[ad_1]
let’s say for example we want to separate, both the Registration Page as well as the LoginPage ?
Only users with the link to the Registration Page will be able to register.
However, if there are bad actors intent on registering, would they be able to use a crawler on the site to discover the registration page ?
I remember there are a lot of plugins for Firefox, where they scan an entire website for URLs.
Does that mean such add-ons would be able to discover the hidden Registration Page ?
[ad_2]
You might try “no follow” for those links. For malicious actors though, I would not want to have a link to it period. Other options might be to change it to a non standard name, but that is really just security through obscurity.
If bad actors are targeting your site then they can discover anything a human being could discover just looking at the site.
The threat model is different if somebody is targeting you or just targeting random web pages on the internet in general. Define the threat model before you define the solution to mitigate it.