DawPi

Invision Community has come a long way over the past five years.
We've added many new features and invigorated the front-end user experience to keep it current and in-line with modern interfaces.
One area that has remained largely the same is the Admin Control Panel.
When we released Invision Community 4.0 back in 2014, the Admin Control Panel was updated but has stayed relatively dormant since.
But that's all about to change with the upcoming release of Invision Community 4.5!

The Admin Control Panel in 4.5 has received a substantial update, resulting in a modern color scheme and a clean, minimalistic design.
We felt that a lighter, more open design allowed the content more space and to feel less crowded. 
The dark grays have been replaced with shades of blue and aqua which closely reflects Invision Community's new branding, while other colors have been lightened and saturated.
Along with the new color scheme, the overall layout of the ACP has intentionally been kept similar to the existing version, resulting in a design that feels surprisingly familiar yet refreshingly new at the same time.

We hope you've enjoyed this small sneak peek into Invision Community 4.5 and we look forward to introducing you to some more new features in the upcoming weeks!

Think about all the different touchpoints where you try to connect with members: forum discussions, blog comments, personal messages, email newsletters, weekly meetings, and perhaps offline events.  You write witty and clever messages. You dedicate an entire section of your community to welcome and hello topics.  You spend enormous amounts of time trying to elicit engagement from members. 
What if I told you that there’s one touchpoint that you consistently overlook where members reach out to you, some for the very first time?   

You receive messages every day and every week from users through the Contact Form.  It’s one of the most common touchpoints that you’ll ever experience with members.  Unfortunately, most admins gloss over messages through the contact form, because we think it’s secondary to the activity in the community.  That’s not true!  As a touchpoint to your community, the interactions through the Contact Form are as important as any other user-facing activity.  In fact, because members proactively reach out – some for the very first time – this is likely one of the biggest opportunities where you consistently under-engage.    
It’s time to fix this gap.  Here are examples on how to effectively respond to 2 different types of messages from the Contact Form.  Let’s look at some sample responses with a fictional online community “Toronto Birding Society” (Note: I know nothing of birdwatching or Toronto). 
Responding to Guidance Questions
Many questions you receive through the Contact Form are “guidance” questions.  These are questions that ask about function and features such as “how to?” and “how do I?”  The tone is usually neutral, and the intent is positive (eg. to learn).
These questions are easy-to-answer and the responses usually involve instructions, step-by-step details, and screenshots.  If you only respond to the specific inquiry, however, you miss out on all the potential of member growth: to affirm the relationship, recognize his contributions, instill community culture, and ultimately encourage the member to contribute in a more meaningful manner. 
Example:
Responding to Negative Sentiment Questions
The next type of question you receive through the Contact Form are questions of “negative sentiment.”  These are questions that ask to cancel, terminate, or suppress various functions because the user would like to disconnect from the community.  Even though the tone is neutral, the intent is negative. 
Just like before, the questions themselves are easy-to-answer.  However, if you took the inquiry at face value and answered the specific question, you end up losing the member!  Your goal instead should be member retention: to investigate why he wants to leave, to re-affirm the strength of the relationship, recognize his past contributions, invite the member to revisit, and ultimately deflect the original inquiry. 
 

Conclusion
Busy communities receive messages through the contact form daily and weekly.  They’re a recurring part of our community management that we consistently overlook.  It’s one of the greatest touchpoints you will ever have with a member, since the member is actively seeking growth (or regression) with the community.  Your responsibility is to nudge them in the right direction. 
My recommendation is to write two templates: one for guidance questions, one for negative sentiment questions. This allows you to quickly provide a framework that can be filled in with personalized details. 
Use your replies to contact form messages as a way to not only answer the specific question, but grow the member and progress them along the member lifecycle journey.    

Security should never be an afterthought. Don't wait until an attack has compromised your site before you take action.
All too often, site owners consider increasing their security only when it's too late, and their community has already been compromised.
Taking some time now to check and improve the security of your community and server will pay dividends.
In this blog, we run down 8 ways that you can protect your community with Invision Community. We go through the security features you may not know about to best practices all communities should be following.
1. Set up Two Factor Authentication
Invision Community supports Two Factor Authentication (2FA for short), and we highly recommend making use of this feature for your users, but especially for your administrative staff.
2FA is a system that requires both a user's password and a special code (displayed by a phone app) that changes every few seconds. The idea is simple: if a user's password is somehow compromised, a hacker still wouldn't be able to log in to the account without the current code number.
You may already be familiar with 2FA from other services you use. Apple's iCloud, Facebook and Google all offer it, as do thousands of banks and other security-conscious businesses.
Invision Community supports 2FA via the Google Authenticator app (available for iOS and Android) or the Authy service, which can send codes to users via text message or phone call. You can also fall back to security questions instead of codes.
You can configure which members groups can use 2FA, as well as requiring certain groups to use it. 
Recommendation: Require any staff with access to the Admin Control Panel or moderation functions to use 2FA. This will ensure that no damage will occur should their account passwords be discovered. Allow members to use 2FA at their discretion.
2. Configure password requirements
The password strength feature displays a strength meter to users as they type a new password. The meter shows them approximately how secure it is, as well as some tips for choosing a good password.
While you can leave this feature as a simple recommendation for users, it's also possible to require them to choose a password that reaches a certain strength on the meter. 
Recommendation: Require users to choose at least a 'Strong' password.

