Table of Contents:
What is WordPress?
WordPress is an open source Content Management System (CMS) that currently powers nearly 30% of the entire web – from personal blogs to large news sites – 75 million websites use WordPress. WordPress accounts for about 60% of all CMS systems (https://expandedramblings.com/index.php/wordpress-statistics/). WordPress is famed for its ease of use and its flexibility, as anyone with basic Word Processing experience can manage their WordPress-powered site and built beautiful, responsive content. In addition, numerous 3rd party plugins exist that can extent WordPress far beyond its original features.
What is the Blackbaud Website Solution?
Building on the ease of use and flexibility of the WordPress platform, Blackbaud has developed a solution that is specifically tailored to the needs of nonprofit organizations for their public facing websites. Blackbaud’s solution includes a fully featured CMS, built on WordPress that allows a customer to truly take control of their content to drive their mission.
But it is much more than the CMS. Our solution leverages the Blackbaud Design Team’s expertise in strategy, visual design, and production to deliver websites that are designed to engage with the customer’s audience and ultimately drive engagement and fundraising. Beyond services, this solution also leverages the power of the Microsoft Azure cloud hosting platform for unparalleled performance and uptime of the site itself. We then couple all this with our award-winning Support Organization, our outcome driven retained services, and the Payment Services offered through BBMS.
How is the Blackbaud Website Solution different from WordPress?
While we have discussed that WordPress is known for its ease of use, we have also mentioned its flexibility has also helped make it the most popular CMS on the web today. This flexibility and ability to extend its functionality with 3rd party plugins is what has made WordPress a target for malware, and it is for this reason that Blackbaud does not deploy an unaltered version of WordPress when we deploy a customer site. We have disabled certain features of WordPress – namely, the ability to add 3rd party plugins as well as the ability to inject certain types of code into the site to in essence “lock” the site down against external intrusion. This was done for two major reasons:
- The requirements of PCI v3.2 have brought this solution into the compliance umbrella for Blackbaud as a Level 1 Service Provider (https://www.pcicomplianceguide.org/faq/#4).
- To protect against external malware intrusions which could damage the customer’s and Blackbaud’s reputation, as well as expose constituent data.
As such, we have assembled a list of approved plugins that have been tested for security and audited for PCI compliance. These plugins make up the core functionality of this solution, along with certain add-on features. The customer must work with Blackbaud if any alterations or additions are to be made to their plugin load out at launch.
Hosting & Support
The following section details the hosting for the Blackbaud Website Solution, along with Support and Retained Services. Website Portability and Liability around 3d party features are also discussed.
Microsoft Azure Hosting
We take data security very seriously. At a physical layer, the Blackbaud Website Solution utilizes a Microsoft Azure virtual private cloud that is secured both physically and biometrically, and is audited annually for PCI and other industry standard security protocols for operational policies and processes. The data within the cloud is encrypted not only end to end while being transmitted, but also while it persists on data volumes. Intrusion Detection Systems monitor the network for unauthorized access and malicious code. In addition, the Blackbaud Website Solution is accessed securely by your users via the HTTPS protocol. This ensures that the contents of communications between the user and Blackbaud Website Solution web pages cannot be read or forged by any third party.
Some specifics around the hosting on Azure:
- Server Panel Access: Per PCI specifications that Blackbaud is bound to as a Level 1 Service Provider, we are unable to provide access to the shared hosting backend of our production servers. All site administration must occur within the Blackbaud Website Solution administrative panel. These controls also forbid direct FTP and SSH connections.
- Storage capacity: 10GB per Domain
- Server Backups: Daily snapshots along with weekly offsite backups.
- Updates: Blackbaud will perform regular maintenance and apply updates to both the Server Software and WordPress itself. This maintenance will cover both security updates, as well as major WordPress version updates. Approved 3rd party plugins will also be updated while being actively supported by their authors. Should support for a 3rd party plugin be ended by their respective author, that plugin may be subject to replacement or retirement on the Azure-hosted WordPress site. If replacement or retirement is necessary, Blackbaud will contact the affected client(s) to discuss alternative solutions that have been subjected to PCI compliance testing.
