Yesterday I said that if you have no budget of money or time, it might not be worth digging in with CiviCRM.

I should amend that.

The CiviCRM project does offer a very inexpensive hosted version of CiviCRM called CiviCRM Spark.

It's a hosted service, so you don’t have the responsibility of hosting it and handling security udpates; but you also don't get a lot of the benefits of running it on your own site: things like infinite flexibility and tight integration with your website CMS.

Still, for some people that's actually a good thing. Too much flexibility sometimes equates to having enough rope to tie yourself in knots.

From the website:

Spark is a lightweight hosted version of CiviCRM that offers you quick setup, zero administration, and most of the power of CiviCRM with some limitations.

It is built and intended for small to medium-sized organizations that are dipping their toes into the CRM space for the first time or that want to take control of their data and their systems.

Spark offers an enormous amount of functionality at a ridiculously low price. As cool as that sounds, it’s equally important to understand what Spark isn’t:

- Not a replacement for the full download version of CiviCRM

- Not a replacement for CiviCRM support provided by the community

- Not open to complex customizations unique to your organization

If you or someone you know needs a CRM that's built from the ground up for community-driven organizations, but there's just no time or money to justify running your own system, this is a great alternative.

Check out CiviCRM spark here.

All the best,
A.

P.S. There are a few other services offering fully hosted versions of CiviCRM, though not at such low price points as CiviCRM Spark. Still, they’ve all been around for a while, so someone must think they’re a good deal. You might want to check them out:

• Greenleaf ONE

• CiviPlus

• CiviDesk

• Civi-Go

Here's another reason you might not want to use CiviCRM: you have literally no budget of time or money.

Everyone has to start somewhere. Sometimes you have to start very small.

As in: “I really care about this cause but I have no funding and only a few hours a week to work on it.”

That's a fine place to start.

But if that's where you are, you probably don't have a business case for a robust system like your own installation of CiviCRM.

Because somebody's going to have to maintain that installation. And configure it to be right for your needs.

If you don't have time to do that — and to learn how to do it — and you don't have a budget to hire someone who can help you, then you're not going to have a good time.

But here's the thing:

You don't have to let that stop you.

You are where you are. The resources you have are the resources you have.

You can still raise funds, promote your cause, build a network of like-minded individuals. And when the time comes, you can invest in better systems.

The point is to understand your own goals, and to find a way to reach them with your own limited resources.

You will always have to do that. Everybody always has to do that.

All the best,
A.

Here's a good reason that you might not want to use CiviCRM:

You don't have a use for most of what it offers.

• Just want to collect donations, get the donor's money, and then never contact them again? Just use PayPal.

• Just want to sell tickets to one event, and then never contact the attendees again? Just use EventBrite.

• Just want to send out thousands of emails now and then, but not segment your email lists based on interactions like event attendance, contribution history, membership level, etc? Just use MailChimp.

CiviCRM's power lies in bringing all these aspects together, so you can gain useful insights about your constituents — so you can engage them where they are now and lead then where you want them to be.

If you don't need that, you probably don't have a solid business case for CiviCRM.

Here's the thing:

Everyone has goals. Everyone has limited resources.

Smart people work out reasonable strategies to apply their resources effectively in order to reach their goals.

Whatever your goals, be sure your strategy includes mastering the tools you actually need to reach them.

Then you can have confidence that investing in those tools is really worth your effort and expense.

All the best,
A.

Have you ever felt like this:

• You love the potential of CiviCRM, but are a little overwhelmed by its complexity?

• You're spinning your wheels trying to get CiviCRM to do what you need?

• You hesitate to try a new feature or configuration, because you’re afraid of painting yourself into a corner with missteps early on?

And if not you, do you know anybody else who's feeling that way?

I've just released a free 10-day email course help people get past exactly this kind of problem.

• How to manage the complexity of this robust system so you can take advantage of its full capabilities.

• Actions you can take now to get the functionality you need.

• How to make smart decisions early on so you can have great results long-term.

If you or someone you know would like to get answers like that, you can check out the free email course here: Mastering CiviCRM Crash Course.

All the best,
A.

When you know where you want to go, the challenge is getting there.

