05/09/2018

Hide the Search in Member Directory Gadget

The search function on a Wild Apricot member directory gadget is really handy. It allows you to search the member directory by keyword. Unfortunately when a page loads, the search box receives the browser focus and the page scrolls automatically to wherever the search box is on the page. Sometimes that is near the bottom of a page, scrolling the page below important content. There is a simple fix: hide the search box or use JavaScript to disable the focus.

JavaScript to disable the focus. This keeps the search box on the screen and available without scrolling the window. You should insert this into the Global Javascript under Settings > Site > Global Javascript

<script type="text/javascript">
jq$(function()
{
function noFocus() {
console.log('nofocus here');
if (jq$('.WaGadgetMemberDirectory').length) {
var refreshId = setInterval(function() {
if (jq$('.WaGadgetMemberDirectory table#membersTable').length)
{ document.activeElement.blur(); window.scrollTo(0,0); clearInterval(refreshId); }
}, 50);
}
else if (document.activeElement && (document.activeElement.tagName=="INPUT")) {
document.activeElement.blur();
window.scrollTo(0,0);
}
}
BonaPage.addPageStateHandler(BonaPage.PAGE_PARSED, noFocus);
});
</script>

 

Or you can use the CSS below to just hide the search box. Place this code in the raw headers of each page where you want to hide the search box on. Note that the styles affect the IDs of the elements separately.

 

/* search box */

<style>
#FunctionalBlock1_ctl00_ctl00_search {
display:none;
}
</style>

/* search label */


<style>
#FunctionalBlock1_ctl00_ctl00_searchLabel {
display: none;
}
</style>

/* advanced search link */
<style>
#FunctionalBlock1_ctl00_ctl00_advancedSearchStatusPanel_advancedSearchLink {
display: none;
}
</style>

04/17/2018

What is an Extended Validation (EV) SSL Certificate?

Chrome ssl

SSL secures the transmission of data passed between your web browser and the web server. When you enter data into a comment, or pay for something online, the information flows over the internet securely if and only if, the connection is secured by SSL. It turns out that there are 3 different types of certificates and they are indicated very differently by web browsers.

Insecure transactions will soon show "not secure" by Google Chrome as displayed below. Currently they show an i with a circle around it, but that will change this summer with the release of Chrome 68. Here is how all websites without SSL will display:

Treatment-of-http-pages2x

Below is a comparison of the 3 different security states a website can appear currently:

3 types of SSL certificates

There are 3 different types of security certificates available for websites, Domain Validated (DV), Organization Validated (OV) and Extended Validated (EV). Domain Validated certificates can be obtain by anyone, and even for free using Let's Encrypt. These are the simplest to obtain because they do not need any validation other than some sort of control over the website you are securing. This means just about anyone can obtain and secure a website, even for $0. Even though these websites are secure, you have no idea exactly who owns or runs them so the trust level for DV secured sites should be quite low. Situations where trust and credibility are less important such as personal websites and small forums that need basic encryption for things like logins, forms or other non-transactional data.

An Organization Validated certificate has different procurement requirements. To obtain an OV certificate the issuing certificate authority (CA) has to confirm the organizational existence using a non-automated method. As well as checking up on ownership of the domain name, the Certificate Authority will also carry out additional vetting of the organization and individual applying for the certificate. This might include checking the address where the company is registered and the name of a specific contact. OV certificates should be used for public-facing websites dealing with less sensitive transactional data. OV Certificates do not offer the highest visible display of trust like EV certificates which show a green browser bar organization identification.

The Extended Validated certificate is the current gold standard in SSL certificates. Any business that sells products or accepts payment information online should use an Extended Validation (EV) SSL Certificate. An EV certificate uses the same powerful encryption as other SSLs, but getting one requires a thorough vetting of the applicant's business. Only those businesses that pass this process will receive an EV SSL Certificate. Typically the use of an EV certificate is indicated by a green color – but this varies by browser. Anyone who sees the green address bar while on your site knows instantly they’re on a legitimate website.

EV verification guidelines, drawn up by the Certificate Authority/Browser Forum, require the Certificate Authority to run a much more rigorous identity check on the organization or individual applying for the certificate. Sites with an EV SSL certificate have a green browser address bar and a field appears with the name of the legitimate website owner and the name of the Certificate Authority that issued the certificate. From the CA/Browser Forum:

Having an EV certificate for your website is an indication to your customers (or users) that you are very interested in ensuring their safety and privacy by taking the most care that you possibly can in authenticating yourself (through your web site) to them. Even though it might take more time and money to apply for an EV Certificate, after following the application procedures through to successful completion of the vetting process, the CA will issue an EV Certificate to you. 