For Blackbaud solutions and custom integrations (including the Blackbaud Website Solution) to Blackbaud solutions, please see our standard terms and conditions at www.blackbaud.com/terms. As the hosting provider for the Blackbaud Website Solution, Blackbaud will diagnose issues directly attributed to Blackbaud environments. Functionality and usability of WordPress are out of scope for Customer Support; however, Blackbaud Customer Support will assist with creating new administrator-level roles in the Blackbaud Website Solution.
Supplemental service requests may be subject to a billable fee or may utilize existing retainers. Service requests may include:
- Assistance with general usage or training using the Blackbaud Website Solution, WordPress integrations, or native WordPress functionality
- Design changes or requests of additional page templates, widgets, or UI features
At the Essentials and Professional Package level, Blackbaud, Inc. includes a set of hours for use as a retainer called Retained Services Hours. These hours (18 hours for Essentials, 36 hours for Professional over the course of the contract) are to be used for services for your Blackbaud Website Solution site over the length of the contract. This retainer allows Blackbaud to continue to serve our clients beyond the delivery of the website by offering success-driven services to increase constituent engagement.
The use of Retained Service hours may include, but are not limited to:
- Strategic Services, including:
- Analytics Reporting and Recommendations
- ADA Compliance
- Social Strategy
- Usability Testing
- Page Structure changes via the Page Editor
- Additional 1:1 training
- Content updates
- Client Communication & Consultation
Examples of services that Retained Services cannot cover include, but are not limited to:
- Site redesign
- Installation of Plugins outside of the Approved Plugins List
- Microsite/multisite creation
- Edits or updates to other Blackbaud Products (Luminate, NetCommunity, Sphere, eTapestry, Altru) outside of the Blackbaud Website Solution
- Changes the core files of the Blackbaud Website Solution
- Additional functionality
Please note: Administrative tasks such resource assignment, client requested reporting, and client communication all fall within the charter of the Retained Service hours.
Due to the proprietary nature of the Blackbaud Website Solution, in which a highly custom implementation of WordPress has been coupled with a combination of licensed plugins and plugins developed by Blackbaud, the Blackbaud Website Solution is not considered portable to other hosted environments. The Blackbaud Website Solution is only available as a Subscription service and access is only maintained while a services contract is in effect.
In the event of a migration/cancellation of services to a 3rd party server, Blackbaud will be able to provide an export in XML format of your Page and Post content from your Blackbaud Website Solution site. This content could then be utilized by a 3rd Party developer to populate a new site with content.
For additional questions on the terms of Blackbaud Services and Subscriptions, please refer to the Blackbaud Master Services and Solutions Agreement.
3rd Party Functionality
The Blackbaud Website Solution relies on several 3rd party plugins to WordPress to provide key pieces of functionality. Blackbaud will update and maintain these plugins as part of the maintenance and security of the solution. In the event of issues related to a plugin update, Blackbaud will work towards a resolution per our standard support terms.
Blackbaud is not responsible for features/functionality added or omitted by a 3rd Party Plugin author. In the event a 3rd party plugin author removes or modifies a feature of these plugins, Professional Services can be engaged to identify a replacement. This work effort would be considered a Billable service. In the event an update to a plugin by a 3rd Party Plugin author modifies or removes custom design work applied by the Blackbaud Professional Services Team, corrections can be made by Professional Services as a billable service.
To review 3rd party plugins utilized by the Blackbaud Website Solution, please review the Approved Plugins listing.
If defined in the statement of work, “Social Media widgets” refer specifically to Facebook, Twitter and Instagram*. Other social media platforms are considered out of scope as they would be subject to security testing.
The following section describes the various assumptions around content migration delivered by Blackbaud, Inc. as included in a Professional Services Scope of Work.