That's an expedition.

When you think something interesting may be out there, but you're not sure what it is, the challenge is to go and see what opportunities may await.

That's an exploration.

In fundraising, membership development, programming, and outreach, you might have a specific goal in mind, or you might just be looking for opportunities.

You'll need to do both from time to time.

And when you begin such an effort, it's important to know which one you're undertaking.

So what's next for you: an expedition, or an exploration?

All the best,
A.

A little careful planning in your setup can save you a lot of hassle down the road.

For example: memberships, which can be quick and easy to configure in CiviCRM. With a few clicks, you can start accepting paid memberships, at a variety of levels, with automatic renewal, add-on options, and more.

Where things can get messy is a year or two later, when you have thousands of members coming up for renewal.

That's when you'll need efficient processes for your staff and your members:

• Identifying which members could use a nudge to renew.

• Helping members understand their current status and the benefits of upgrading their membership level.

• Spotting trends in membership behavior that could represent new opportunities or missteps to avoid.

If your membership types, pricing levels, special discounts, and add-on options aren’t well organized in the beginning, you could have some real headaches coming your way when you get farther into the process.

Here’s the thing:

If you're already that far along and starting to see some of those headaches, don't despair. There are ways to restructure that data even after it's already in place.

But how much nicer would it be to have the benefit of a little careful planning, right from the start?

All the best,
A.

Well, the joke's on me.

Last week I told you CiviCRM would release a security update this week.

Nope. I just misread the announcement. That update is scheduled for Wednesday, September 6th. (See the original notice below.)

Silly mistakes aside, I'll still be applying CiviCRM updates this week for all the sites that Joinery manages.

Why?

Because most of those sites are running at the previous security release, which came out in February.

It's hard to know exactly everything that's changed in CiviCRM since then.

So there's a small chance that an update could cause some trouble.

That's true of any upgrade. There's always a chance — however slight — that you'll introduce some incompatibility with the CMS, or one of its plugins, or some CiviCRM extension.

That chance increases with the size of the gap between the installed version and the upgraded version. (One week between versions? Very small chance. One year between versions? Not-quite-as-small chance.)

So we have a choice:

• Perform one big update — from the February version to the September version — right after the security update is released. In other words: do it when there's pressure to get it right for security reasons.

• OR: Perform one almost-as-big update now — from the February version to the latest August version — when there's no such urgency, and then apply a smaller update to get the September version when it's released.

That second option has an obvious disadvantage: it means updating each side twice instead of once.

But it also has a important advantage: the larger update, which has a greater chance - however slight - of breaking something, will be applied when we're not under time pressure for security reasons.

If any incompatibility is found, we'll have more time to deal with it.

Of course we want to deal with it quickly, because nobody wants things to be broken.

But given the choice, I'd rather have that as the only concern. Not the additional concern of an outstanding security issue.

The second update — to get the security release — will have a much smaller gap of only a couple of weeks. It's much less likely that an incompatibility will appear in such a small update.

Here's the thing:

In the end, it's a judgment call. Everything has pros and cons.

But for a system that you own, it's good to be aware of potential issues and how best to prevent them.

For all the freedom that we love from owning our systems, there's no getting away from the responsibility that we take on as a result.

If you'll be handling your update yourself, give the above pros and cons of thought.

You might decide that a large update now, followed by a smaller security update later, is the way to go.

All the best,
A.

P.S. Below is a copy of the original email announcing the update. If you don’t have someone handling updates for you, I encourage you to head over to CiviCRM’s Security Policy & Announcements page to sign up for these emails.

On 8/17/23 15:15, CiviCRM wrote:

There will be a security release for CiviCRM on Wednesday, September 6 (US/Pacific Time). Updates will be provided for the following versions:

• CiviCRM v5.65 (current RC; see download at https://download.civicrm.org/latest/)

• CiviCRM v5.64 (current stable; see download at https://civicrm.org/download)

• CiviCRM v5.63 (current ESR; see https://civicrm.org/esr)

We expect the release to become available near the end of the day (TZ conversions).

Consider the home you live in. Do you own it? Rent it?

Which do you prefer?

