Blackbaud Website Package

Frequently Asked Questions

FAQs

What is the Blackbaud Website Package?

Building on the ease of use and flexibility of the WordPress platform, Blackbaud has developed a solution that is specifically tailored to the needs of nonprofit organizations for their public-facing websites. Blackbaud’s solution includes a fully-featured CMS, built on WordPress that allows a customer to truly take control of their content to drive their mission.

But it is much more than the CMS. Our solution leverages the Blackbaud Design Team’s expertise in strategy, visual design, and production to deliver websites that are designed to engage with the customer’s audience and ultimately drive engagement and fundraising. Beyond services, this solution also leverages the power of the Microsoft Azure cloud hosting platform for unparalleled performance and uptime of the site itself.

Why is WordPress used as the underlying framework?

WordPress is an open-source Content Management System (CMS) that currently powers nearly 30% of the entire web – from personal blogs to large news sites – 75 million websites use WordPress. WordPress accounts for about 60% of all CMS systems [1]. WordPress is famed for its ease of use and its flexibility, as anyone with basic Word Processing experience can manage their WordPress-powered site and build beautiful, responsive content.

How is the Blackbaud Website Package different from WordPress?

WordPress is known for its ease of use and flexibility making it the most popular CMS on the web today. This flexibility and ability to extend its functionality with third-party plugins is what has made WordPress a target for malware, and it is for this reason that Blackbaud does not deploy an unaltered version of WordPress when we deploy a customer site. We have disabled certain features of WordPress – namely, the ability to add third-party plugins as well as the ability to inject certain types of code into the site to in essence “lock” the site down against external intrusion. This was done for two major reasons:

  1. The requirements of PCI v3.2 have brought this solution into the compliance umbrella for Blackbaud as a Level 1 Service Provider [2].
  2. To protect against  external malware intrusions  which could damage the customer’s and Blackbaud’s reputation, as well as expose  constituent data.

As such, the plugins used as part of the BBWP have been tested for security and audited for PCI compliance. These plugins make up the core functionality of this solution, along with  certain add-on features.

What is the Blackbaud Website Package framework?

As part of the efforts discussed above to bring our WordPress-driven solution into compliance w/ PCI v3.2, we have implemented a tool (referred to as “The Blackbaud Builder”) within the Blackbaud Website Package, that incorporates specific features/functionality called “modules”. These modules represent the various functional and visual elements of a Blackbaud Website Package website and have been selected to meet the varying needs of the non-profit customers we serve. We are constantly evaluating the various module needs of customers utilizing the Blackbaud Website Package, and new modules are constantly added as time goes on and functional needs are identified.

As part of the deployment process for a Blackbaud Website Package website, a Blackbaud designer/developer will review your site needs and expectations and discuss how the various modules within the solution can meet your functional needs. If a functional gap between your needs and the Blackbaud Website Package is found, alternatives can be explored but will require additional hours to be purchased on a time and materials basis.

You may review the available modules in our solution here.

How is the website hosted and is it secure?

Microsoft Azure Cloud Operations – We take data security very seriously. At a physical layer, the Blackbaud Website Package utilizes a Microsoft Azure virtual private cloud that is secured both physically and biometrically, and is audited annually for PCI and other industry-standard security protocols for operational policies and processes. The data within the cloud is encrypted not only end to end while being transmitted but also while it persists on data volumes. Intrusion Detection Systems monitor the network for unauthorized access and malicious code. In addition, the Blackbaud Website Package is accessed securely by your users via the HTTPS protocol. This ensures that the contents of communications between the user and Blackbaud Website Package web pages cannot be read or forged by any third-party.

Some specifics around the cloud operations on Azure:

  • Storage capacity: 10GB per Domain
  • Server Backups: Daily snapshots along with weekly offsite backups.
  • Updates: Blackbaud will perform regular maintenance and apply updates to both the Server Software and WordPress itself. This maintenance will cover both security updates, as well as major WordPress version updates. Approved third-party plugins will also be updated while being actively supported by their authors. Should support for a third-party plugin be ended by their respective author, that plugin may be subject to replacement or retirement on the Azure-hosted WordPress site. If replacement or retirement is necessary, Blackbaud will contact the affected client(s) to discuss alternative solutions that have been subjected to PCI compliance testing.

For Blackbaud solutions and custom integrations (including the Blackbaud Website Package) to Blackbaud solutions, please see our standard terms and conditions at www.blackbaud.com/terms. As the cloud operations provider for the Blackbaud Website Package, Blackbaud will diagnose issues directly attributed to Blackbaud environments. The functionality and usability of WordPress itself are out of scope for Customer Support however, Blackbaud Customer Support will assist with creating new administrator-level roles in the Blackbaud Website Package.