Content Migration Image Specifications and Requirements
- File size cannot be more than 2MB – We can increase this a little bit if you happen to have big PDF’s for example
- Image format accepted: jpg, jpeg, png – ideally optimized for web
- Images and documents naming convention: names with a space is not acceptable (i.e.: slider image1.jpg) – Always have an underscore or hyphen in place of a space (i.e.: slider_image1.jpg)
- Images for sliders need to be a minimum of 1400px in width and 600px in height.
- If files or images provided are not optimized for the web, more time will be required to migrate the content which may lead to a fewer number of total pages migrated.
Content Migration Copy
The content migration estimate is based on a rate of 3 pages per hour. Since not all pages are equal in length and complexity, this rate may change once the content has been provided.
- A blog post or event count as one page
- A page with a form does not fall in the scope of content migration (unless it is an embedded form)
- A calendar can be set up as part of content migration but events will have to be added by client
- No more than 5 images per page
- Link destinations must be provided with each page
- Sidebar content must be clearly specified for each page
- Migrated content will be in line with the branding of your organization (fonts, colors, etc.)
- Does not include restructuring content into dynamic interfaces (i.e. adding content into an accordion menus, pop-ups or fly-outs)
- Does not include migration of product information within eCommerce solutions
- Image maps (for example, an image with different clickable areas) would be migrated over “as is”. The branding on the website may not match the style of the image maps being migrated over. Please note, clickable areas on image maps may not behave as envisioned on mobile devices. Customization or coding related to the clickable areas is not included within content migration. For mobile devices, we strongly recommend a text-based alternative option.
Blackbaud, Inc. will not guarantee the ADA compliance of your site. The Blackbaud Website Solution will be configured by Blackbaud with certain accessibility features that enforce ADA best practices when creating most content. However, if true ADA compliance is desired, an ADA audit should be completed by a 3rd party and delivered to Blackbaud to identify any additional items that need to be addressed. These items can then be addressed via scoped Times and Materials hours.
Since your organization is responsible for providing content, please use this checklist for content creation: http://www.techrepublic.com/blog/web-designer/creating-an-ada-compliant-website/
- Every image, video file, audio file, plug-in, etc. has an alt tag
- Complex graphics are accompanied by detailed text descriptions
- The alt descriptions describe the purpose of the objects
- If an image is also used as a link, make sure the alt tag describes the graphic and the link destination
- Decorative graphics with no other function have empty alt descriptions (alt= “”)
- Add captions to videos
- Add audio descriptions
- Create text transcript
- Create a link to the video rather than embedding it into web pages
- Add a link to the media player download
- Add an additional link to the text transcript
- The page should provide alternative links to the Image Map
- The <area> tags must contain an alt attribute
- Data tables have the column and row headers appropriately identified (using the <th> tag)
- Tables used strictly for layout purposes do NOT have header rows or columns
- Table cells are associated with the appropriate headers (e.g. with the id, headers, scope and/or axis HTML attributes)
- Make sure the page does not contain repeatedly flashing images
- Check to make sure the page does not contain a strobe effect
- A link is provided to a disability-accessible page where the plug-in can be downloaded
- All Java applets, scripts and plug-ins (including Acrobat PDF files and PowerPoint files, etc.) and the content within them are accessible to assistive technologies, or else an alternative means of accessing equivalent content is provided
- When form controls are text input fields use the LABEL element
- When text is not available use the title attribute
- Include any special instructions within field labels
- Make sure that form fields are in a logical tab order
- Include a ‘Skip Navigation’ button to help those using text readers
Each Blackbaud Website Solution site Blackbaud develops will be subjected to Quality Assurance. Our Quality Assurance Team will subject your site to a variety of tests to ensure the delivered site will function appropriately across all major browsers, will respond to a variety of screen sizes, and does not have any internal conflicts between the delivered Theme and its plugins.
Due to the variance in mobile browsers, Blackbaud cannot promise a pixel-perfect implementation across all mobile platforms. That being said, the delivered site will be fully functional and will not display any functional errors that would prevent a user from properly interacting with the site.