Owning a home comes with increased freedom and flexibility. It also — usually — comes with long-term financial advantages.

But it also entails responsibility.

Is it time to replace your roof? You get to (or "have to") decide everything about that:

• When to replace it — now or later?

• What to replace it with — 10-year composite shingles or 70-year steel?

• Who should replace it — the cheapest contractor you can find, or the best one in your state?

The same goes for your plumbing, your landscaping, your heating and air, and all the rest.

Of course you get the freedom to make those decisions, but you also have the responsibility of dealing with it.

Now consider your CRM and your website:

Do you own them, or rent then?

If you own them, you have a lot of flexibility. You own the hosting, and the code base, and the data they contain.

So you can literally make them do just about anything you want. As long as you have a sound business case to invest the time and money.

And when it's time for an upgrade, or configuration change, or a new feature, you get to (or "have to") decide everything about that.

Here's the thing:

Homeowners — and folks who own their CRM and website software — sometimes feel a little lost keeping everything running smoothly.

But just as with a home, there are plenty of people, books, and online resources to help you get the most value out of the systems that you own.

Mastering these systems is an achievable skill.

Put in the work, get help when you need it, ask lots of questions, and insist on getting answers you can understand.

No doubt, owning is more work than renting.

But the benefits of masterful ownership are right there waiting for you.

All the best,
A.

When you want to try something new, remember: You don't have to try the entire thing at once to see if it will work.

A few years ago my father discovered a new hobby — sandblasting beautiful designs in glass.

Most of his projects involve putting names on mugs for friends and acquaintances.

But this year, he aims to etch a four-generation family tree and contribute it to the auction at the next family reunion.

And this time he's decided to etch it into the back of a mirror. He figures if he etches out the silver on the back, he'll get a lovely design that's quite visible from the front.

Having never tried this before, what do you think you did?

I'll tell you what he didn't do:

He didn't go out and buy a beautiful wall mirror and start etching the family tree right away.

He got any old scrap mirror he could get from garage sales or second-hand stores, and began making small test pieces.

The first ones didn't turn out too well.

But now he knows a lot more about what's possible and what's not. He learned a thing or two about technique.

And now he's confident and ready to begin the large piece.

I expect it will fetch a fine price at the auction.

Imagine the frustration and expense he would’ve had to go through if he’d just tried building the final project, over and over, until he got it right.

Here's the thing:

Imagine you decided you were going to build your dream house one day. All by yourself. With your own hands.

I hope you wouldn't just jump in head-first and start swinging a hammer.

Maybe try building a dog house first.

It's the same for your CRM system.

Test the waters. Try your big idea on a small scale. See what you can learn.

Once you've learned a thing or two, you'll be ready to do it for real.

All the best,
A.

Ever find yourself up against a weird problem in CiviCRM (or WordPress, or Drupal, or any other system you rely on)?

Usually in a complex system, the your stubborn weird problem could be caused by any number of things:

Permissions problems, conflicts with your CMS theme, plugins, extensions, etc., etc.

How can you even know where to start?

The smart answer is:

Start anywhere you like, but find a way to try one thing at a time.

For example, maybe you think your weird problem with custom fields might be caused by one of your extensions:

• Try disabling all of the extensions, and see if the problem goes away.

• If it doesn't, you can stop wondering about your extensions. Re-enable all of them and check something else.

• But if it does, re-enable one or a few of them at a time, until you find the one that's causing the problem.

Or, do you think it's caused by something in the configuration of your contribution page?

• Try creating a new contribution page with the most basic of configurations possible, and see if that page has the problem too.

• If not, change one or two configurations to match that of your original contribution page. Does your new page now have this problem?

• Keep editing the configuration to be more and more like your problem page, testing as you go to see if the new page has the problem.

• If the problem never shows up on your new contribution page, you can be sure it's not the page configuration, and move on to checking something else.

Here's the thing:

If you've got a specialist who can look at it for you, you might save yourself a lot of trial and error. The advice of an experienced specialist can go a long way.

But when you don't have someone you can ask, a careful process of elimination is a whole lot better than just remaining mystified.

And the truth is, this kind of elimination process is what a good specialist will do anyway. They'll just do it a lot faster.