Before an EV Certificate is granted, a certificate vendor verifies that the business listed on the application is:

  • Legally registered
  • Currently in operation
  • At the address listed (PO Boxes are not allowed!)
  • At the telephone number listed (Voice mail systems will not be allowed for validation, there must be someone answering the phone!)
  • Owns the website domain name (usually done thr0ugh a CNAME record, a file placed on your server or by email.

You will need to pass this vetting process every two years to keep your Extended Validation (EV) SSL. 

Most types of organizations can get an EV certificate relatively easily if they have an established business background and are located in a jurisdiction that provides good online access to records of incorporation or registration.  But regrettably, there are a few types of organizations and a few jurisdictions for which there just isn’t good enough external registration information available in order for the CA to be sure enough of the details supplied by the person applying for the certificate for the CA to be able to easily issue an EV certificate.  For example some CAs do not accept PO Boxes as the organizational mailing address (even though the IRS or a local tax jurisdiction does!). Generally, if your organization is incorporated or fits into one of the more common business types such as an LLC or 501(c) not for profit, then you should be able to obtain an EV certificate.  Here's an example EV Certification Checklist from Comodo should you decide to go this route. It takes time and you should confirm your registration information is up to date and the phone number on file is answered by a person (not a voice mail service).

 

03/05/2018

WordPress.com Supports Plugins and Themes

Wordpress plans
WordPress.com plans

Automattic, the company behind WordPress.com, has upped their game by allowing plugin and theme installations on the business offering of WordPress.com. For $33 CAD ($25 USD) per month you have access to a fully managed WordPress website, but there are some features missing from this new entrant into the custom WordPress hosting space.

Until sometime in August 2017, WordPress.com severely restricted the use of themes, offered no plug-in installations and limited the access to CSS for theme customizations.  The ability to install plugins, themes and customize CSS made WordPress.org the most popular platform in the world. Automattic’s hosting options were great for hobbyists and people running personal blogs, but not for businesses. That all changed late last year.

By giving WordPress.com customers the ability to install themes and plugins that satisfy most business requirements, Automattic could draw millions of customers from the existing WordPress hosting services.  The question is, has Automattic offered enough technology and service at each price point to deter the average website builder from installing and maintaining their own copy of WordPress?

There is no cut and dry answer to this question because every user has a different set of priorities. Automattic’s various service plans are compared on their website, and every website at WordPress.com now comes with a free SSL certificate and a few necessary plugins that are auto-installed. With the addition of the plugins, hosting at WordPress.com is now a viable option for business users.  

We’ll start by examining the free plan which used to be very cookie-cutter because users were offered only a yearly theme (2016, 2017 etc.) Now the free plan has dozens of themes to choose from, and several plugins are included. You can store up to 3 GB of files for pictures, audio and video, and even the free version comes with Jetpack essentials. Jetpack essentials is the most popular WordPress.org plug-in and offers features such as social media share buttons, stats and analytics about your traffic, site security, faster content delivery, a subscription system, and multiple site management from one interface. Some features in Jetpack you have to pay for such as VaultPress which offers back-ups and restoration for your site for $39/year.  The free plan will still insert “wordpress.com” in your domain name and you have no choice but to host ads on your site.

Where things become interesting is in the Personal plan for $5 a month. On this plan you can have a custom domain name and you get rid of all the WordPress.com ads that are sprinkled in the free sites.  Along with hosting and looking more professional, you get support by email and live chat, 6GB of storage space and email forwarding for five custom email addresses such as yourname@yourdomain.com.  WordPress.com only offers email forwarding and not email hosting so you have to go with another provider in order to be able to ‘send’ from your custom email address.  G Suite is available through WordPress.com for another $5/month per user but their email hosting is $50/mailbox/year. Note that to support email inboxes with WordPress.com you have to register your domain with WordPress.com (or transfer it to them).

The next plan up is a $10/month Premium plan where you get everything already mentioned in the Personal plan, plus access to all the Wordpress.com themes - there are about 300 of them to choose from. You also get full access to the CSS code in order to totally customize your your theme, an ad-free video player (Automattic’s VideoPress product), 13 GB of storage space and the ability to monetize your site through Automattic’s WordAds program.  

