Please click on a section below to open that area of our Terms and Conditions. Downloadable versions of this are provided for our clients in their hub page. This can be modified to suit a given situation, and is only intended to set initial boundaries and expectations.
- We operate on scheduled phases with known budgets. We typically on-board new clients about two weeks ahead of any actual production or consulting work.
- We request a 30%, non-refundable deposit that allows us to provision resources ahead of the project, and secure a position on our calendar.
- You will be asked to obtain a free account with LastPass. This is the only system we use to transmit login credentials. If you lose your website login or access to some other system, we will not send that information in e-mail, but will instead direct you to the LastPass record we have shared with you through the LastPass system.
- An account at portal.michaelpenner.com will be created for you where all contractual documents, including timelines, are stored. The documents you will find there need to be explicitly verified the first time they are generated and anytime there is a modification to them:
- The Architectural Services Agreement
- The Project Plan
- Any Change Requests
- The Project Timeline
- An account with our Service Request system will be created for centralized issue tracking. This system is also where billable Change Requests or billable tech support (rare) is tracked. Billable Service Requests are referenced on invoices.
Important Things to Know
This could be considered “the broader strokes” when it comes to web building guidelines. This guides in our work together, should you choose to engage our services. This section is included in any Project Plan or other contractual document we come up with together.
Working with us is a collaborative experience. We cannot build your website without your participation.
- We do not resell web hosting, but will help you setup a web hosting package with one of our preferred vendors. If you require web hosting on something other than one of our preferred vendors, we will have to discuss who that is. Most web hosting companies cannot be trusted, so it is very important we understand the vetting process you used to identified your preferred web host. Our preferred vendors are baremetal.com, and siteground.com. We do not offer build services on in-house servers.
- You need to know who controls DNS and how your e-mail is configured, or have access to someone who does. We do not manage DNS or e-mail, and do not provide IT services directly. If you need assistance with IT related aspects such as that, please let us know and we will refer you to a trusted partner. All DNS and e-mail issues must be defined and known prior to beginning work.
- Not everyone can be trained to use their new WordPress website. Some people do not have the requisite skills to manage the content on their new WordPress website, and we cannot provide that sort of training. If you are not familiar with opening multiple browser tabs, copy / paste, clearing your browser cache, and other basic aspects of browsing and doing work on the web, we can point you to resources where you can get the help you need so we can then get you trained up on your new website when you're ready. If we find during our training sessions that the requisite skills are lacking, we will halt the session and resume it once the requisite basic skills have been mastered.
- You must not rely solely on us for all testing and validation. We will not agree to take a website to the next milestone if you have not participated in the validation of certain aspects of your website so far. This includes how forms respond with e-mail notifications, complex workflows for membership and e-commerce based websites, and other critical aspects.
- Beta Testing is an additional expense that should be line-itemed in the Cost Table if your site has a public facing workflow-based component (like posting classified ads, shopping, paying invoices, etc...). If you waive this requirement, you will also nullify any technical support we can provide after the site is live. We can create, manage, and implement Beta Tests for you, ( but it will still require your full participation), using structured feedback systems such as those provided by Atlassian JIRA, which allows us to track issues clear through to the root cause and coordinate fixes among our programmers and other team members seamlessly. If you elect to forego Beta Testing for a website that requires it, your site will not be eligible for any further services from us after go live, including our Site Maintenance and Security Hardening (SMASH) service, training, or technical support.
- We bill for meetings and consultations. This is not a web design firm, it's a web integration consultancy, with web design as just one of several core competencies. Consulting plays a very large role in our core value, and in defining what it is you need us to build for you. As is stated near the Cost Table, we estimate our meeting costs to you ahead of time based on the selected Web Package. It adds an additional 30% (estimated, this is not set in stone) to the cost of the project based on the selected web package. Please keep this mind when reviewing invoices we send you and when you consider the budgets involved.
- We provide personal training through screen sharing at $85/hr for up to 5 people at a time, each in front of their own machines. Onsite training is provided at $150.00/hr, including travel and meal expenses. In such a case, your systems must be able to access the identified training resources prior to our arrival.
