lot of people do not know is that the noreferrer tag has been around for a while. You can see in this forum question from 2014 that people were purposely adding it to their affiliate links. So if it was a problem – people would not be using it for years.
We found this recent comment on a forum when people were asking about the repercussions on affiliate links – cannot confirm validity but wanted to share it.
There is also another person who noted they spoke to the head of Amazon’s affiliate program as well and they also stated you will still get commissions. You can read the comments and full post here for that information.
Their is also a decent thread going on on an Amazon Associates forum about this very issue where there are comments that it will be a problem with Amazon because of the terms of service about blocking referrers.
So you can see there is a wide array of thoughts on whether or not it is an issue.
We were not able to find anything in the Amazon associates program policies about blocking referrer information in our search though — if it does exist, we were not able to find it.
So do we know for sure that affiliate links will not be affected in some way?
No! Although we do not believe affiliate links will be hurt by this change, we cannot find anything out there that says with 100% certainty that blocking referrer information will be a problem or not.
Many are waiting on word from a higher up at Amazon to confirm the affects of this change. We will also post an update when we find anything new!
If you are part of other networks – you may want to reach out and ask them if the lack of referrer information will pose a problem with your account.
FEELING WORRIED?
We get it! If you really have concerns and want to stop having these tags auto-inserted you have a couple of options.
1) Do not open the link in a new window.
The easiest way to avoid this is to just not have your affiliate links open in new windows.
Yes, the downside is that people will leave your page and have to click back to get to it, but if you are concerned about the potential affects on your earnings – this is the easiest way to get around this new functionality
2) Remove the noreferrer noopener tag completely
Whether or not you want to have these tags in your URL’s are totally up to you. By default, they are now there – but you can remove them if you so wish with the code below.
You can copy and paste this code to the bottom of your functions.php file to have this feature disabled. We DO NOT RECOMMEND it since it does open up your risk of a vulnerability.
// Note that this intentionally disables a tinyMCE security
feature.function tinymce_allow_unsafe_link_target( $mceInit ) {
$mceInit[‘allow_unsafe_link_target’]=true;
return $mceInit;
}