WordAds is a proprietary program only for WordPress.com sites that combines the features of Google Adsense and Adwords.  Adsense is actually one of the many partners that WordAds manages in this program.  Drawbacks include restricted participation in WordAds unless you get thousands of hits per month and they offer less control than Google’s Adsense over which ads are displayed on your site. Since its a new program, there’s no data yet on revenue generation as compared to Adsense but it will be interesting to see the stats on this program as it unfolds.  

The next plan is a big leap in price and options with the Business plan at $33/month.  On the Business plan you get unlimited storage, access to live training, SEO tools, access to the entire 50,000+ WordPress plugin directory, the ability to install custom themes from the theme directory and Google Analytics integration.  eCommerce, the ability to transact online, is delivered through plugins, so until the cheaper levels of WordPress.com include Woocommerce or another eCommerce option, the Business Plan is the only level where you can ‘sell’ on your site.  

Every WordPress.com site comes with one free, perpetually renewed SSL certificate which can save you up to $100/year from having to buy your own certificate. That’s 3-10 months of savings right there depending on which plan you buy. When you’re protecting your site with SSL your customers will be ensured that the data and their traffic is encrypted and no warning messages will appear due to lack of encryption. More importantly a little “secure” lock will appear on every page of your site, even if you don’t sell anything online. Google loves SSL so you get an instant SEO boost by having this certificate.  Some managed hosting companies, such as GoDaddy are countering this offer by also offering free SSL for every site on their premium levels of Managed WordPress Pro hosting.

WordPress.com charges for each site on an upfront annual basis so you’re locked in for a year with their plans, and there is no month to month payment schedule or any discounts for paying for a year.  

Now let’s compare the WordPress.com offering to Managed WordPress hosting offerings from web hosting and internet domain companies:

Managed hosting usually includes server monitoring to keep your site up and running, as well as proactively dealing with issues like security, back-up and restore, staging sites, storage space and support.  By putting your site in the hands of professionals, you are less likely to incur security breaches or have site downtime and you can choose a plan that meets your needs and budget.

As for pricing, let’s take GoDaddy Managed WordPress as an example. Their normal price is CAD$11/month for their basic managed WordPress (a domain, hosting, 1 WordPress site plus 1 staging site, daily back-ups and automatic core WordPress updates.  A visual page editor is also included as well as 24/7 support phone.)

GoDaddy is currently offering a 1 year discount of only $1.49/month including a Microsoft Outlook mailbox with 5GB of storage.  They are offering the same service on an monthly basis for $6/month.  GoDaddy’s regular pricing is $11/month for the Managed WordPress and $8/month for Office 365. GoDaddy has made the free domain contingent on an upfront annual payment so they are also looking for the one year commitment although they have more flexibility in their plans by offering monthly options.

GoDaddy includes SSL in all their Managed WordPress Pro pro plans which start at $20/month for 1 website. Most of their Managed WordPress Pro plans support the ability to manage more than 1 website from one account, which is not easily possible from WordPress.com. In fact you get a discount if you set-up a 5 or 20 website plan account with GoDaddy. These plans are aimed at web designers, developers and freelancers who build sites for customers rather than end users of WordPress.

After looking at WordPress.com and GoDaddy Managed WordPress if you are dealing with multiple websites, it will probably make more sense to go with a managed WordPress host for multiple WordPress.org collection of sites.  If you only have one site, have little interest in tweaking the theme you’re using and are only looking for an easy and low-cost way to get online, WordPress.com may be your best solution.  

Deciding between WordPress.com and managed hosting with WordPress.org is an interesting debate and we’ll revisit the discussion as we work with more of the WordPress.com plans and see how the Managed WordPress providers react.

02/19/2018

General Data Protection Regulation (GDPR) and Wild Apricot: May 25, 2018 is GDPR Deadline

On May 25, 2018, the European Union will begin enforcing a new set of data protection regulations, known collectively as the GDPR (General Data Protection Regulation). The GDPR regulates the collection and storage of personal data for EU residents (including UK residents), regardless of where the organization doing the collecting is located.

The GDPR replaces and expands upon the 1995 Data Protection Directive. The biggest change is the extended reach of the regulations, now applying to all organizations that collect the personal data of European residents, even if those organizations are based outside of Europe.

Consequently, Wild Apricot and any of its clients with members in Europe need to understand the requirements of the GDPR, and set up procedures for complying with them.