- If you decide at some point that the site's design needs to be changed, functionality needs to be added or removed, or any other major infrastructural change is required mid-stream, it is very likely we will have to null the project budget, re-assess those costs, and produce a new Project Plan. In other words, we start over from the Architectural Phase, and reset all timelines and budgets. This is different than a simple Change Request and is to be avoided. It can get very expensive for you when this happens, so it is important that you have zero questions about what it is we are doing for you as we go. There is no room for ambiguity or misunderstanding on these projects because they are so abstract by nature, so it is critical you are completely clear on what we are doing for you and why.This is the reason we have so many checks and balances along the way. It is primarily to make sure we are all in agreement on that status of what is being built.
- We build on our own test servers that we pay for and control, and do not give access to the WordPress dashboard of such sites until the build phase is completed.
- We do not allow content placement to occur during Build. We complete the Design and Build phases first, then take content for placement if that is something you have additionally contracted us for. We do not share the content placement responsibilities with you. Either we will place the content, or you will, but not both at the same time. By default, we do not place original content of any kind into the site during the Build phase. Once all site functionality and design behavior has been verified by you and signed-off, that phase closes and the site is technically completed. Specific content can now be placed as an additional service based on whatever agreement we have in place, or preferably we will begin training you on how to do this yourself.
- Training and Testing Clone: We can, for a fee of $125.00/mo., maintain a clone of your site for training and testing purposes that you can access as well for as long as you remain current on payment for this service. This clone will remain on our servers and under our control, but you will have full access to the WordPress dashboard. We will not be held liable for any actions you take while accessing such a clone, or the actions of others, including hackers or other unauthorized access, so be careful what you upload into your training clone. We may be required to initialize the clone without warning if certain situations warrant it.
- Your HUB page (you will have been shown this by now) will contain versioned copies of all contractual documents. This gives you a convenient place to go for reviewing those documents and versions that we recognize as valid for the project.
- A very simple timeline will be sent to clearly indicate project status and billable milestones as we move forward. You must agree, explicitly, to this timeline each time it is issued in order for the project to continue. Issuing the timeline is not a trivial event, and we do require 1 business day confirmation that the timeline is authorized at each step along the way or the project will be put on hold until we work out whatever it is that is impeding confirmation.
- At major milestones I will ask you to confirm the work as approved. The confirmation method will be by e-mail.
- Invoicing occurs when we reach a milestone, or if work cannot proceed due to something we need from you or a bottleneck on your end occurs that is outside of our own control, and more than a week goes by. In that case, we will bill for the work completed so far.
- We require a 3 business day response time from you whenever I ask you to review work or send me information. Please let me know if it will be longer than that. Otherwise, I may not be able to re-start your project until 7 days after the point from which you provide the needed response. If this happens, the Overall Estimated Timeline will change. In addition, a project restart fee of $175.00 will be required up front prior to project restart. In addition, all pending invoices must be paid in full prior project restart being authorized by MJP-C. Project interruptions due to lack of response on your part are extremely disruptive to our operations, so we take such lapses very seriously because we take your project very seriously. Exceptions exists, of course, so talk to us first to avoid these adjustments should circumstances warrant it. Websites are taken live only when all invoices are current or we have worked something else out.
- Websites are taken live only when all invoices are current or we have worked something else out.
- There is no grace period for free bug fixes or changes once your website is live, so please make sure you have tested everything yourself first.
- Ongoing service and support is provided on a best effort basis, Monday-Friday, 9a.m – 4p.m., excluding holidays. My usual response time is less than 1 business day. Updates to site content are provided at $85/hr and usually begin within 1 business day of the request. Most such requests are completed within 4 business days.
- If you call and need extensive technical support the time might be billable but I will let you know at the time of the call. Most such calls actually last less than 15 minutes and I won’t bother charging for them. I do this because I don’t want my clients to hesitate contacting me for training issues they encounter when they are working on their site. I’d rather take a little time to simply answer questions at no charge and help things keep moving along than have someone sit at their desk fussing over an issue because they are concerned they will get billed for every call they make to me for help. I don’t expect people to memorize everything shown in training, and sometimes the manual / videos don’t quite answer the odd question here and there.