Can I have Control Panel or FTP Access?

Server Panel Access: Per PCI specifications that Blackbaud is bound to as a Level 1 Service Provider, we are unable to provide access to the shared cloud operations/hosting backend of our production servers. All site administration must occur within the Blackbaud Website Package administrative panel. These controls also forbid direct FTP and SSH connections.

Where do I go if I need additional help, over and above “How to” support questions?

Supplemental service requests may be subject to a billable fee or may utilize existing retainers. Service requests may include:

  • Assistance with general usage or training using the “Blackbaud Builder”, or native WordPress functionality
  • Design changes or requests of additional page templates, widgets, or UI features
  • Additional Post Implementation Services
  • Out of warranty bug fixes Blackbaud Solutions Agreement can be found here.

If you wish for Blackbaud to carry out additional work, please reach out to your account executive directly.

What email capabilities does the Blackbaud Website Package have?

The Blackbaud Website Package includes basic email capabilities to allow for account management emails to be sent – these sort of emails include: New User Registration, Forgotten Password, Website Invitations, etc. The package does not include any mass email capabilities, however. In order to utilize mass email capabilities for constituent solicitation, appeals or fundraising an external service such as Blackbaud NetCommunity, Blackbaud Online Express, Blackbaud Luminate Online, Blackbaud Altru or numerous third-party services must be utilized.

Can I take my website away with me to be hosted somewhere else?

Due to the proprietary nature of the Blackbaud Website Package, in which a highly custom implementation of WordPress has been coupled with a combination of licensed plugins and plugins developed by Blackbaud, the Blackbaud Website Package is not considered portable to other hosted environments. The Blackbaud Website Package is only available as a Subscription Service and access is only maintained while a services contract is in effect.

In the event of a migration/cancellation of services to a third-party server, Blackbaud will be able to provide an export in XML format of your Page and Post content from your Blackbaud Website Package site. This content could then be utilized by a third-party developer to populate a new site with content.

Blackbaud also recommends any client considering a move to a third-party hosted environment consult with a licensed QSA to determine what level of PCI Compliance burden they will be responsible for on the new infrastructure.

For additional questions on the terms of Blackbaud Services and Subscriptions, please refer to the Blackbaud Master Services and Solutions Agreement.

Can I add my own third-party functionality?

The Blackbaud Website Package relies on several third-party plugins for the underlying WordPress to provide key pieces of functionality. Blackbaud will update and maintain these plugins as part of the maintenance and security of the solution. In the event of issues related to a plugin update, Blackbaud will work towards a resolution per our standard support terms.

Blackbaud is not responsible for features/functionality added or omitted by authors of third-party code. In the event a third-party author removes or modifies functionality or features, Professional Services can be engaged to check the security/PCI Compliance and potentially identify a replacement. This work effort would be considered a Billable service. In the event an update to code by a third-party author modifies or removes custom design work applied by the Blackbaud Professional Services Team, corrections can be made by Professional Services as a billable service.

Third-party plugins are used within BBWP. These plugins have been vetted, their licenses are current and security maintained. See details of the Plugin Policy.

What is content optimization, and isn’t it simply copying and pasting the information I have given you?

When adding content to the website, time needs to be taken to consider how it should be displayed to your target audience. There are numerous options available to display your content, ranging from standard text, all the way to complex interactive elements (such as flip-cards, sliders or hover effects). Your Blackbaud designer will select the content module for the best experience for the website user. The number of pages included within the Blackbaud Website Package depends on the level:

  • Essentials: Ten (10) Pages
  • Professional: Fifteen (15) Pages

These pages get you started on the right foot by creating pages for the Homepage, Landing page, as well as an interior page. Additional content migration can be added to a project using a separate time and materials contract. Please review the product assumptions regarding content optimization.

Will the website be ADA Compliant?

Blackbaud, Inc. will not guarantee the ADA compliance of your site as you (the client) are responsible for the way the content is added to the website. That said, there is a list of items we encourage to be reviewed when developing content for the website. Read more on the project assumptions page.

What social media widgets are available?

If defined in the statement of work, “Social Media widgets” refers specifically to Facebook, Twitter, Instagram and Pinterest. Other social media platforms are considered out of scope as they would be subject to security testing.

What website assets do you need from me?

See our Visual Design Assets Checklist. This defines the assets required along with the format needed.

[1]Statistics provided by expandedramblings.com and accurate at the time of writing. [2] Details of being a Level 1 Service Provider can be found at pcicomplianceguide.org.