Skip to content

B-F Build Requirements

General Considerations

  • Our sites need to be built to the WCAG 2.1 AA accessibility standard
  • Themes templates should be built in a way that permits an editor to build a completely custom page. There needs to be a basic page style that's not very opinionated.
  • Themes should contain any build scripts used to compile styles and scripts. Unfortunately the Pantheon workflow does not currently allow us to use any build scripts during deployment, so the best option is to commit the built JS/CSS files.
  • We recommend using Lando for local development, the scaffolded site set up by BF IT will already have a config present.
  • When building a site with multiple localizations, using Wordpress Multisite is the best approach.

Themes

We HIGHLY encourage you to build any custom themes to utilize the Wordpress block editor. The newest iterations of the BF forms and age gate plugins make use of the block editor.

Themes should not include page builders that override the Wordpress editor (block or classic). Examples of these type of page builder themes include but are not limited to the following:

  • Divi
  • Avada
  • Muffin Builder
  • Elementor
  • Yootheme
  • BeTheme
  • WPBakery

Plugins

The Brown-Forman/Pantheon curated upstream includes some plugins. Do not try to remove them, they will simply be redeployed automatically. These are the plugins we distribute to every site and why:

  • Advanced Custom Fields Pro - Provides the ability to add custom fields to Wordpress, the “BF WP Forms” plugin has ACF Pro as a dependency.
  • BF WP Tools - Provides some user auditing functionality that BF IT uses to manage our CMS users at scale
  • Stop User Enumeration - This blocks access to the WP JSON API user calls. Without this, the usernames of all CMS users will be listed via a simple API call that is often probed.
  • WPS Hide Login - This plug-in allows us to change the login path from /wp-login.php to /bf-admin. This is done for hosting billing reasons, we get charged for page views that hit the origin resulting in a 200 response. Before rolling this out, 50% of our traffic reaching the origin was bots probing the login pages.
  • WP Mail SMTP (Pro) - Pantheon does not provide outbound email services, we use this plug-in to send our outbound emails via Sendgrid. Sites using the WP multisite get the Pro version.

Requirements

  • Limit plugins to the bare minimum needed to accomplish the tasks. Do not include any Wordpress security plugins such as Wordfence.
  • Plugins need to be checked against this list: https://pantheon.io/docs/plugins-known-issues
  • If there is a plugin that requires a license, Brown-Forman IT needs to approve it and will purchase the license for you to use. We will also validate that the licensing will work with the Pantheon Devops workflow.
  • We require a documented reason for each plug-in being used. That reason needs to also define the parts of the site that are dependent on that plug-in.

Brown-Forman maintains some common premium plugins and you are free to use them in your build.