Please see the below sections for answers to common questions.
Design and Brand
It is import to keep the site and any content and extensions to the theme on brand. Please refer to the brand hub for more information, this URL has a contact form should you need more information.
Cookie Policy
Written by NW – Cookies are small text files deployed by websites; their use is regulated under national law and a published policy is a legal requirement in many countries.
As this theme is designed for use anywhere in the world, we have decided not to add a default cookie policy page as the law will vary from region to region. Please also check for any plugins or third party tools that add cookies when deciding your cookie policy. You need to obtain your own legal advice on this.
The IS policy is available at this link by way of reference
https://www.amnesty.org/en/about-us/cookie-statement/
Privacy Policy
Written by NW – A privacy policy details how the website obtains and uses personal data and is a legal requirement in many countries. As this theme is designed for use anywhere in the world we have decided not to add a privacy policy page as the law will vary from region to region. Please also check for any plugins or third party tools that may also impact your privacy policy. You need to obtain your own legal advice on this.
The IS policy is available at this link by way of reference
https://www.amnesty.org/en/about-us/privacy-policy/
GDPR
The General Data Protection Regulation 2016/679 is a regulation in EU law on data protection and privacy for all individuals within the European Union and the European Economic Area. It also addresses the export of personal data outside the EU and EEA areas.
As this theme is designed for use anywhere in the world we have decided not to add GDPR specific content or compatibility. As there are many other laws to consider and comply with you need to obtain your own legal advice on this.
Donations
The easiest solution
We advise you use a 3rd party service hosted on a separate subdomain (ie donations.yourdomain.com) and then create content on your primary domain (ie www.youdomian.com) that links to the donations sub domain.
A simple soluton
Create a PalPal donate button and then add the button to the relevant page, using the default WP custom HTML block. https://www.paypal.com/donate/buttons https://www.amnistiapr.org/donaciones/
The most complex solution
We have built a basic donations extension which uses WooCommere, this is currently in beta, should you use this the IS cannot host the data as it will contain PII. Contact us for more information. You may also want to extend this to send your data to your CRM.
Images and video
We recommend adding your images and video to ADAM before using them on your website. It is your responsibility to ensure you have the correct permission and copyright for the images and content you use. You will also need to remove images when their licence expires or when no longer GDPR compliant.
Please contact us for more information.
Comments
We do not support comments as they add PII to your site.
Email marketing and CRM
We would advise you use a 3rd party system and embed a legally compliant form in the website, for example on the right or left hand side of pages or posts.
The Engaging Network system is used by the IS, please contact us for more information.
For more information, please read the Engaging Networks page on embedding forms.
Contact forms
You may wish to use your CRM service and embed an iframe in a page. We use and Engaging Networks form that sends submission to an email address.
The Engaging Network system is used by the IS, please contact us here for more information.
Newsletter
You may wish to connect your newsletter and embed an iframe in a page. We use an Engaging Networks form that email addresses.
The Engaging Network system is used by the IS, please contact us here for more information.
Campaigns and petitions
You may wish to use your advocacy platform and embed an iframe in a page. We use Engaging Networks to create petitions and then embed the petition on a page using an iframe.
The Engaging Network system is used by the IS, please contact us here for more information.
We have a basic petitions extension, this data contains PII so the IS can not host your site if you use this plugin, you will need to build a further extension to send the data to your CRM should you not want the PII in your WordPress database .
SSL and HTTPS
IS hosted website users, All sites running on the platform will be HTTPS.
Self Hosted Users, Unfortunately, we cannot purchase an Enhanced Validation certificate on behalf of a section or help sections with validation because we do not hold information on your legal registration documents.
See below information from Comodo:
In some cases where your company cannot be validated in “government authority” resources, you may be required to provide a Government Issued Business Credential, aka “Proof of Right” (POR); which is a doc that gives a company the right to do business in that name. Examples of acceptable documents include, but are not limited to:
- Articles of Incorporation/Certificate of Formation
- Business/Vendor/Reseller/Merchant License
- Charter Documents/Partnership Papers
- Registration of Trade or Assumed Name/Doing Business As/Fictitious Name Statement
https://help.comodosslstore.com/support/solutions/articles/22000218717-extended-validation-ev-
It is much easier to purchase a Positive SSL certificate from Comodo as this only requires validation of domain ownership – we use the following reseller – https://comodosslstore.com/positivessl.aspx in order to purchase this you will need access to one of the following:-
- Ability to create domain name records for validation.