- We do not to take websites live on a Friday, over the weekend, the day before a holiday, or within 3 days of such. Essentially, websites are therefor taken live Mon-Wed only and we do require your participation at various points in that process. Our offices are closed on weekends and holidays.
- We do not provide less than 1 business day Service Level Agreements. This means we do not do emergencies. We are not an outsourced IT firm and cannot be relied upon to provide rapid response help in case something goes very wrong. Our job is to build your website to specifications then hand it over to you for full control. We take no ownership of the site, it's operational stability, or other aspects that could result in undesirable results after you have signed-off on the go-live and warranted to us that you have tested everything to your own satisfaction as well.
We run projects based on feature-driven timelines. This means that if your project requires a hard-date by which to be completed, we're likely not the best resource for you. A project can either be feature driven, or it can be date driven, but it cannot be both. Our end dates are determined by what it is you've asked for and the time it will take us to honor that request. We send out simple timelines with agreed upon milestones, and that's how we chart our course. No surprises, no urgent, unforeseen schedule drivers. It is the only way we know how to hold ourselves honestly accountable to our clients. Only you can determine if this is a fit for your needs.
Because we are a web consultancy, and not just a web design firm, we have safeguards in place to protect your online investment. We test our websites extensively, both during development and then again after go-live. We truly make every effort, proactively, to assure that what we build takes into account performance and security. Our approaches mean that, if things go wrong once the site is live, we are usually able to take counter-measures and/or corrective action that is effective. However, it is not possible to anticipate every attack, glitch, or inappropriate behavior by site members or visitors that can cause problems. Nor are we in control, to any degree, over the performance of the selected web hosting solution. The web hosting we prefer is communicated to you during our discussions because it has been proven to be robust, resilient, and responsive to us when things go wrong. Given the amount of QA effort expended by us to minimize the possibility of problems, you agree to hold harmless MJ Penner Consulting for any loss of revenue, reputation, or any other form of damage resulting from website performance problems including but not limited to website crashes, server downtime, offensive material posted to your website due to hacking, offensive site redirects due to hacking, unloadable pages, and server error messages. Essentially any unanticipated or unintended website behavior, due to hacking or other malicious behavior (including the behavior of site members), which could be deemed damaging, will not be held against MJ Penner Consulting. Our promise to you is that if such things happen we will make every reasonable effort to help you, though it may not always be possible to do so free of charge. If the problem is something we caused, we certainly will fix it free of charge, but we still require the same disclaimer of liability in that case as well.
No warranty or expectation of 100% site uptime is provided by MJ Penner Consulting. There exists not a single website we are aware of that has ever enjoyed 100% uptime, but we will do everything in our power to minimize the chances that downtime occurs.
You agree and understand that:
- It is not possible for MJ Penner Consulting to respond on an emergency basis for any reason, and if your site goes down or is hacked it could take up to 4 business days for analysis and / or remediation of the problem to begin. This is certainly a worst-case scenario, and we will of course always make such problems a priority.
- It is your responsibility to monitor the membership activity and behavior on your website of your members.
- If your website is hacked and the exploit poses a danger to the hosting service, it is within the hosting service’s authority (indeed it is their responsibility) to immediately suspend your website from service without prior warning. This is usually only a problem on cheaper web hosting platforms that don’t host websites in virtual isolation. While this may seem a bit technical, it’s important to understand that this is one way such companies cut costs. It’s not a corner we think is good to cut because of the danger described here.
- MJ Penner Consulting takes security very seriously, and will at any time furnish to you a document detailing steps taken to secure your website and harden it against attack. If you approve the website for go-live, you are thereby also agreeing that these measures were sufficient to the best of your understanding, and that they were explained to your satisfaction or you did not feel any such explanation was needed.
- MJ Penner Consulting will make a one-time pristine backup of the WordPress-related aspects of the site and furnish this backup as a separate zip file compatible only with the BackupBuddy plug-in architecture. The file might need to be used to replace your entire current website and reset it back to this original form in the event of hacking. This can be an extremely effective remediation step that saves your site from extended downtime.
- If you are hosting your website with baremetal.com, they keep backups that could also be used, but these backups overwrite the entire site domain, including any e-mail stored up on the server. Still, it is a redundancy which gives you options you would not otherwise have.
