Without a doubt the most popular post on this website is Blog Privacy and Subscribers, published in 2011, and it remains generally accurate about how Privacy works in spite of the many changes here on WordPress.com.
Choosing your site’s Privacy setting is no longer included as one of the first steps when signing up for a new site*, but it’s still one of the most important decisions, if not the most important, you need to make about your site.
(*Update February 2019: Any new sites created on WordPress.com are now Private by default until you’ve confirmed your site registration and launched your site. Thank you WordPress.com for this significant improvement to the platform!)
Why should I keep my site Private? If you intend to publish content on your new site that you do not want search engines to crawl or that you would feel uncomfortable having people you don’t know read, Follow, Like or comment on, then the first thing to do after signing up is to make your entire site Private and invite your Viewers.¹ The default setting for new sites is Public. You can change your site Privacy in your My Sites dashboard under General > Settings Scroll down a little until you see “Privacy” select Private and save your changes.
(Note that both “Public” and “Hidden” allow the public to view your site and Happiness Engineers can view all sites, including Private sites.)
How do I know if my site is Private? When you view your My Sites Dashboard, at the top of the left side you’ll see a lock symbol next to your site name and URL, like this:
An uninvited site visitor who lands on your site address will see the Private Site gateway, which now looks like this:
An invited, logged-in Viewer will see your site directly. If they are not logged in, they will need to first log in.
Click on the links below to learn more on inviting and removing Viewers to your Private site:
That covers making your site Private from the start, with access limited only to Viewers you invite. Invited, logged-in Viewers can view, Follow, Like and comment on your site, depending on your site’s settings. More about those settings in “Going Public” below.
What happens when a casual site visitor clicks that “Request an invite” link? WordPress.com sends notice of that request to the Site Owner’s email (check your Account Settings to make sure your email address is always up-to-date).² If you recognize the username in the email notice and feel comfortable giving that person access to your site, then click the link in the email to log in to your site and click again to add them as a Viewer. If you don’t recognize the username in the email, you can ignore the email request and the person won’t have access.
The email notification you receive to grant access to a new Viewer does not provide more information about the user, such as a link to their Gravatar profile or a link to their site. Regardless, should you initially approve their request and then later decide to revoke it, that Viewer will no longer be able to access your Private site unless you either approve their new request or invite them directly to view your site.
Going Public: As I mentioned in my original post on Blog Privacy and Subscribers, switching your site’s Privacy settings from Private to Public means your site’s RSS feed pings search engines of new content, search engines will index your published content (including your Media Library) and anyone with your site’s address will be able to view, Follow, Like and comment on your posts.
Site owners have always had control over who can comment on a site via their site’s Discussion settings. After many requests, WordPress.com provided site owners the ability to remove Followers/subscribers.
Provided you’ve enabled notifications, the email notification of a new Follower includes a link to the user’s Gravatar profile, as well as suggested posts if they have a website. This gives you an opportunity to learn a little more about that user. (On site or in WP app notifications include only a link to the new Follower’s website.) If the account looks spammy or suspicious, you can remove them as a Follower and they will not receive notice of any new posts you publish. It’s important to note, however, that removing a Follower does not prevent them from following your site again using the same or a different email or user account.
On Private sites, you can also remove Followers. However, if you wish to entirely revoke that person’s access to your site, you will also need to remove them as a Viewer.
Notifications of new “Likes” on your posts have almost the same information as notifications of new Followers. Currently it is not possible to remove an individual “Like” from a post or page. Likes can only be enabled or disabled globally for your entire site or for each post and page. Once a logged-in user “Likes” a post or page, their Gravatar is then attached to that post.
Unfortunately, some community members overuse both Following and Likes to advertise their site in the hopes that you’ll Follow back or Like their posts in return. This kind of user behavior could indicate that the person is a spammer and there are much better ways to build website traffic. If you find a spam site here on WordPress.com, you can report it.
If the spammer only has a Gravatar account, you can report them for abuse by visiting that person’s Gravatar profile. At the bottom of the column on the left side of every profile is a link to report abuse. If you don’t see the “Report Abuse” link, make sure you are logged in to both WordPress.com and Gravatar.
This post about your site Privacy is correct as of publication date. Changes are inevitable.
¹ Regardless of Privacy settings, your site must comply with the Terms of Service and User Guidelines or risk being suspended. If you have any question whether your site content violates the ToS after reading those guides, contact Support. (Back)
² If you are an Admin on a site, but not the Site Owner, you will not receive this email notice. This cannot be changed here. Depending on your email program, you may be able to auto-forward the notification to another user by adding a filter with the words, “requested access to your private site” in the subject line. (Back)