All the best,
A.

This week I heard from a client who had been banging his head against the wrong problem.

I'm guessing it took hours out of his Friday afternoon.

What he saw was that a certain set of custom fields was not displaying on his contribution page.

What could be causing that?

• Permissions?

• ACLs?

• Something about the configuration of the fields?

• The custom field group?

• The profile?

• The contribution page?

• The WordPress theme?

• Some bug in CiviCRM?

It took me awhile to understand exactly what he was seeing.

He had written me several very brief emails asking about how custom fields work, how they might conflict with the theme, and several other potential causes that he was considering.

Finally, he gave me the URL to the page.

Within a few minutes I wrote him back with an explanation of the real problem:

One of his extensions was hiding those fields.

His response was wonderful:

That was frustrating! ... Smh

Cheers for that…I would have torn the whole car apart before I checked for gas!

I see two lessons here:

1. When asking for help, there's no substitute for a very detailed description of the problem (with screenshots and live URLs if possible).

2. When something goes wrong, the are any number of potential causes. Fortunately there are usually a few simple steps you can take to eliminate a large portion of those possibilities, so you can focus on the ones that remain.

I'll write more about that second point tomorrow.

All the best,
A.

Nobody can know everything.

It's just not possible.

But to someone who is continually improving in their mastery of their systems, perhaps the most powerful phrase they’ll utter, more than once in their career, is this;

"I don't know, but I'll find out."

All the best,
A.

Have you ever shared your Netflix password with a friend?

Netflix used to turn a blind eye to that kind of thing.

But no more. Their recent crackdown means that users will have to pay extra to share their account with friends or family outside their own household.

The result (for Netflix): An increase of 5.7 million subscribers, according to recent reports. That's almost triple their expected increase of 2 million.

Sure, there's the usual moaning from people who took advantage of the lax enforcement to get something for nothing.

But viewed another way, the password sharers were, for years, getting what amounts to an unofficial free trial.

In fact, way back in 2016, their CEO said password sharing was a "positive thing" because it exposed more people to the service and eventually led them to subscribe themselves.

5.7 million of them, apparently.

Here's the thing:

If you want to run a successful organization with a positive cash flow — and you probably want that — you can't go around giving everything away for free.

But sometimes you can.

If you're confident in the value you give to your members and constituents, a free trial membership might actually be a winner for you.

It's not a simple matter. You'll need to do some careful planning.

But if you're setting clear goals and measuring results along the way, and if your predictions and measurements start to line up, it's worth considering the upside.

All the best,
A.

CiviCRM has announced that they will drop a security release near the end of the day next Wednesday.

Soon after that, you should start to notice a critical warning in your CiviCRM system status page, to alert you that a security update is available.

I encourage you to schedule some time now so you're ready to apply that update soon after it is released.

• If you're a Joinery hosting subscriber, I'll be handling this upgrade for you on Thursday or Friday. There's no action for you to take here.

• If you're a subscriber to one of my coaching programs, and you're not sure how to apply this upgrade, I recommend that we schedule some time on Thursday or Friday to go through the upgrade process together. Please contact me to schedule that call.

• I'm also available for a one-time coaching call anytime, in case you're not a coaching subscriber already and just want to work through this one upgrade together.

CiviCRM upgrades aren't difficult or scary, but they are different from upgrades to your other WordPress plugins or Drupal modules. You might at least want to check the documentation for grades under Drupal 9, Drupal 7, WordPress, or Joomla.

Here's the thing:

I don't usually recommend chasing the latest version of any software. It usually works better to upgrade only when you have a specific reason to do so.

But security fixes are at the top of that list of reasons.

You don't want to let this go by unattended.

All the best,
A.

Say you've got a goal you're trying to reach, and you think your CRM can help you get there, but you need someone to help you make that it happen.

Would you rather:

• Have someone just do it for you? Or,

• Have them do it with you?

If they do it for you, you're likely to get:

• The chance to hand everything off to a specialist while you focus on other tasks.

• Some feature or configuration that does what you need (or at least, what they thought you would need).

• Very little understanding of how it works.