3. Be selective when adding administrators
Administrator permissions can be extremely damaging in the wrong hands, and granting administrator powers should only be done with great consideration. Giving access to the AdminCP is like handing someone the keys to your house. Before doing so, be sure you trust the person and that their role requires access to the AdminCP (for example, would moderator permissions be sufficient for the new staff member?).
Recommendation: Don't forget to remove administrator access promptly when necessary too, such as the member of staff leaving your organization. Always be aware of exactly who has administrator access at any given time, and review regularly. You can list all accounts that have Administrative access by clicking the Administrators button under staff on the Members tab.
4. Utilize Admin Restrictions
In many organizations, staff roles within the community reflect real-world roles - designers need access to templates, accounting needs access to billing, and so forth. 
Invision Community allows you to limit administrator access to particular areas of the AdminCP with the Admin Restrictions feature, and even limit what can is done within those areas.
This is a great approach for limiting risk to your data; by giving staff members access to only the areas they need to perform their duties, you reduce the potential impact should their account become compromised in future.
Recommendation: Review the restrictions your admins currently have. 
5. Choose good passwords
This seems like an obvious suggestion, but surveys regularly show that people choose passwords that are too easy to guess or brute force. Your password is naturally the most basic protection of your AdminCP there is, so making sure you're using a good password is essential.
We recommend using a password manager application, such as 1password or LastPass. These applications generate strong, random passwords for each site you use, and store them so that you don't have to remember them.
Even if you don't use a password manager, make sure the passwords you use for your community are unique and never used for other sites too.
Recommendation: Reset your password regularly and ensure you do not use the same password elsewhere.

6. Stay up to date
It's a fact of software development that from time to time, new security issues are reported and promptly fixed.
But if you're running several versions behind, once security issues are made public through responsible disclosure, malicious users can exploit those weaknesses in your community.
When we release new updates - especially if they're marked as a security release in our release notes - be sure to update promptly.
Invision Community allows you to update to the latest version via the AdminCP. You no longer need to download a thing!
Recommendation: Update to the latest version whenever possible. Remember, with Invision Community's theme and hook systems, upgrades to minor point releases should be very straight forward.
7. Restrict your AdminCP to an IP range where possible
If your organization has a static IP or requires staff members to use a VPN, you can add an additional layer of security to your community by prohibiting access to the AdminCP unless the user's IP matches your whitelist.
This is a server-level feature, so consult your IT team or host to find out how to set it up in your particular environment.
Recommendation: Consider IP restriction as an additional security layer when you are not able or willing to use 2FA.
8. Properly secure your PHP installation
Many of PHP's built-in functions can leave a server vulnerable to high-impact exploits, and yet many of these functions aren't needed by the vast majority of PHP applications you might run. We, therefore, recommend that you explicitly disable these functions using PHP's disable_functions configuration setting. Here's our recommended configuration, although you or your host may need to tweak the list depending on your exact needs:
disable_functions = escapeshellarg,escapeshellcmd,exec,ini_alter,parse_ini_file,passthru,pcntl_exec,popen,proc_close,proc_get_status,proc_nice,proc_open,proc_terminate,show_source,shell_exec,symlink,system Another critical PHP configuration setting you need to check is that open_basedir is enabled. Especially if you're hosted on a server that also hosts other websites (known as shared hosting), if another account on the server is comprised and open_basedir is disabled, the attacker can potentially gain access to your files too.
Naturally, Cloud customers needn't worry about this, we've already ensured our cloud infrastructure is impervious to this kind of attack.
Recommendation: Review your PHP version and settings, or choose one of our cloud plans where we take care of this for you.
So there we go - a brief overview of 8 common-sense ways you can better protect your community and its users.
As software developers, we're constantly working to improve the behind-the-scenes security of our software. As an administrator, there's also a number of steps you should take to keep your community safe on the web.
If you have any tips related to security, be sure to share them in the comments!
 

Minor releases are almost always just maintenance releases. We gather up a fistful of bug reports and fix them to ensure that every month or so, our clients enjoy more stability and efficiency with Invision Community.
However, more recently we've noticed that we're running low on bug reports, so we've managed to squeeze in a handful of improvements in Invision Community 4.4.5.
Let's take a look and see what's new in Pages.
How should the canonical tag behave?
While this isn't the most exciting name for a feature, it does explain it reasonably well. We had a recent discussion on the forums where it was pointed out that the canonical tag directed search engines to the first page of any record. While this makes perfect sense for an articles or blog system where the content you create is more important than the comments, it makes less sense if the user-generated content (aka the comments) is more important than the content you put up. A good example here is where you put up a video or link for review. You don't want the canonical tag pointing to the first page as it will ignore the reviews themselves.

