Sep 4, 2025
It always delights me to open up my notifications and see a bunch of tumblr users with sheep based URLs. I've truly reached my target audience, ahah!
seen from Serbia
seen from Canada
seen from United States
seen from Chile
seen from United States
seen from Romania
seen from Sweden
seen from United States
seen from Türkiye
seen from Canada
seen from United Kingdom
seen from Singapore
seen from Spain
seen from Canada
seen from Serbia
seen from United Kingdom
seen from Norway
seen from T1
seen from United Kingdom
seen from Germany
It always delights me to open up my notifications and see a bunch of tumblr users with sheep based URLs. I've truly reached my target audience, ahah!
#resist ✊🏻#riseup ✊🏻#notsheep
Esther and Mable from the farm :)
@bovineblogger Thought you might appreciate the ladies
Why Hiding File Extensions in URLs Isn't Security
A Straight‑Shooter's Take from SoNeDev
Introduction
You've probably heard it:
"Hide your file extensions in URLs — it's a security best practice!"
Let's pause. That sounds impressive, but it's not true. At SoNeDev, we implemented extensionless URLs on our site because it looks cleaner and avoids nitpicking from outsiders. But let's be clear: this is branding, not security.
The Everyday Analogy
Think of a website like a house.
The file extension (.php, .asp, .cfm) is like the paint color on your front door.
Real security is the lock, alarm system, and guard dog.
Changing the paint color doesn't stop burglars. It just makes the house look different.
Why Users Don't Care
Most people don't even read URLs. They click links.
/services.php vs /services is like the difference between "123 Main Street" and "Main Street."
Both get you to the same place. Nobody's pulling out a magnifying glass to study the street sign.
Why Search Engines Don't Care
Google has been crawling .php, .asp, .cfm, .cgi, etc. since the 1990s.
Search engines care about whether your page answers the question, loads fast, and is relevant.
They don't care if your URL ends with four extra letters.
Why Hackers Don't Care
Hackers attack vulnerabilities, not file extensions.
No hacker ever said: "Oh dang, that's JSP code. I don't know JSP, so I'll leave this site alone."
In fact, we're sure there's a black hat somewhere in the dark web laughing at the idea that hiding the file extension makes a site secure.
The Legit Reason: Branding
There is a valid reason for extensionless URLs: branding.
Clean, consistent URLs can make a site look polished.
Enterprises sometimes adopt URL governance policies for marketing consistency.
But branding and security are two completely different things. Branding is about presentation. Security is about protection. Don't confuse the two.
What Real Security Looks Like
At SoNeDev, we focus on what actually protects clients:
Patching servers and frameworks.
Validating inputs to stop SQL injection and XSS.
Strong authentication and session security.
Hardening servers and configs.
Monitoring for anomalies.
These are the locks, alarms, and guard dogs. Not hiding .php or .aspx.
Conclusion
Extensionless URLs are fine for presentation. They make your site look neat. But let's stop pretending they're security.
At SoNeDev, we don't follow the herd. We don't waste time on myths. We invest in the practices that truly protect clients. That's how we differentiate ourselves — by being practical, honest, and focused on what matters.
Oh gosh, I'm sorry I let the queue run out! I've been really busy with school and it just didn't occur to me to add more posts. It should be up and running soon :-)
Not rlly an ask but I appreciate ur account SO MUCH. I was so delighted to find someone cataloguing sheep posts on Tumblr... They r the animal ever. Keep up the great work!!!
THANK YOUUU!!!!
yeah, I was really surprised to see no one was doing this for sheep since they are such a wonderful creature... one of the specimens of all time. I'm glad you're finding value in what I do!!
thank you for the invaluable service you do
thank you so much!!! i love to do it :)
thats a lot of sheep