Table of Contents:
What is WordPress?
WordPress is an open source Content Management System (CMS) that currently powers nearly 30% of the entire web – from personal blogs to large news sites – 75 million websites use WordPress. WordPress accounts for about 60% of all CMS systems (https://expandedramblings.com/index.php/wordpress-statistics/). WordPress is famed for its ease of use and its flexibility, as anyone with basic Word Processing experience can manage their WordPress-powered site and built beautiful, responsive content. In addition, numerous 3rd party plugins exist that can extent WordPress far beyond its original features.
What is the Blackbaud Website Package?
Building on the ease of use and flexibility of the WordPress platform, Blackbaud has developed a solution that is specifically tailored to the needs of nonprofit organizations for their public facing websites. Blackbaud’s solution includes a fully featured CMS, built on WordPress that allows a customer to truly take control of their content to drive their mission.
But it is much more than the CMS. Our solution leverages the Blackbaud Design Team’s expertise in strategy, visual design, and production to deliver websites that are designed to engage with the customer’s audience and ultimately drive engagement and fundraising. Beyond services, this solution also leverages the power of the Microsoft Azure cloud hosting platform for unparalleled performance and uptime of the site itself. We then couple all this with our award-winning Support Organization, our outcome driven retained services, and the Payment Services offered through BBMS.
How is the Blackbaud Website Package different from WordPress?
While we have discussed that WordPress is known for its ease of use, we have also mentioned its flexibility has also helped make it the most popular CMS on the web today. This flexibility and ability to extend its functionality with 3rd party plugins is what has made WordPress a target for malware, and it is for this reason that Blackbaud does not deploy an unaltered version of WordPress when we deploy a customer site. We have disabled certain features of WordPress – namely, the ability to add 3rd party plugins as well as the ability to inject certain types of code into the site to in essence “lock” the site down against external intrusion. This was done for two major reasons:
- The requirements of PCI v3.2 have brought this solution into the compliance umbrella for Blackbaud as a Level 1 Service Provider (https://www.pcicomplianceguide.org/faq/#4).
- To protect against external malware intrusions which could damage the customer’s and Blackbaud’s reputation, as well as expose constituent data.
As such, the plugins used as part of the BBWP have been tested for security and audited for PCI compliance. These plugins make up the core functionality of this solution, along with certain add-on features. The customer must work with Blackbaud if any alterations or additions are to be made to their plugin load out at launch.
The Blackbaud Website Package Framework
As part of the efforts discussed above to bring our WordPress-driven solution into compliance w/ PCI v3.2, we have implemented a framework within the Blackbaud Website Package that incorporates specific features/functionality called “modules”. These modules represent the various functional and visual elements of a Blackbaud Website Package website, and have been selected to meet the varying needs of the non-profit customers we serve. We are constantly evaluating the various module needs of customers utilizing the Blackbaud Website Package, and new modules will be added as time goes on and functional needs are identified.
As part of the deployment process for a Blackbaud Website Package website, a Blackbaud designer/developer will review your site needs and expectations and discuss how the various modules within the solution can meet your functional needs. If a functional gap between your needs and the Blackbaud Website Package is found, alternatives can be explored but will require additional hours to be purchased on a Times and Materials basis.
You may review the available modules in our solution here.
Hosting & Support
The following section details the hosting for the Blackbaud Website Package, along with Support and Retained Services. Website Portability and Liability around third party features are also discussed.
Microsoft Azure Hosting
We take data security very seriously. At a physical layer, the Blackbaud Website Package utilizes a Microsoft Azure virtual private cloud that is secured both physically and biometrically, and is audited annually for PCI and other industry standard security protocols for operational policies and processes. The data within the cloud is encrypted not only end to end while being transmitted, but also while it persists on data volumes. Intrusion Detection Systems monitor the network for unauthorized access and malicious code. In addition, the Blackbaud Website Package is accessed securely by your users via the HTTPS protocol. This ensures that the contents of communications between the user and Blackbaud Website Package web pages cannot be read or forged by any third party.
Some specifics around the hosting on Azure:
- Server Panel Access: Per PCI specifications that Blackbaud is bound to as a Level 1 Service Provider, we are unable to provide access to the shared hosting backend of our production servers. All site administration must occur within the Blackbaud Website Package administrative panel. These controls also forbid direct FTP and SSH connections.
- Storage capacity: 10GB per Domain
- Server Backups: Daily snapshots along with weekly offsite backups.