- You are responsible for the security and control of all information stored in databases and files hosted with your website. MJ Penner Consulting will not be held liable for the theft and / or misuse of such information. That said, our approaches make it really tough for hackers to get access to this information, and we will council you on any additional security measures, or warn you against certain practices, to minimize this concern for you.
We must put an end date on when a site is considered “finished”. Just because a site is live doesn’t mean it’s done. Fine-tuning is not unusual and we certainly don’t want to bill you for minor adjustments here and there. But after 30 days that should pretty much be it. So, upon final payment and site go-live, you have 30 days to identify any deficiencies that should be addressed at no additional charge. These will be reviewed and discussed, with all issues documented in a formal Change Request. Beyond the 30 day time frame additional changes or tweaks might be free if they are minor enough. The reason we put you through so much planning and sign-off throughout our work together is to make sure that there are no surprises at any point along the way. Nowhere is this more important than what happens after your site goes live. It is rare that something significant escapes your notice, or ours, until after go live. For this reason, it is also highly unusual for the 30 day marker to be anything other than a formality. Our goal is to keep it that way.
One thing we need to be careful about here is who owns the website once it goes live. That owner is, of course, you. This then brings up the question of “warranty”. Just as with a vehicle or home, certain warranties are expected. Warranties always have context in the form of limitations to applicable situations. The same is true of your website. Our continuous QA process throughout the construction of your website, and then post go-live QA (which also requires you to use the site and verify certain things are working correctly) is how we warrant the correct operation of the website. The ongoing health of the website is your responsibility. We don’t perform free maintenance work or patch software at no cost that may become available due to reasons mentioned in the Future Proofing section, but you may contract with MJ Penner Consulting to perform such functions as needed by subscribing to our SMASH service. Once final payment is made and the site is released to you, MJ Penner Consulting has no further responsibility for the site’s maintenance, performance, or modification unless explicitly agreed to as per our SMASH service. This is not to say we will abandon you. Obviously we want to continue to work with you and help you in any way feasible. You can certainly call and ask about things and we can provide you with some ideas and options. We will be here for you.
At this point in the 21st century it is still possible to hack a website. Even the federal government and large banks with dedicated security resources can be compromised. The security of your site is also the responsibility of your web hosting service and by using us to build your website you are agreeing to this statement. It is probably clearer now why we are so picky about who we would rather build websites with. Cheap web hosting usually means little or no real attention to site security. Getting hacked with a cheap web host can mean you get shut down by that web host so they can prevent compromises to other clients they are hosting websites for in the same data center. It’s not a good situation for you to be in, and so that’s why we don’t like working with cheap web hosts. It’s just not in your best interest most of the time.
We cannot provide emergency response services for any reason, so if your site gets hacked please be aware of this. That said, we take extraordinary measures to minimize the likelihood of you getting hacked. With hackers it is a similar mindset as with burglars…if your house is more secure than the one next door, the burglar would rather just go next door.
Keeping your version of WordPress updated is an important aspect of hacker defense, but brings with it issues you need to be aware of as the website’s owner. These issues are not trivial and you really need to take a moment to understand them. Although software developers are quick to point out that keeping WordPress patched to the current version is a best practice to harden against hacking, it is not in fact always the case. Despite software developers’ claims to the contrary, direct experience shows that any new release of software brings with it the risk of undocumented and unknown problems, and so a balance needs to be achieved.
With a content management system (CMS) such as WordPress one of the complicating factors is the reliance on plug-ins to furnish advanced features for very little cost, bypassing the need to hire seasoned programmers to build these capabilities on a custom basis. Plug-ins are modules of ready-to-use code, developed by freelancers or third party companies, that can be implemented to instantly provide all kinds of great capabilities in WordPress.
Plug-ins are not always compatible with each other or the latest version of WordPress. Plug-ins and WordPress are often built by unrelated businesses and individuals, and so it is extremely important to thoroughly vet these things prior to accepting them into your website. We have a rather involved acceptance procedure before we will allow a plug-in to be used in a production environment.
“Future proofing” means making sure future updates to WordPress are also compatible with all the components used to build your site on WordPress, and these components include plug-ins.