If your Wild Apricot database contains information about any European Union residents, please let us know and we can help you identify whether your organization is compliant with GDPR. Wild Apricot has begun auditing their processes and software for GDPR compliance, but as of February 2018 Wild Apricot staff have not completed the audit or any remediation actions. Organizations in breach of the GDPR can be fined up to 4% of their annual global revenue or €20 million (whichever is greater). There is a tiered approach to fines, whereby an organization can be 2% for not having their records in order, 2% for not notifying about a data breach, and so on.

 

02/16/2018

VIDEO: Using CSS to Customize the Main Menu System in Wild Apricot

The Kaleidoscope theme in Wild Apricot is beautiful! Changing the main menu design though is not something that can be done by pointing and clicking. You need to use CSS to modify the menu. This snippet of CSS code will help you modify the main menu in Kaleidoscope and Bookshelf, two themes that share the same menu styles.

Step 1. Download the CSS code

Step 2. Use the Website > CSS  option to copy and paste the CSS code, or use the WebDAV approach to create or edit the user.css file.

Step 3. Modify the various color and background options to your heart's content until you have the menu working just like you would like.

Hint: Popular colors are available online at W3Schools. You may wish to use your own hexadecimal colour values that start with #.

02/13/2018

VIDEO: The new Wild Apricot Membership App

The new Wild Apricot membership application is a breakthrough for membership-based organizations. Now your members can interact with your organization from their iPhone or iPad! The member directory is searchable, you can check out your profile and you can register and pay for events. There is even a place to store your tickets. This app joins the admin app as the second mobile app Wild Apricot has released.  Here's a short demo of the capabilities of the new membership mobile app for Wild Apricot.

VIDEO: Managing your Wild Apricot files using WebDAV

Your Wild Apricot account includes space to store files such as documents, pictures, and videos. Normally these are managed in the Files Manager. You can also edit user-defined CSS in the Website > CSS screen. To manage your files – upload, download, organize, delete, or rename them – you can go to the Files screen within Wild Apricot, or you can use WebDAV to  edit your files without touching the web browser. Using WebDAV allows you to copy multiple files or folders at the same time, and it is a much faster mechanism to edit your CSS. 

If you do a lot of CSS editing in Wild Apricot, you use your favourite editor (ours is Notepad++), make changes and refresh them instantly in the public view of your website. No more going into admin to tweak a bit of CSS and back into Public View. Check out the short video below for a real time saver!

02/12/2018

VIDEO: Using the Wild Apricot Sample Excel Spreadsheet

There is an alternative way to export all membership fields, contacts and members from Wild Apricot directly into Excel. Wild Apricot has created an Excel spreadsheet that access the Wild Apricot API to extract any piece of information from the Wild Apricot database. Currently the Excel spreadsheet only provides you instant access to the membership fields and all contacts and members. Check out the video below on how to configure and use this spreadsheet.

NOTE: The current documentation points to an older version. Here's the latest version from Wild Apricot's github repository.

02/02/2018

VIDEO: Setting up a custom domain with Wild Apricot: what can go wrong?

Setting up custom domains in Wild Apricot can be tricky. If all goes well you're good, but what if you don't know where to start? This video will show you how to find your registrar, which domain name settings you need to update and some final steps on what you can do for a successful launch.

A short recap:

  1. Setup DNS records you must have access to your control panel (GoDaddy, Wix, 1and1, etc). Use reset password if necessary to get access.
  2. Use WHOIS to check the registrar if you don't know where your domain name is registered
  3. Login and adjust the DNS records as per the Wild Apricot docs. The A record is absolutely critical to successfully launch under your domain name. If the DKIM records are not set your email may end up in your members junkmail folder.
  4. Wait for an hour or two for DNS records to propogate.
  5. Go to Settings > Site > Domain Name Management and click the Check... button. You should see this. If not continue to check your DNS settings or wait a bit longer.

05 Custom Domain Settings Checked

 

Once verified, set your domain as the primary domain name.

Note that the From email address has changed. Make sure the From: and Reply to: email settings are set to a real mailbox that can send and receive emails. Your emails will be addressed by default with these settings! 05 From Email Settings

Send a test email campaign to check your email settings are correct.

02/01/2018

VIDEO: Beginner's Guide to CSS in Wild Apricot

Have you ever wanted to change the style of a gadget, a menu or hide a few elements in your event registration process? Is the Colors and Styles under Websites feature failing to help you? The key is understanding CSS, aka Cascading Style Sheets. This short video shows you how to inspect and experiment with CSS and apply a change in Wild Apricot.