Hey all! I’m Mel Choyce, a product designer based in Cambridge, MA.
I work for Automattic. We’re a distributed company with over 900 people, spread across 70 countries. Our goal is to democratize publishing so that anyone with a story can tell it, regardless of income, gender, politics, language, or where they live in the world.
We have a number of products, the biggest of which being WordPress.com, and the Jetpack and WooCommerce WordPress plugins.
I have an interesting role at Automattic. Instead of working on our own products, my teammates and I are actually sponsored to work full-time on WordPress, the open source web platform. WordPress is a volunteer-run project with thousands contributors from around the globe. I get to focus on improving the design of the software, introducing new features and making it easier to use.
I spent election night, 2016, in my neighborhood bar. I started out the evening pretty jazzed, but as each hour crept by, as votes were tallied, I just sunk further and further into dread. I went home and went to bed before the election was called, knowing the result in my gut. The next morning felt like a nightmare. I kept hoping I’d snap out of it and wake up and there would be a different outcome.
Obviously, that wasn’t the case. I dragged through the next few months. The election had been an incredibly emotionally and mentally draining period, and I felt like after I was going through the five stages of grief. I never really hit “acceptance” as much as I did “resignation.”
But the more time I had to process, the less resigned I felt — I started itching for some sort of action, some way to take all this built up angst and do something productive with it. I wanted to resist.
I got my chance in February of last year, when I heard about a couple different volunteer organizations looking for technologists to build websites and run ad campaigns for progressive candidates around the country.
I signed up for all three:
These organizations gave me the opportunity to finally do something. I started off working on the campaign site for Alessandra Biaggi in New York, sprucing up her existing website. What started as a short-term commitment turned into a Website Director position I kept throughout her campaign.
I’ve also been able to work on shorter-term projects, building out websites along with other technologists for candidates like Chris Hurst in Virginina…
…and Anthony Allison in New Mexico.
I’ve also had the opportunity to work on sites for progressive organizations and nonprofits fighting for a better future all Americans.
So yeah, it’s been kind of a wild ride. One that has led me here, in balmy Miami, to talk to y’all about websites.
Let’s quickly go over the talk agenda.
I’m going to start off by talking about how you can make the most of your campaign website, now that you’re elected. Even if it’s been while since your election, and your website’s just hanging out, we can still do something with it. It’s never too late.
Then I’m going to talk about keeping your site safe & secure, since none of us wants to deal with Russian hackers messing up our stuff.
After I talk about security, we’ll move on to best practices for managing your website.
Finally, I’ll wrap up by talking about how to leverage social media on your website.
Alright, so think back to your campaign victory — whether it was in a special election earlier this year, or last November, or even further back. I’m guessing, while you were cherishing that moment of victory, the first thought in your head was…
“Wow! Now what do I do with my website?”
Yeah, uh, probably not. I’m gonna go out on a limb and guess it wasn’t at the top of your mind. But at some point you do have to deal with it, so what happens then?
Within a day or two of winning your election, try to put up a “thank you” message. This’ll buy you up to a couple weeks before you have to really think about doing anything else with your site. Obviously, you’ve already been elected, it’s been a while, but think about it for next time, when you win your re-election.
Once you’re ready to start getting back to business, audit who has access to your website. What staffers or volunteers have user accounts? Did you share your password with an intern? If you didn’t do this after your election, do it when you get home.
Remove access to any former campaign staffers and volunteers. If they’re not continuing on with you, delete their accounts. If they’ve created any posts or pages for your website, you might be asked to reassign authorship of those posts or pages. Reassign them to your own account, or whatever administrative account you’re using to manage your website.
If you’ve shared your account password with anyone, change it. If you’re using WordPress, it will also generate a new, strong password for you.
WordPress also lets you log out of any other sessions, which means if your former volunteer or staffer is logged in from their computer, you can log them out.
