I do work on new projects in a hidden development environment. This is nice and easy to set up. I put a „do not index“ on all pages (can be done in wordpress general settings) and also mostly set up a maintenance page the visually hides the page from not logged in guests.
Google got the hidden main keyword of a hidden page
Recently I had a page with the focus of art – „Kunstkontor“ (the name changed later on in the process). Actually the name was an interim idea and hardly written anywhere on the site itself. And at least only visible for a short time.
The image search reveals a flaw
The URL was enymserver and beta. And guess what? When you google this exact phrase you end up having zero results. Nice. But when you switch to image results there literally is another picture.
I don’t know how or why but all those images were associated with that interim site title „Kunstkontor“. None of those images are from the project and they do not even look like any from those used there. But Google manages to identify their correlation just by the domain those are saved on. And guess what there is the keyword „kunstkontor“ in the domain.
Security is more than a maintenance page
Strange but I guess hiding a development site is more than telling google not to go any further or using a maintenance plugin. I better go with .htaccess though I do not like it too much as it is for my taste too strict for most of the cases and an unnecessary burden for the client to cross.