Skip to main content

How Not To Make Your Blog Private

Blog owners have been asking, for years, how to protect their blogs against viewing by undesired or unknown readers.
How do I password protect my blog?
When told that Blogger password protection involves membership invitations, accepted using a Blogger Google account, some would be private blog owners decline the suggestion.
That's too complicated for my readers! Can't I just give everybody a password?
But Blogger does not use common passwords.

Some blog owners, who are technically astute, find add on template code, provided by third parties - which demands a password, in a popup window, to continue. This is where their problems start.

The addition of third party supplied JavaScript code, to our blogs, has always been a dodgy process.

With third party JavaScript code used to provide password protection against unknown readers, this is even more hazardous to your blog. From time to time, we have a blog owner who installed password protection code in his blog template - and subsequently found his blog locked.
I received email saying that my blog has been removed, and has been marked as spam. The email is as follows:
Your blog has been reviewed and confirmed as in violation of our Terms of Service for: MALICIOUS_JAVASCRIPT. In accordance to these terms, we've removed the blog and the URL is no longer accessible.
Can you please review and unlock my blog?

But the story does not end there. Subsequent review of the blog was denied, by Blogger Support.
Your password prompt is not dismissable - and forces users to close their entire browser session, as the Cancel button does nothing. This is malicious behavior, and prevents anyone one on our team from even reviewing your blog content.
This leaves the blog owner with a deleted / locked blog, and no chance of getting the blog back.

Besides the potential threat above, which becomes actual only after spam classification detects the add-on code as malicious, any security expert will recognise two reasons why this solution is worthless.
  1. JavaScript code can be blocked, by any reader with a well implemented security policy.
  2. If not blocked, anybody can view source code and find the "password" right there, in plain sight.
This "solution" is therefore worthless for two reasons.
  1. It is risky.
  2. It does not work.

Why risk loss of your blog, for a risky solution that does not work? There's only one way to protect your blog from unknown readers.
  1. Send each would be blog reader a membership invitation, using the Permissions wizard.
  2. Instruct each reader to open and accept the invitation, using any preferred Blogger account.
Don't script your blog, and risk deletion - and incidental damage.


Henry Eden-Mann said…
Is there a way to use bloggers private -only these readers to allow people with out google accounts to login in?

Thanks for you help :)

Popular posts from this blog

Adding A Link To Your Blog Post

Occasionally, you see a very odd, cryptic complaint I just added a link in my blog, but the link vanished! No, it wasn't your imagination.

What's The URL Of My Blog?

We see the plea for help, periodically I need the URL of my blog, so I can give it to my friends. Help! Who's buried in Grant's Tomb, after all? No Chuck, be polite. OK, OK. The title of this blog is "The Real Blogger Status", and the title of this post is "What's The URL Of My Blog?".

Embedded Comments And Main Page View

The option to display comments, embedded below the post, was made a blog option relatively recently. This was a long requested feature - and many bloggers added it to their blogs, as soon as the option was presented to us. Some blog owners like this feature so much, that they request it to be visible when the blog is opened, in main page view. I would like all comments, and the comment form, to be shown underneath the relevant post, automatically, for everyone to read without clicking on the number of comments link. And this is not how embedded comments work.