OR
- Access to postmaster@ or hostmaster@ mailboxes.
OR
- The ability to upload a simple text document to your website.
Technically a Positive SSL certificate does provide you exactly the same technical level of security and privacy and an Enhanced Validation certificate but it doesn’t provide you with the organisational validation.
Please contact us here for more information.
Tracking
Tracking can be set up in theme options
IS hosted website users: Your tracking will already be set up when you receive the site.
Self hosted users: You should set up tracking once the site is created. For help, please contact us here.
Domains
IS hosted website users We recommend using a sub-domain of amnesty.org, ie https://subdomain.amnesty.org IT can configure and manage this.
As a rule we prefer sub-domains as they’re infinitely easier to manage and there is a little trickled through in terms of SEO (amnesty.org reputable domain with authority leads to content ranking higher within most search results). In terms of infrastructure – there is basically infinite capacity at negligible cost. For the end user it is also slightly easier to validate as being a legitimate Amnesty sub-site.
languagecode.amnesty.org for translated versions of .org that are not in Umbraco.
projectname.amnesty.org for micro sites
Self hosted users: Please contact us here for more information.
Registering a domain name
IS hosted website users Please purchase domain names through IS IT or if previously purchased have access to the registrar.
Self hosted users: We recommend you purchase domain names through our IT department, please contact us here for more information.
DNS Records (Domain Name System)
IS hosted website users IT will configure the domain name to point to the right server.
Self hosted sites: You will need to point your domain name to your server.
Please contact us here for more information.
CDNs Content Delivery Networks
Self hosted sites: You should consider a service such as Cloudflaire or AWS for the WP uploads folder.
IS hosted website users all sites site behind Cloudflaire.
Content Migrations
You can import content into WordPress using a WXR file as well as many other methods, if you have an existing site it is recommended you get your existing website developers to provide a working and tested WXR file (or other acceptable import file type), this work should be testing using a copy of this theme. It is possible your existing site has many custom features, custom taxonomies, custom templates, or custom meta data and fields that this theme does not support and great care and planning should be undertaken when undertaking a content migration. Web Ops at the IS do not manage content migration work, unless specifically agreed.
IS hosted website users Should you need content migration work from our development agency please contact us and we can request a quote on your behalf.
Self hosted users: Should you need content migration work from our development agency please contact us and we introduce you to the agency otherwise please ask your IT department.
Content Archiving
IS hosted website users You may have data on your exiting site that may require archiving, we recommend you contact the Information Management Team to discuss the permanent archiving you existing content.
Self-Hosted users: Please discuss with your Information Management Team to discuss the permanent archiving you existing content.
Dummy content
IS hosted website users This will be set up for you.
Self hosted users: We can provide a export file containing WordPress, the theme and all necessary plugins along with an SQL file with dummy content.
Please contact us here for more information.
Security
For IS hosted website users and self hosted users:
Additional recommendations for self hosted users:
- All sites must force MFA for all Admin, Editor, Author, Contributor users (via plugin, e.g. https://wordpress.org/plugins/two-factor-authentication/)
- WordPress must be set to auto background update (WP_AUTO_UPDATE_CORE is minor)
- The DB connection will be over SSL.
- Regional offices must be hosted on AI infrastructure so that we can integrate web server and audit logs more readily.
- Remove default “admin” account
- Force strong passwords
- Limit login attempts
Conduct your own security review, possibly considering the following, for each system:
- User reviews and management
- Plugin reviews and management
- Content Security Policy review and management
- Hosting and Infrastructure reviews and management
- Domain name and DNS review and management
- SSL certificate review and management
- 3rd party systems security review
We take security seriously please contact us to report a security issue you may encounter.
SEO
There is more to SEO than installing Yoast, which IS hosted website users will get out of the box. You should possibly consider if you need to do the following:
- Existing content audit / gap / strategy / migration
- Keyword audit / gap / strategy / mapping
- Information architecture
- Redirect maps
- Analytics set up / monitoring
- Back link audit / strategy
- TBC – To be re written by Caroline Courtney
IS hosted website users should contact [email protected] to see if we have capacity to help further.
Self hosted users should contact [email protected] to see if we have capacity to help further.
Privacy
We recommend any website collecting data should check if a Privacy Impact Assessment is required.
IS hosted website users should contact Information and Technology.
Self hosted users should contact their CIO / CTO.
More Questions?
If you have more questions please contact us here.