- Updates: Blackbaud will perform regular maintenance and apply updates to both the Server Software and WordPress itself. This maintenance will cover both security updates, as well as major WordPress version updates. Approved 3rd party plugins will also be updated while being actively supported by their authors. Should support for a 3rd party plugin be ended by their respective author, that plugin may be subject to replacement or retirement on the Azure-hosted WordPress site. If replacement or retirement is necessary, Blackbaud will contact the affected client(s) to discuss alternative solutions that have been subjected to PCI compliance testing.
For Blackbaud solutions and custom integrations (including the Blackbaud Website Package) to Blackbaud solutions, please see our standard terms and conditions at www.blackbaud.com/terms. As the hosting provider for the Blackbaud Website Package, Blackbaud will diagnose issues directly attributed to Blackbaud environments. Functionality and usability of WordPress are out of scope for Customer Support; however, Blackbaud Customer Support will assist with creating new administrator-level roles in the Blackbaud Website Package.
Supplemental service requests may be subject to a billable fee or may utilize existing retainers. Service requests may include:
- Assistance with general usage or training using the Blackbaud Website Package, WordPress integrations, or native WordPress functionality
- Design changes or requests of additional page templates, widgets, or UI features
At the Essentials and Professional Package level, Blackbaud, Inc. includes a set of hours called Retained Services Hours. These hours (18 hours for Essentials, 36 hours for Professional over the course of the contract) are to be used for services for your Blackbaud Website Package. These retained service hours allows Blackbaud to continue to serve our clients beyond the delivery of the website by offering success-driven services to increase constituent engagement. Towards the end of the implementation, we will present best practice options that effectively.
The use of Retained Service hours may include, but are not limited to:
- Strategic Services, including:
- Analytics Reporting and Recommendations
- ADA Compliance
- Social Strategy
- Usability Testing
- Page Structure changes via the Page Editor
- Additional 1:1 training
- Content updates
- Client Communication & Consultation
Examples of services that Retained Services cannot cover include, but are not limited to:
- Site redesign
- Installation of Plugins
- Microsite/multisite creation
- Edits or updates to other Blackbaud Products (Luminate, NetCommunity, Sphere, eTapestry, Altru) outside of the Blackbaud Website Package
- Changes the core files of the Blackbaud Website Package
- Additional functionality
Please note: Administrative tasks such resource assignment, client requested reporting, and client communication all fall within the charter of the Retained Service hours. Additional retainer hours can be purchased separately.
The Blackbaud Website Package includes basic email capabilities to allow for account management emails to be sent – these sort of emails include: New User Registration, Forgotten Password, Website Invitations, etc. The package does not include any mass email capabilities, however. In order to utilize mass email capabilities for constituent solicitation, appeals or fundraising an external service such as Blackbaud NetCommunity, Blackbaud Online Express, Blackbaud Luminate Online, Blackbaud Altru or numerous third party services must be utilized.
Due to the proprietary nature of the Blackbaud Website Package, in which a highly custom implementation of WordPress has been coupled with a combination of licensed plugins and plugins developed by Blackbaud, the Blackbaud Website Package is not considered portable to other hosted environments. The Blackbaud Website Package is only available as a Subscription service and access is only maintained while a services contract is in effect.
Blackbaud also recommends any client considering a move to a 3rd party hosted environment consult with a licensed QSA to determine what level of PCI Compliance burden they will be responsible for on the new infrastructure.
In the event of a migration/cancellation of services to a 3rd party server, Blackbaud will be able to provide an export in XML format of your Page and Post content from your Blackbaud Website Package site. This content could then be utilized by a 3rd Party developer to populate a new site with content.
For additional questions on the terms of Blackbaud Services and Subscriptions, please refer to the Blackbaud Master Services and Solutions Agreement.
3rd Party Functionality
The Blackbaud Website Package relies on several 3rd party plugins to WordPress to provide key pieces of functionality. Blackbaud will update and maintain these plugins as part of the maintenance and security of the solution. In the event of issues related to a plugin update, Blackbaud will work towards a resolution per our standard support terms.
Blackbaud is not responsible for features/functionality added or omitted by authors of 3rd Party code. In the event a 3rd party author removes or modifies functionality or features, Professional Services can be engaged to check the security/PCI Compliance and potentially identify a replacement. This work effort would be considered a Billable service. In the event an update to code by a 3rd Party author modifies or removes custom design work applied by the Blackbaud Professional Services Team, corrections can be made by Professional Services as a billable service.
Third party plugins are used within BBWP. These plugins have been vetted, their licenses are current and security maintained. See details of the Plugin Policy.