There is a tradeoff, there is a hidden cost. It is not possible to totally future proof a website without you, the client, incurring additional costs down the road and it is not possible to anticipate specifically what those costs might be. WordPress is regularly updated to address security vulnerabilities or improve how it runs. This is not always the case with plug-ins. Sometimes a plug-in will no longer work once WordPress has been upgraded, and if the plug-in does not offer a compatibility upgrade, it will have to be abandoned and a replacement plug-in researched, tested, and implemented. It is not possible to anticipate how threats will evolve, what aspects of WordPress will be exploited by hackers, or how the WordPress Open Source Community will address a vulnerability in the next release of WordPress. Auto-updating WordPress to the most recent version is possible with the push of a button. Doing so is also a sure fire way to increase the chances your site will no longer operate correctly due to component incompatibilities, such as plug-in conflicts, if your site is of a more sophisticated bent. Once you push that button, you cannot reverse the update. It can be quite a problem if you don't know what you're doing.
This is why MJ Penner Consulting charges a fee to upgrade WordPress websites. It takes a lot of prep and testing. We really wish WordPress didn’t give the illusion that simply pushing a button gets you updated. It works fine for small personal sites, but for professional grade websites with any sort of sophistication it’s a recipe for disaster. What of the unlikely event in which a site cannot be readily upgraded beyond its current WordPress version smoothly because a plug-in being used, that is core to the site's operation, is not compatible? In thast case we have to consider abandoning the plug-in and implementing a new one (which later could become incompatible with the endless parade of WordPress updates) at expense to you, the client, if it is decided that the latest version of WordPress is a must-have. Given the cost savings of using highly tested plug-ins, the additional cost is still a huge savings over what would be required if you had the feature built from scratch by professional developers.
The other choice is to simply stay with the current version of WordPress for the foreseeable future until new hacking approaches evolve to the point where that becomes untenable.
If we enhance your website to provide a certain feature that works alongside a plugin like WooCommerce, but that plugin's fundamental architecture changes through an upgrade, our code could cease to operate correctly. If our code modifies something the plugin does, but is not itself a code modifications to the core plugin (we never modify the core plugin code), then that plugin will become problematic unless our modification is re-aligned with the changes in the updated core plugin whose behavior we are modifying. If this happens, we would discuss options together and how to proceed. In these rather rare situations it is very likely you will incur additional expenses to address the issue. We cannot predict how often such releases might occur. We can only code toward what is known at the time and engage best practices that create as few critical inter-dependencies as possible. Please make sure you understand this, since it is a key consideration for our more sophisticated websites. Also keep in mind that even with such additional upgrade costs, the savings to you by using an integrator over a completely custom coded solution outside the WordPress environment could easily be several times more than the cost of the website itself. This is is core to your ROI calculation.
It is possible for a plugin on which your site was predicated to become outdated to the point where it is no longer viable or safe to continue using. Again, this sort of thing is largely outside of our control. Since updating these sites is as much a prerequisite as the requirements on which they are originally built, it is not possible to fully reconcile both needs with 100% future certainty that the components originally used will continue to inter-operate through an update, because updates are changes to those components, sometimes at a very deep level, rendering them, essentially, different components than what we started with.
There is good news. We do a lot of things to our installs of WordPress which make them very secure on their current versions and that our vetted list of acceptable plugins inter-operate well through multiple generational updates. We researched and developed these methods early on at the founding of our company in 2004 because of all the stuff just mentioned, and our approaches continuously evolve. That said, nothing is totally hack proof or future proof.
By engaging our services, you are confirming you understand the risks and potential costs involved as described in this section, and that remediation of any hacked site may incur additional costs to recover for the reasons just described. You also agree that “future proofing” your website is only possible within the limits described in this section.
We require all stakeholders to participate in the project. If a stakeholder sits behind the scenes then begins to participate while we are in process, there is a good chance new requirements will be brought to our attention along with additional meetings that are then needed to define, review, and approve their functionality in any prototyping work. If this occurs, we will be automatically and without further notice released from our timeline and the associated budgetary scope in favor of defining a new one along with whatever consulting work is required.