This might seem counter-intuitive now, but renew your domain name (so like “mel4ma.com”), up your the end of your next re-election. That way you won’t have any unhappy surprises midway through your next campaign like your domain expiring. Once you lose it, there’s no guarantee you’ll get it back — someone else can scoop it up.
If your domain is focused on your election, you can also consider buying another domain around your new position or even just your name, if it’s available.
Did any of you watch the debate the other night? Sometimes it’s smart to get a little… creative, when buying new domains.
Check with a lawyer about what you can’t do on your website now, like accepting donations, for example. Depending on where you are and what you’re running for, you might not be able to accept donations outside of certain campaign deadlines.
Finally, think about what you want to do with your website in the long term. You have two options:
You can wrap things up and essentially freeze your site so it’s in “archive” mode, or…
…You can keep updating your site based on your ongoing accomplishments in office.
Archiving is the good option if you don’t have the time, energy, resources, or desire to keep up your website while in office. You can literally freeze everything as-is and just leave it locked in a specific point in time, but instead, I’d recommend doing some pruning and curation so your website becomes more timeless.
A good way to think of this approach is turning your website into your business card.
So, I’m a dork and set up a fake campaign site for this presentation. Let’s take a look. The homepage contains links out to different sections of the website, like an About page, Issues page, Endorsements, Volunteer, and Donate pages. It starts with an opening statement, lists some main campaign priorities, offers up a quick blurb about the candidate, and then serves up some donation buttons that would link off to something like ActBlue. Finally, it wraps up with some social media content.
The first thing you’ll want to do is create a brand new page that will become your site’s new homepage.
Set your new “home” page as the front page of your site.
We want to replace your old homepage with the new one we just built. You can do this from the Customize menu in WordPress. Navigation to “Homepage Settings” and switch out your old homepage for your new one.
Next, remove the menu from your website.
This process is a little different depending on how you’ve built your site, but the goal is to only show your logo at the top of your site. If you have multiple menus, like in your site footer, you’ll want to remove those as well.
Finally, convert all of your other pages published back to draft. They’ll still be available to anyone logged in on your website, like you and your staffers, but no one else will be able to see them. This is a great way to hide all your old content without getting rid of it. You never know when you’ll need to grab some copywriting you used on your website for an email or Facebook post.
Now you have an informational website you can leave as-is until your next election cycle.
The other option is to keep maintaining your website after your election.
Rather than a business card, an up-to-date website can act as your political resume.
Talk up your successes. If you fulfill a campaign promise, put that on your website. For example, you can rework your Priorities page to include any legislation or city ordinances passed supporting those priorities.
You can also use a blog for legislative updates or press releases.
We used Senator Biaggi’s News page for any press releases the campaign put out, which was usually once every couple weeks. It kept the news section up-to-date without additional effort from her campaign staff and volunteers.
If you have a newsletter, cross-post that content to your blog. If you’re already putting in the effort to write a newsletter, you may as well maximize that effort and reuse that content on your site.
Keep press coverage updated.
During Senator Biaggi’s campaign, we were updating her Press section daily. Since her election, we’ve added any bigger coverage like interviews and articles on her legislative successes. This only takes me a couple minutes of work every couple weeks, but it keeps her site looking active.
If you’re legally allowed to, continue collecting donations and build up your war chest. The establishment’s got lots of cash to burn. Use every advantage you can.
Your website can get defaced, and even ransomed.
In 2010, hackers exploited a security hole in Spain’s official website for its presidency of the European Union, and replaced the president’s photo with Mr Bean.
Hacking isn’t all in good fun, though. Earlier this week, the website for Randolph County, North Carolina, was hacked by someone calling themselves “VandaTheGod.” The hacker replaced the homepage with a vulgar anti-government message.
Sensitive information can get leaked, such as the names and email addresses of campaign staff, and unpublished announcements.
Any usernames and passwords you reuse can be compromised, leading to more hacking of your social networks or email accounts.