If defined in the statement of work, “Social Media widgets” refer specifically to Facebook, Twitter and Instagram*. Other social media platforms are considered out of scope as they would be subject to security testing.
The following section describes the various assumptions around content optimization/migration delivered by Blackbaud, Inc. as included in a Professional Services Scope of Work.
Content Optimization/Migration Image Specifications and Requirements
- File size cannot be more than 2MB – We can increase this a little bit if you happen to have big PDF’s for example
- Image format accepted: jpg, jpeg, png – ideally optimized for web
- Images and documents naming convention: names with a space is not acceptable (i.e.: slider image1.jpg) – Always have an underscore or hyphen in place of a space (i.e.: slider_image1.jpg)
- Images for sliders need to be a minimum of 1400px in width and 600px in height.
- If files or images provided are not optimized for the web, more time will be required to migrate the content which may lead to a fewer number of total pages migrated.
Content Optimization/Migration Copy
The content optimization/migration estimate is based on a rate of 2 pages per hour. Since not all pages are equal in length and complexity, this rate may change once the content has been provided.
- Textual content must be supplied as either:
- A Microsoft Word Document
- A plain text (.txt) file
- A link to an existing live Website where text can be selected and copied
- A PDF file where text can be selected and copied
- A blog post or event count as one page
- A page with a form does not fall in the scope of content optimization/migration (unless it is an embedded form)
- A calendar can be set up as part of content optimization/migration but events will have to be added by client
- No more than 5 images per page
- Link destinations must be provided with each page
- Sidebar content must be clearly specified for each page
- Migrated content will be in line with the branding of your organization (fonts, colors, etc.)
- Does not include optimization/migration of product information within eCommerce solutions
- Image maps (for example, an image with different clickable areas) would be migrated over “as is”. The branding on the website may not match the style of the image maps being migrated over. Please note, clickable areas on image maps may not behave as envisioned on mobile devices. Customization or coding related to the clickable areas is not included within content optimization/migration. For mobile devices, we strongly recommend a text-based alternative option.
Note: Manually writing content based on text that isn’t able to be selected and copied is considered out-of-scope and will require a change order.
Blackbaud, Inc. will not guarantee the ADA compliance of your site. The Blackbaud Website Package will be configured by Blackbaud with certain accessibility features that enforce ADA best practices when creating most content. However, if true ADA compliance is desired, an ADA audit should be completed by a 3rd party and delivered to Blackbaud to identify any additional items that need to be addressed. These items can then be addressed via scoped Times and Materials hours.
Since your organization is responsible for providing content, please use this checklist for content creation: http://www.techrepublic.com/blog/web-designer/creating-an-ada-compliant-website/
- Every image, video file, audio file, plug-in, etc. has an alt tag
- Complex graphics are accompanied by detailed text descriptions
- The alt descriptions describe the purpose of the objects
- If an image is also used as a link, make sure the alt tag describes the graphic and the link destination
- Decorative graphics with no other function have empty alt descriptions (alt= “”)
- Add captions to videos
- Add audio descriptions
- Create text transcript
- Create a link to the video rather than embedding it into web pages
- Add a link to the media player download
- Add an additional link to the text transcript
- The page should provide alternative links to the Image Map
- The <area> tags must contain an alt attribute
- Data tables have the column and row headers appropriately identified (using the <th> tag)
- Tables used strictly for layout purposes do NOT have header rows or columns
- Table cells are associated with the appropriate headers (e.g. with the id, headers, scope and/or axis HTML attributes)
- Make sure the page does not contain repeatedly flashing images
- Check to make sure the page does not contain a strobe effect
- A link is provided to a disability-accessible page where the plug-in can be downloaded
- All Java applets, scripts and plug-ins (including Acrobat PDF files and PowerPoint files, etc.) and the content within them are accessible to assistive technologies, or else an alternative means of accessing equivalent content is provided
- When form controls are text input fields use the LABEL element
- When text is not available use the title attribute
- Include any special instructions within field labels
- Make sure that form fields are in a logical tab order
- Include a ‘Skip Navigation’ button to help those using text readers
Each Blackbaud Website Package site Blackbaud develops will be subjected to Quality Assurance. Our Quality Assurance Team will subject your site to a variety of tests to ensure the delivered site will function appropriately across all major browsers, will respond to a variety of screen sizes, and does not have any internal conflicts between the delivered Theme and its plugins.
Due to the variance in mobile browsers, Blackbaud cannot promise a pixel-perfect implementation across all mobile platforms. That being said, the delivered site will be fully functional and will not display any functional errors that would prevent a user from properly interacting with the site.