Skip to main content

How Not To Make Your Blog Private

Blog owners have been asking, for years, how to protect their blogs against viewing by undesired or unknown readers.
How do I password protect my blog?
When told that Blogger password protection involves membership invitations, accepted using a Blogger Google account, some would be private blog owners decline the suggestion.
That's too complicated for my readers! Can't I just give everybody a password?
But Blogger does not use common passwords.

Some blog owners, who are technically astute, find add on template code, provided by third parties - which demands a password, in a popup window, to continue. This is where their problems start.

The addition of third party supplied JavaScript code, to our blogs, has always been a dodgy process.

With third party JavaScript code used to provide password protection against unknown readers, this is even more hazardous to your blog. From time to time, we have a blog owner who installed password protection code in his blog template - and subsequently found his blog locked.
I received email saying that my blog has been removed, and has been marked as spam. The email is as follows:
Your blog has been reviewed and confirmed as in violation of our Terms of Service for: MALICIOUS_JAVASCRIPT. In accordance to these terms, we've removed the blog and the URL is no longer accessible.
Can you please review and unlock my blog?

But the story does not end there. Subsequent review of the blog was denied, by Blogger Support.
Your password prompt is not dismissable - and forces users to close their entire browser session, as the Cancel button does nothing. This is malicious behavior, and prevents anyone one on our team from even reviewing your blog content.
This leaves the blog owner with a deleted / locked blog, and no chance of getting the blog back.

Besides the potential threat above, which becomes actual only after spam classification detects the add-on code as malicious, any security expert will recognise two reasons why this solution is worthless.
  1. JavaScript code can be blocked, by any reader with a well implemented security policy.
  2. If not blocked, anybody can view source code and find the "password" right there, in plain sight.
This "solution" is therefore worthless for two reasons.
  1. It is risky.
  2. It does not work.

Why risk loss of your blog, for a risky solution that does not work? There's only one way to protect your blog from unknown readers.
  1. Send each would be blog reader a membership invitation, using the Permissions wizard.
  2. Instruct each reader to open and accept the invitation, using any preferred Blogger account.
Don't script your blog, and risk deletion - and incidental damage.


Henry Eden-Mann said…
Is there a way to use bloggers private -only these readers to allow people with out google accounts to login in?

Thanks for you help :)

Popular posts from this blog

Stats Components Are Significant, In Their Own Context

One popular Stats related accessory, which displays pageview information to the public, is the "Popular Posts" gadget.

Popular Posts identifies from 1 to 10 of the most popular posts in the blog, by comparing Stats pageview counts. Optional parts of the display of each post are a snippet of text, and an ever popular thumbnail photo.

Like many Stats features, blog owners have found imaginative uses for "Popular Posts" - and overlook the limitations of the gadget. Both the dynamic nature of Stats, and the timing of the various pageview count recalculations, create confusion, when Popular Posts is examined.

Free Domain Registration By "UNONIC" Is Fraudulent

Blogger blog owners, like everybody else, like to save money.

Some blog owners prefer to save money when registering a custom domain, for their blogs. We've seen several free domain registration services, providing what is claimed to be a two level Top Level Domain "co.xx" (where "xx" == various country codes).

The latest in this ongoing story appears to be "" - and 13 other "top level domains".There is also an additional free service offering third-level .tf domains, under the name United Names Organisation. They occupy 14 second-level domains, including,,, and They are run by the same company as, and are given away as URL redirections.