• A solution that's hard to change as your needs grow.

• Zero increase in your ability to do something similar on your own later on.

Conversely, if they do it with you, you're likely to get:

• More involvement in the configuration and setup work, which will take some time out of your schedule.

• Some feature or configuration that actually does what you need.

• A pretty good understanding of how it works.

• The knowledge to adapt that solution as your needs grow.

• A significant increase in your ability to do something similar on your own later on.

Which do you prefer?

Here's the thing:

There is no right answer.

Some people prefer to have things done for them. Others prefer to gain the knowledge that gives them increased flexibility and confidence.

Either way, it's worth thinking about what you want and how you're going to get it.

All the best,
A.

Obviously you are in the business of relationships. That's why you have a CRM — to Manage your Constituent Relationships.

But your operation relies on other important relationships too:

• With your staff.

• With your board.

• With your vendors.

How you make yourself available to them — and they to you — has a big impact on the quality of those relationships.

I recently started a pilot program in my coaching practice, and I was surprised by what it did to the relationship I have with my clients.

The gist of it is this: unlimited advisory support.

No hourly billing. No limits on how often you can contact me. Just a straight monthly subscription, and as long as you're subscribed, I'll help you with strategic guidance, coaching, and training, on anything related to CiviCRM, as much as you like.

Once I started, I immediately saw a wonderful change in my relationships with participating clients:

• They ask questions. They never have to hesitate to reach out with a question. So they ask more questions, and better questions, and their learning process is rapidly accelerated.

• Our interests are easily aligned. I'm interested in helping organizations become the masters of their own data systems. Program participants want that for themselves, too.

• Our goals are aligned. Because the clock is never running on our conversations, we have time to drill down on the outcomes they care about most, and discuss freely the pros and cons of one approach or another. My goal is to help them achieve their goals. I want to hear that the work they're doing, with my help, is hitting one home run after another. Of course, they want that too.

Frankly, I was surprised by the difference. I've had happy clients for years, to the extent that I don't even bother to advertise my services, since happy customers are glad to hire me again, and to refer their colleagues.

But in hindsight, it's no surprise at all. I aim to help people I like get what they want. And I do like the people I work with. Why wouldn't it be better when I make it easier for us to work together?

Next Monday I'll be opening this unlimited advisory program to all of my clients. Some will want it, and some won't. Everybody's different. But since I only have a few spots available, that should work out just fine.

Here's the thing:

Relationships count. None of us does great things all on our own.

What steps might you take to level-up the way you relate to the people you rely on?

All the best,
A.

As a CiviCRM coach and trainer, I often have clients asking me how to do one thing or another in CiviCRM.

Naturally I want to help them, so I usually ask “why” before I start spouting off instructions.

I dig around a little so I can get a clear picture of what they're actually hoping to achieve:

If you knew how to do this, and you did it, what would that get you?

And that result you get, why is it valuable?

What problems would you have if you couldn't do this?

Sometimes, the answers make it clear that what they're asking about is actually going to get them what they want.

But more often, one of two things comes to light:

1. The thing they're asking about is possible, but it won't get them what they really want.

2. The thing they're asking about is possible, but there's a much easier way to get what they really want.

If I were just interested in selling them a training session, or in charging them for implementation and custom development, it would be easy enough to say, “Sure, that's possible. Here's how we'll do it.”

But I'm much more interested in helping them get measurable results in the areas that they really care about.

Here's the thing:

Nobody really cares about a checkbox or a button or a form.

They want happier staff who work more efficiently, well-served members who renew more often, reduced costs, increased income, or some other measure of bottom-line mission success.

Because I want to help them get there, I ask them why.

Only after that can we effectively work on the how.

All the best,
A.

A young driver asks his uncle how to change the oil in a car.

His uncle is an absolute gearhead who's always rebuilding one or two of something, and he's delighted that this young fellow is ready to start getting under the hood.

So he invites the kid over on a Saturday and takes him through the whole process.

The nephew takes copious notes, including all the steps and the tools he'll need.

The uncle bemoans the difficulty of getting rid of used motor oil but says he has a friend who will take it, and he agrees to pass on the nephew’s used oil as well.

