Security concerns for GitHub Pages site

I am a tech writer who has recommended and is now implementing a Jekyll-GitHub solution for product documentation. I have created a prototype and understand how to push it to the /docs folder on the client repo. But as soon as this is done, the site is public.

The issue I have is that I would like to circulate the site internally for client review, approval and further content developmement for probably a month or so prior to going live. At go live I am going to recommend publishing it as <> at which time it will only be visible to registered users.

Prior to creating that sub-domain, if the content is sitting in the /docs folder, then how likely is it to be seen by external users?

And when it is ultimately mapped against a sub-domain, is there a way of restricting views to users who are registered on the main client site?

Hi @texterity,

There are no user restrictions on GitHub Pages sites, so I would recommend against using GitHub Pages for sensitive information and would recommend using something with robust user-access controls. If you wish to use GitHub for this still, you can use the wiki of a private repository, but that has different limitations.

Hope this information helps.


Thanks.  The info I’m dealing with is user guides, how-to’s and config guides. It’s not strictly confidential, it’s more that it would have been nice to proof it and develop the site internally before going live with it. I guess it’s just one of the things to bear in mind if you’re using the github-jekyll-markdown combination for documentation.

Hi @texterity,

That makes a bunch of sense. I just didn’t want to give a false sense of the level of security that GitHub Pages is able to provide. That being said, GitHub Pages aren’t promoted in any special way compared to any other website, so if you don’t promote it, it’s unlikely that someone will just stumble across it. You can also use a robots.txt file to help discourage search engines from indexing your GitHub Pages site.


1 Like