How to keep your in-development sites private

Every so often, you read a story about how a candidate’s site was found on Google prior to formally being launched. As a rule, this is extremely embarrassing to the campaign, because — at best — it’s unprofessional and makes them appear to be an amateur. At worst? You may have ended their campaign before it had the chance to start.

The good news is that this is easy to prevent. Here are three precautions that you can take to avoid an embarrassing situation:

Step 1: Deactivate search engine indexing

Obviously, right? Well, often not.

Every time you make a new development site, the very first thing you ought to do — before you set the theme, before you edit any content, before anything — is to deactivate search engine indexing. To do this, navigate in the Control Panel to Website > Site settings > Basic and uncheck the box labeled “Allow search engine indexing.”

Screenshot: Disallow search engine indexing

Step 2: Make the site viewable only by Control Panel users

In addition to hiding the site from search engines, you can also opt to entirely lock it down so that only Control Panel users are able to access its content. To do this, navigate within the Control Panel to Website > Site settings > Basic and toggle the “who can view this site” option to “Control Panel users.”

Screenshot: Make site viewable by Control Panel users, only

Note: This is more of a temporary option, as you can’t realistically keep the site locked for the entire development process. You’ll need to unlock it to test how the forms work, etc., for first-time visitors (who won’t be logged in). Still, it can be a good precaution for much of the process.

Step 3: Develop locally, and choose a really obscure site slug

Even if you’ve taken the above to precautions, it’s possible that your development site will still be found: if someone wants to find it badly enough, they’ll just guess its URL until they find it. After all, it’s not rocket science to figure out that Joe Smith’s NationBuilder site might be at

So what do you do? A few things.

  1. If you’re a NationBuilder Architect, develop the site locally on your own nation first. Make it a secondary site on your sandbox, so instead of building it directly on it would be

  2. When you choose the “slug” for the development site, you can (optionally) take an added level of precaution and treat it with the same level of scrutiny that you would a password. Make it something random. isn’t a URL many people would guess for Joe Smith’s development site.

    Screenshot: Choose a secure site slug

    Note: This is a level of precaution I literally thought of as I was writing this post, and it’s going to become my new standard practice for development sites.


By taking these few, super simple precautions, you can save you and your clients and awful lot of headache and embarrassment down the road. It’s just a good best practice, and your clients will appreciate that you took the time.

Share this post