Getting hacked is a headache. You need to take the necessary precautions to patch up your security and keep your site more difficult to break into.
Understand that people are going to try to hack your website. It’s inevitable. Most hacking is just bots running around the internet looking for sites with known exploits, but as politicians, you’re especially vulnerable since you become a target.
“Phishing” is an incredibly common tactic bad actors use to gain access to your private information.
Sadly not this kind of phishing…
…but this kind. Phishing emails are made to look like real emails from a service or company you trust, like Gmail. They usually include a story that tries to trick you into clicking a link and entering your information. The links will lead to websites that often look legitimate, but are created by hackers.
In March of 2016, this phishing email was sent to Clinton campaign chairman John Podesta. The “change password” link within the email leads to a domain owned by a Russian hacking group, and presumably asked for his current password along with a new password. This same technique was used to hack the DNC email.
Phishing emails can look very legit at first, but there’s a couple things you can do to make sure you’re not getting tricked. Is the email from someone you know? Does the email come from a suspicious domain? Was it sent at an unusual time? If you hover over a link, does the link-to address say something different? Is there a typo or misspelling in the link? Does the email contain an unexpected attachment? All of these can point towards phishing.
Use strong passwords. This should go for you and anyone else with access to your website.
Your password should not be related to your campaign. This kind of pattern is very guessable for both humans and bots.
Please, don’t email people your passwords — all it takes is one person getting phished on your email chain, and now some random hacker has access to your site.
A lot of hacking is people using bots to try out lots and lots of words in different combinations until they stumble on the right password. Since it’s a computer running the combinations, not a human, it can only take a couple days for the bot to find the right combination.
Your passwords should be long and complicated, whether you’re using a series of random letters, numbers, and special characters…
… Or you’re using a passphrase.
However, no one can be expected to remember a long and complicated password. Use a password manager like 1Password or LastPass, which are secure apps for storing all of your various account passwords. Instead of needing to remember a bunch of hard passwords, you only need to know one. They also generate strong passwords you can use, so you don’t need to come up with them yourself. As a bonus, it makes it much easier to not reuse passwords, since you’re generating a unique one for every service you sign up for.
Set up two-factor authentication on every service that offers it. This means that in addition to a username and password, you’ll need to enter a unique code sent to you through text, a secure app like Google Authenticator or Authy, or a physical security key. There are a bunch of WordPress plugins you can use to add two-factor to your website. Make sure you have everyone with access to your website use it.
Limit the number of people with website access. Security is only as strong as your weakest link. If you need to give someone access, create a new account for them so you can revoke access later if you need to. Only give them the privileges they need to get their job done to limit the damage that can happen if they get hacked.
Also, make sure to keep your site up-to-date.
Look for the update banner in the top left corner of your dashboard, or the notification bubble next to “Updates” in your sidebar.
The WordPress updates screen will let you update your themes, plugins, and WordPress installation from one place.
Use a plugin like Jetpack to enable auto-updates, so you don’t need to go in and check your site manually. Automatically installation updates can keep your site safer and give you peace of mind. Definitely do this if you’re archiving your site.
There are a bunch of available WordPress plugins to help lock down your website and keep it secure.
Plugins like Sucuri, iThemes Security, Wordfence, and Jetpack will monitor your site for suspicious behavior, notify you if any of your website files are changed unexpectedly, and block bots from trying to crack your passwords. Pick the one that works best for you and install it.
It’s worth paying for a reputable website hosting service. You get what you pay for. Cheaper hosting services might run outdated software. They often put a bunch of websites on the same server, increasing the chance that if another site is hacked, yours will be as well.
WordPress recommends Bluehost, DreamHost, and SiteGround.
It might not be worth migrating your website if you’re not actively maintaining it, but consider it when you’re up for re-election.
Ragtag, one of the organizations I volunteer with, offers security trainings: https://ragtag.org/security-trainings
Have your staff attend a session.
