Connect Your Facebook to Website Widget

To connect the Facebook widget on your homepage to your Facebook account, we will need to:

  1. Schedule a meeting below with Dakota or Jeremy
  2. Connect to your computer using Chrome remote desktop. https://remotedesktop.google.com/support/----
    you will need the download from the link above
  3. Open up a browser where you are logged into Facebook
  4. Open up another browser tab and Solutio will log into our Elfsight account. 
  5. Solutio will then click through the settings to connect the widget to your Facebook page.
  6. Solutio will log out of our Elfsight account.
  7. We'll disconnect the chrome remote desktop and conclude the call.

Schedule a Meeting

To connect your Facebook account to the widget on your website, please schedule a meeting with Dakota or Jeremy for a day and time that works best for you. 

  

If you make more than 7 unique requests (excluding homepages) within a 5 second window to the front-end (opening 7 or more links super fast).  That triggers throttling because it's a common tactic of bots to just start crawling different URLs of the site, and different URLs would have an inactive page cache, causing full renders, causing higher load on the server.
Once you are flagged by portas as having bot-like behavior, your requests are throttled for the following 2 minutes.

Updated 6.16.2026

If a client has a giving page that links externally, great. We are off the hook. 

If a client has an embedded giving page, we have to do more. 

#2 below is required if:  the client has a payment system that is hosted externally, but uses a pop-up and stays on the same domain (as Al noted in this case).

What You Must Do
1. Verify Your Provider: Ensure your giving platform (e.g., Stripe, PayPal, or Blackbaud) is a PCI DSS validated service provider.
2. Inventory Scripts: Under PCI 4.0, you must maintain a written list of every script running on the page where the "Give" button/popup lives and justify why each script is there.
3. Use HTTPS: Your entire website, especially the page launching the popup, must be served over HTTPS.
4. Complete Your SAQ: You are still required to fill out an annual Self-Assessment Questionnaire (SAQ) (typically SAQ A) to maintain official compliance status.

Thus the spreadsheet of scripts.
My understanding is that The Self-Assessment Questionnaire (SAQ) is ALWAYS the merchant's responsibility, or your responsibiliy in this case.

(actual sheet: https://docs.google.com/spreadsheets/d/1eWXef5m5jAGiM1y3dq0THwkYPsybOiMnkNWYpey-Rjw/edit?gid=1090969581#gid=1090969581 )

Solutio Software does not:

  • Accept payments
  • Process payments
  • Transmit cardholder data
  • Store cardholder data
  • Provide payment forms, shopping carts, or checkout pages

Therefore:

  • Solutio Software is NOT required to be PCI-DSS compliant
  • Solutio is not a payment service provider
  • PCI responsibility lies solely with the third-party payment processor

 

Here is a Vanco questionaire about DCI compliance February 20206 via StM-Man

PCI Compliance Questions-Vanco.pdf

-------------------------------------------------
Hello,

Solutio Software provides website hosting and content management services only. We do not accept, process, transmit, or store credit card or payment data.

In some cases, Solutio-hosted websites may embed third-party, externally hosted payment forms (such as via iframe or script) that are provided and fully controlled by the payment processor. Solutio Software does not develop, modify, or maintain these forms and has no ability to access, intercept, view, or store cardholder data entered into them.

All payment data is submitted directly from the end user to the third-party payment processor’s systems. Solutio Software does not participate in the payment transaction and does not handle cardholder data in any capacity.

As a result, Solutio Software is not within PCI-DSS scope and is not required to maintain PCI-DSS compliance. PCI-DSS obligations apply to the organization accepting payments and the third-party payment processor.

Please let us know if additional clarification is required.

Google workspace is starting to require all workspace administrator accounts and Google cloud accounts to activate 2 Step authentication. The problem is that if these settings are not allowed then users can't set it up on their own. If a workspace account does not have 2 step set up already or our workspace admin account is locked out this is likely the issue.


If you are unable to login to google workspace because its already locked out you will need to fill out this form for the account and request an extension to the 2SV enforcement date. After Google lets you back in be sure to set up these settings and activate 2-step on the account so we don't get locked out again.

https://toolbox.googleapps.com/apps/recovery/form

 

Updated  settings in google workspace.

 

Don't forget to save these:

 

After those settings are set up the next time you sign into the account it should request you to set up 2 Step verification. Make sure to do that.

Protocol for sending Network support issues

I don't know how often this happens, but when we get issues through support for network issues, please follow the following protocol.
 
Before reaching out to Alex when a client is having a network issue reaching the site:
  • retrieve the client's IP address
  • find out if the client can access the website via CODE.solutiosoftware.com
  • have the client try the issue outside of the parish/school network (there are times when a parish will mess up their internal network by overriding the Internet's DNS with custom values on their internal router)
  • gather a screenshot from the client, if possible (these can reveal a lot about their setup more than words a lot of times)
  • send Alex an email with subject: Network - SITECODE

 

Protocol for DNS change requests

DNS Records
  • first check to see if Solutio controls the DNS servers (i.e.., the Domain Manager lists Solutio by the DNS field)
  • when a DNS record change is needed send Alex an email (instead of Freshdesk/Discord)
  • subject: DNS - SITECODE - DOMAIN
  • body: the record type, host, and value in plain text (instead of images he has to re-type or extract from documents)

Hi xxxxxxxxx

Ultimately the decision is up to you, but I want to show you the bulletin widget we generate as well as what LPI's widget looks like and how they each function.

Solutios' Widget: xxxxxxxxxx. With this, when you click on a bulletin, it immediately opens up into a new tab to view/download the bulletin and you can scroll down to view all of the advertisers.

LPI's Widget: xxxxxxxxxxxxx. With this, clicking on a bulletin takes you to LPI's website, where you can then click on a bulletin to view/download it and also scroll to the bottom of the PDF to view the advertisers.

The biggest difference between the two is that we aim to limit the amount of clicks required to view/download the bulletin. However, your advertisers for the bulletin still get the same amount of exposure. 

Let me know if you have any questions, or what your thoughts are regarding the two options! 

Google is sunsetting our current method for creating and managing reCAPTCHA keys. They will be managed via the Google cloud console after 2025

If clients want to have emails sent to one email forwarded automatically to another email you can use google workspace to set up email forwarding.

If from Domain Listings.com -- definitely not a legitimate invoice but a solicitation.