An Important Update

Dear Followers Of This Blog ...

If you did not use a Blogger / Google account when you Followed this blog, years ago, you are probably not Following now . During the past...

Wednesday, September 12, 2012

How Not To Make Your Blog Private

Blog owners have been asking, for years, how to protect their blogs against viewing by undesired or unknown readers.
How do I password protect my blog?
When told that Blogger password protection involves membership invitations, accepted using a Blogger Google account, some would be private blog owners decline the suggestion.
That's too complicated for my readers! Can't I just give everybody a password?
But Blogger does not use common passwords.

Some blog owners, who are technically astute, find add on template code, provided by third parties - which demands a password, in a popup window, to continue. This is where their problems start.

The addition of third party supplied JavaScript code, to our blogs, has always been a dodgy process.

With third party JavaScript code used to provide password protection against unknown readers, this is even more hazardous to your blog. From time to time, we have a blog owner who installed password protection code in his blog template - and subsequently found his blog locked.
I received email saying that my blog has been removed, and has been marked as spam. The email is as follows:
Your blog has been reviewed and confirmed as in violation of our Terms of Service for: MALICIOUS_JAVASCRIPT. In accordance to these terms, we've removed the blog and the URL is no longer accessible.
Can you please review and unlock my blog?

But the story does not end there. Subsequent review of the blog was denied, by Blogger Support.
Your password prompt is not dismissable - and forces users to close their entire browser session, as the Cancel button does nothing. This is malicious behavior, and prevents anyone one on our team from even reviewing your blog content.
This leaves the blog owner with a deleted / locked blog, and no chance of getting the blog back.

Besides the potential threat above, which becomes actual only after spam classification detects the add-on code as malicious, any security expert will recognise two reasons why this solution is worthless.
  1. JavaScript code can be blocked, by any reader with a well implemented security policy.
  2. If not blocked, anybody can view source code and find the "password" right there, in plain sight.
This "solution" is therefore worthless for two reasons.
  1. It is risky.
  2. It does not work.

Why risk loss of your blog, for a risky solution that does not work? There's only one way to protect your blog from unknown readers.
  1. Send each would be blog reader a membership invitation, using the Permissions wizard.
  2. Instruct each reader to open and accept the invitation, using any preferred Blogger account.
Don't script your blog, and risk deletion - and incidental damage.

Dude, hit me with a comment!

Henry Eden-Mann said...

Is there a way to use bloggers private -only these readers to allow people with out google accounts to login in?

Thanks for you help :)
Henry

Chuck Croll said...

Henry,

Thanks for the question.

To make a blog private, your readers will need Blogger / Google accounts. Note that a Blogger account does not have to be a GMail account.

http://blogging.nitecruzr.net/2015/06/private-blog-access-now-requires.html

http://blogging.nitecruzr.net/2012/01/google-account-does-not-have-to-be.html