Wild Apricot – Review – Signifigant Administrative, Security and Privacy Limiations

I’ve have a very small member website and I use Wild Apricot to manage the site. Generally speaking I’m pleased with the Wild Apricot product, support and pricing. There are, however, some significant limitations which I think you should know about prior to using their service:

1. No Truly Protected Files and Links. Wild Apricot allows you to build a private member area where you can restrict pages so that only registered members can view these pages. In my organization I wanted to give access to my members to certain documents. The problem is that although you can limit access to the page containing the links to the downloads, you cannot protect the downloads.

For example, say you have a membership page with a link to your club by-laws. While you can make the page that has this link only accessible to people who are logged in, you are limited because the link is still a “regular link” – e.g. the link is www.yoursite.com/subdirectory/filename.doc. So while only people who can login can see the link, the link is still accessible to anyone who knows of it’s existence.

2. No robots.txt. Such a publicly-accessible-link problem would be workable if you could prevent a search engine from indexing the content. Those of you who have dabbled in SEO know that you can put a robots.txt file in the root directory of a website which basically tells a search engine what content it should and should NOT put in its search engine listings. The last thing I would want is for someone to search generically for the words “by-laws” and somehow come up with mine! Now realistically it’s not a big deal if someone who isn’t a member of my organization stumbles upon my by-laws — there are not secrets there. The problem lies in the fact that what if the someone stumbled across a truly private document via an accidental Google search?

I discussed the problem with Wild Apricot tech support which was very friendly and responsive, and to make a long story short, they said that I cannot put a robots.txt in the root directory (the SEO people out there know that a robots.txt should be put in the root directory).

So because I am unable to create a private, members-only link for my members to view documents, and because I cannot effectively block search engines from finding these private documents, I cannot use Wild Apricot as a place where I can store and provide documents for my members (in fairness to Wild Apricot, even with a robots.txt file in place in the root directory, you cannot guarantee that all search engines will respect the robots.txt file, and thus robots.txt is NOT a foolproof method of securing your documents). Wild Apricot tech support suggested I use a third-party site for securely storing documents for my organization.

3. No Tierd or Tailored Levels of Administrator Access. Wild Apricot’s system is setup such that you either have full administrative privileges or none at all. In my organization I wanted a setup whereby certain officers could login and perform certain administrative tasks — but only have access restricted to specifically what the officers needed for their job. The last thing I need is an administrative member logging into the site and accidentally modifying critical settings; one of the core principles of system design is to always provide the most restrictive access — and this system does not follow that principle.

Wild Apricot is a very good product that does a good job doing what its supposed to do — at least for most of my purposes. As with any system there are limitations, and this article reviewed some of these imitations for Wild Apricot. If these issues are a problem for you then you should consider another product, but if theses three issues are not a concern for you or your organization, I think that for the price point, Wild Apricot is a great choice (note they also have a free, ad-sponsored trial version so you can see for yourself if it works for you).

Related posts