Without a doubt the most popular post on this website is “Blog Privacy and Subscribers“. Originally published in 2011 and updated in August 2021, it remains accurate about how Privacy works in spite of the many changes here on WordPress.com.
Since February 2019, any new site you create on WordPress.com is set to “Coming Soon” by default until you’ve confirmed your site registration and launched your site. (Read more about this in my post linked above.) While choosing your site’s Privacy setting is no longer one of the first steps following sign up for a new site, it’s still one of the most important decisions, if not the most important, you need to make about your site.
Why should I keep my site Private?
If you intend to publish content on your new site that you would feel uncomfortable having people you don’t know read, Follow, Like or comment on, or that you do not want search engines to index, then after launching your site, head to your site’s Privacy settings at General > Settings to change your site to Private and invite your Viewers.
Note that Happiness Engineers, WordPress.com’s support team, can view all sites hosted on WordPress.com, including Private sites. Regardless of Privacy settings, your site must comply with the Terms of Service and User Guidelines or risk being suspended.
How do I know if my site is Private?
When you view your My Sites Dashboard, at the top of the left side you’ll see a “Private” badge just below your site name and URL, like this:
A logged-out site visitor who lands on your site will see the Private Site gateway, which looks like this:
An invited, logged-in Viewer will see your site directly. If they are not logged in, they will need to first log in.
Click on the links below to learn more on inviting and removing Viewers to your Private site:
That covers making your site Private from the start, with access limited to Viewers you invite. Invited, logged-in Viewers can view, Follow, Like and comment on your site, depending on your site settings. More about those settings in “Going Public” below.
What happens when a casual site visitor clicks “request access” to my Private site?
When a logged-in, uninvited visitor lands on your site, they’ll see an option to request access.
WordPress.com sends the visitor’s request to the site owner’s email account. It’s always a good idea to check your Account Settings from time-to-time to make sure your account email address is up-to-date.
If you are an admin on that same site, but not the site owner, you will not receive this email notice. This cannot be changed here on WordPress.com. Depending on your email program, you may be able to auto-forward the notification to another person by adding a filter with the words, “requested access to your private site” in the subject line.
If you recognize the username in the request notice and feel comfortable giving that person access to your site, then click the link in the email to add them as a Viewer. If you don’t wish to allow access, you can simply ignore the email request and the person won’t have access.
Astonishingly, since the publication of the original version of this post in 2017, the email notice you receive still does not provide any information about the person requesting access to your Private site, such as a link to their Gravatar profile or a link to their website.
Regardless, should you initially approve their request and then later decide to revoke it following the guide linked to above, that Viewer will no longer have access your Private site.
As I mentioned in my original post on Blog Privacy and Subscribers, switching your site’s Privacy settings from Private to Public means your site’s RSS feed pings search engines of new content, search engines will index your published content (including your Media Library) and anyone with your site’s address will be able to view, Follow, Like and comment on your posts.
Provided you’ve ticked the box to “email me whenever someone follows by blog” in your site’s Discussion Settings and enabled notifications for your site, any email notification of a new Follower includes a link to their Gravatar profile, as well as suggested posts if they also have a website. This gives you an opportunity to learn a little more about that person. (Notifications on the WordPress.com site itself or in the WP app only include a link to the new Follower’s website, if they have one.)
If the user’s profile or website looks spammy or suspicious, you can remove them as a Follower and they will not receive notice of any new posts you publish. It’s important to note that, at this time, removing a Follower does not stop them from following your site again using the same or a different email address or user account.
(You can also remove Followers on Private sites. However, if you wish to entirely revoke that person’s access to your site, you will need to remove them as a Viewer as well.)
Regardless of your site Privacy setting, you have complete control over who can comment on your site via your site’s Discussion settings. Depending on those settings, you can choose to disallow comments entirely, moderate all comments or moderate only the first comment left by a visitor. It is not recommended to allow anonymous or all comments on your site. While this is tempting, and especially for new bloggers, it will lead to more spam and a world of headaches. Educate yourself early on what makes a spam comment so you can recognize them and mark them as Spam.
When you moderate your comments, and also choose to receive an email notification of new comments (highly recommended!), the notification will appear with the comment itself, as well as details about the person who left the comment. You’ll be able to approve, trash or spam the comment directly from the email notification.
Notifications of new “Likes” on your posts have almost the same information as notifications of new Followers. Unfortunately, it is not possible to remove a single “Like” from a post or page. Likes can only be enabled or disabled globally for your entire site via your site’s Tools>Marketing>Sharing Buttons or per post and page in the Jetpack tab of the Block Editor for individual posts and pages.
Once a logged-in WordPress.com member “Likes” a post or page, their Gravatar then appears at the bottom of your post.
Unfortunately, some WordPress.com community members abuse both Following and Likes to advertise their site in the hopes that you’ll Follow back or Like their posts in return. This kind of behavior could indicate that the person is a spammer. There are much better ways to build website traffic. If you do find a spam site here on WordPress.com, you can report it by following the guidelines in the link below:
If the spammer only has a Gravatar account, you can report them for abuse by clicking on their Gravatar which will take you to their profile page. At the bottom of the column on the left side of every profile is a link to report abuse. If you don’t see the “Report Abuse” link, make sure you are logged in to both WordPress.com and Gravatar.
All in all, these two posts, “Blog Privacy and Subscribers” and “Blog Privacy and Subscribers-5 More Things to Know” cover most, if not all, aspects of dealing with your site’s Privacy and interactions with your site visitors and search engines. If there’s a related topic you feel I’ve missed here, please let me know in the comments.
As always, the information in this post is correct as of publication date. Changes are inevitable.
This post was originally published in 2017 and updated in September 2021.