After all this is done, he asks the boy what led to his interest in oil changes.

The boy says he wants to buy a car, and he's heard that you have to change the oil every 3 months. He couldn't find anybody else who knew how to do it, and he was, in fact, mystified how all these people have cars but can't change the oil.

The uncle explains that most people just go to the QuickLube and pay 40 bucks to have it done.

The nephew says, "You mean they'll just do it for you? That's even better!"

The kid never did change his own oil.

He had finally gotten an answer that was better than his question.

All he really wanted to know was: How can I handle oil changes if I’m not a mechanic?

Here's the thing:

When somebody asks how to do something, it helps an awful lot to know why they're asking.

And when you're asking someone how to do something, you’ll probably get a much better answer if you can explain what you really want to achieve by it.

If you don't tell them, and they ask anyway, there's a good chance they're really trying to help you get what you want.

All the best,
A.

Based on responses to yesterday's email, I want to drill down a little on "strong passwords".

If you Google a little bit, you'll find lots of advice about what constitutes a strong password.

You'll see assertions like, "A strong password is at least 16 characters long and contains a random mix of upper and lower case, numbers, and punctuation."

Obviously, that is simplistic.

Strength is relative.

My coffee table is strong enough to hold a few books and a glass or two of iced tea. It probably would not hold up under seven dancing teenagers, however cool they think it might be to try.

So you could ask, how strong is "strong enough" for your staff website logins? You could get into a long and tedious debate about that with your security geek friends, if you wanted.

Fortunately, you don't have to do that. Consider:

• If it's easy to remember in your head, it's probably easy for the bad guys to guess it.

• So, admit that it should be complex enough that you can't remember it.

• So, it might as well be at least 16 characters long and contain a random mix of upper and lower case, numbers, and punctuation.

• Use a password safe to store it, and you get most of the convenience of an easily remembered password, without the liabilities of an easily guessed one.

If you need help generating those passwords, there are lots of tools to help you:

• Your password safe probably has a feature to do that.

• WordPress will always offer you such a password as a starting point when you attempt to change your password.

• There are many free tools online, like this one, that will generate random strings just like this.

Here's the thing:

The criminals who want to abuse your site have been refining their tools for decades.

You are surely far behind them, and weak passwords are very likely the weakest link in your defense.

Remember that security and convenience are trade-offs.

If you want to keep the bad guys from abusing your site —and your constituents’ personal information — the smart choice is to trade off a little bit of inconvenience for a significant increase in security.

All the best,
A.

I spoke with someone today whose WordPress site had been hacked.

Nobody likes to talk about it. But I'm talking to you about it.

I see it, now and then. Almost every time, it could have been prevented by a few simple measures.

• Turn off unused accounts.

• Configure restricted roles for most of your users, so only one or two people have full administrative rights.

• Set up two-factor authentication for your CMS.

• Educate your staff users so they select strong passwords.

• Guard your email passwords as closely as your CMS passwords (because CMSs allow resetting the password through email).

• Never delay in applying security updates for your CMS, your CRM, and all plugins and extensions.

While you're at it, think now about what you will do if and when your site security is breached:

• Make a plan for notifying your constituents about possible data disclosure. What will you tell them? What are the criteria that will determine whether you tell them or not?

• Ensure you have a solid backup plan, because recovering from a breach often means reverting to a backup.

• Decide who you will call, whether it's to help you recover from a breach or to answer questions when you think there may have been a breach.

In today's case, we were able to act quickly. We immediately locked down the site and took it offline, determined the date and time of the breach, and reverted to the most recent backup before that happened.

They're back online, and they're taking steps both to prevent it happening again with some of the above measures, and to formulate a plan in case it should ever happen again.

It's not pretty.

You hope it will never happen to you.

But hope is not a strategy.

Take steps now so you can reduce the likelihood of it happening to you, and so you can be prepared to act quickly and decisively in case it does.

If you have questions about any of this, hit reply and let me know. I'll be happy to share more information about ways you can make progress in this area.

Whatever you do, don't gamble with inaction.

It's better to think about it now — when you don't have to — than to be forced to think about it later because you were unprepared.

All the best,
A.