Backing up your website regularly can also provide peace of mind.
There are a bunch of WordPress plugins available, some free, some paid, that will automatically back your site up for you and help you restore it if something goes wrong.
Your website host might also provide backups. Look for this service if you’re thinking about moving hosts.
It’s important for your website to be accessible to all of your constituents. How can they connect with you or vote for you if they can’t use your website?
Right before the first democratic debates, Miami Lighthouse for the Blind and Visually Impaired released a study showing that not a single democratic candidate had a website that was compliant with the Americans with Disabilities Act.
25% of adults in the US have a disability. These are your students and your constituents and your voters.
Disabilities range from mobility, to cognition, to hearing and seeing or independent living.
“Thirty-five million eligible voters are disabled, and disability turnout lags behind that of nondisabled voters by 6 percentage points; if disabled people voted at the same rate as their nondisabled counterparts, there would be 2.2 million more voters.”
s.e. smith, “Not one 2020 candidate has a website that is accessible to the blind” https://www.vox.com/first-person/2019/6/26/18759522/2020-candidates-disability-issues-blind-accessible
Okay, what does this mean? To start, people need to be able to navigate around your site without using a mouse. Many people with motor dexterity impairments uses keyboards or custom inputs to navigate websites.
People who are blind or visually impaired often use screen readers, which are programs that read the code of your website and translate it audibly.
You also want to ensure that your colors have sufficient contrast, and you’re not using small text on your website.
There are a lot of free resources available online to check if your website has sufficient color contrast.
Think about accessibility the next time you redesign your website. A lot of this is hard to correct after building your website.
If you’re using WordPress, there are over a hundred free, accessibility-ready themes in the WordPress.org theme directory. These themes have been audited and tested by accessibility professionals.
Luckily, since that report was released, democratic candidates have been making efforts to fix their website’s accessibility issues.
Your constituents are coming to your website to learn more about you. How you write about yourself and present that writing to them is important.
Think about what kind of story you’re telling on your website. What makes you unique? What makes you qualified for this position? Tell your story and be authentic. People respect and identify with authenticity.
Know your constituents and speak to what they need and want. What information would help them? What concerns of theirs can you address?
You also want to use text formatting to make your website easier to read.
Break up paragraphs into smaller chunks so people aren’t faced with large walls of text.
Break up content with correct headings, too. For example, don’t use a heading level 2 followed by a heading level 4 when writing your content.
Sometimes it makes more sense to break up some paragraphs into individual bullet points instead. They’re easier to scan and help structure your content.
And finally, try to cut your copy in half… and then see if you can cut it in half again. The more succinct you can be, the better. Not everyone has the time or attention to read tons of content about you, so help them out and get to the point.
Obviously this isn’t feasible for everybody, and probably not necessary for most positions, but if you have the resources, pay someone else to do this for you. It just makes your life easier.
Social media is vitally important for engaging with constituents and voters today.
If everyone uses Facebook or Instagram or Snapchat these days, why even bother having a website in the first place?
Your website is the hub of your political life. It’s the web that connects all your different social media accounts. While social media is ephemeral and temporary, your website is static content where people can always go to find out about you and your priorities.
Websites also offer a way to control and moderate how people engage with you through comments and contact forms, unlike the wild west of social media.
Rather than pushing updates to social media from your website, pull content into your website. Your social media accounts are more likely to be updated frequently, and can help your site appear “fresh.”
You can embed content from your social media directly onto your website. Many candidates or elected officials embed their Facebook and Twitter streams to their site footers.
Include quick links to all of your social media accounts in a menu on your website, either in your header or your footer.
Try to post different content on Twitter, Facebook, and Instagram. You communicate on them differently, and they have different audiences. Facebook is great for longer text and community engagement, Twitter is short-form and great for soundbites, while Instagram is visually-driven via video and photos. Tailor your content to the platform.