If you didn't understand much of that, don't worry. The idea behind this feature is to provide Google and friends with a better hint about which content is more important. A happier Google bot slurping your site is a good thing.
How about that Admin CP menu?
When you create a new database in Pages, it is shown in the ACP menu under 'Content'. This is fine, but when you get a lot of databases, it starts looking a little cluttered, and it can be hard to find the correct one.

We've reworked the menu so items have their own section, and can be re-ordered using the ACP menu re-ordering system.
Member fields are now filterable.
Pages allows specific field types to be filterable. This means you can sort by them with the table's advanced search box, and you can drag and drop a filters widget next to the table to refine the rows shown.
Now a member custom field is filterable, which is handy if you use them in your databases.
Other areas of the suite.
Messenger search
A while back, we made a change that removed the ability to search messenger by the sender or recipient name. We also limited the reach of the search system to one year and newer.

Unsurprisingly, this wasn't very popular. We've restored sender, and recipient name searching removed the one year limit and re-engineered the internals of search, so it's more efficient and returns results much faster.
How many members do you have?
You can see quite quickly if you have the member stats widget on the front end, but finding out via the Admin CP is a little more tricky. 

 
Until now! We've added a dashboard widget that not only shows the number of members you have registered, but also a break down of their email opt-in status.
A happier autocomplete.
Apple has this cool feature where if you receive a text message for a two-factor authentication login, it offers to auto-fill the code box for you.
We've had a sweep throughout the suite to ensure two-factor authentication fields allow this autocomplete to happen.
While we were at it, we made sure that other fields are more easily autocompleted.
That wraps up the new features in Invision Community 4.4.5. How many have you spotted after upgrading?
Let us know your favourite below.

“Every success story is a tale of constant adaption, revision and change.” – Richard Branson, billionaire and founder of Virgin Group.
We all seek success with our Invision Communities. For too many of our communities, however, we yearn for success but we don’t plot the correct navigation to get there. We haphazardly pursue our strategies, trying new ideas and hoping one will stick. It’s time to take a step back and assess your goals in context to your growth. It’s important to understand the stages of the community lifecycle, and to strategically match your goals with your growth sequence.

Alicia Iriberri and Gondy Leroy of Claremont Graduate University surveyed over 1000 publications across multiple disciplines including computer science, information systems, sociology, and management in their seminal 2009 research paper “A Life-Cycle Perspective on Online Community Success.” Their research forms the foundation for most modern community management, and in their paper they write, “The impact each design component has on the success of the online community shifts depending on which life-cycle stage the online community is experiencing.” The right strategy at the right time will maximize the impact.
Every community goes through a community lifecycle of four stages: Inception, Growth, Maturity, and Mitosis.
 


Setting the wrong objective can not only fail, it can even backfire and destroy goodwill. Here are classic examples of good strategies that go wrong because of poor sequencing:
A new community with no activity that builds dozens of new boards A growth community not fostering a unique sense of community A mature community not establishing strong codes of conduct
Architecting a community is very different for the first ten users versus the next thousand users. New priorities come into play, community concerns will shift and strategies need tochange. As a community manager, ensure the strategy is appropriate and reflects your community lifecycle to ensure maximum impact.

Let’s take a look at proper goal settings for each stage of the community lifecycle.

Inception
Inception is the start of your community. You’re bursting with energy, enthusiasm, and big ideas. While your Invision Community is full of potential, your goal is to turn your vision into reality:
Members: Focus on nurturing a core team of members. Your goal is to get 10 – 12 superusers to consistently engage and support the community vision. Promotion: Your community won’t contain enough content to attract visitors through search engines, so you’ll have to rely on personal referrals, word-of-mouth, and direct acquaintances. Content: Focus on building expertise on core content areas that will make you stand out. You want to be the best in one subject. You’ll need to generate much of the content programming yourself, which should focus on functional value. Organization: Establish organizational parameters for the community, define the vision with stakeholders, write your Terms of Use, and validate the community concept. Community: The community is heavily centered around the community founder at this stage, so set the right tone and lead through example.
Growth
Growth is where the magic of community happens, balanced against the development of more explicit and formal conduct.
Members: Shift your focus from nurturing individual users to creating a workflow that can systematically welcome new members. Promotion: You should be proactive with your self-promotional activities to build community awareness such as email marketing, social media, or mailing lists. Content: Content will now be a mix between self-generated and co-created. You want to highlight community content by others to encourage community expertise. When you create content yourself, you want to start including emotionally-driven questions that connect users. Organization: Measure specific metrics for organization goals, highlight community health and successes, secure funding for ongoing budget and team. Community: A unique sense of community is cultivated at this time with shared experiences and language between members. Members feel excited to be a part of your community’s growth.         
Maturity
Maturity is when your Invision Community becomes critically acclaimed and well-known in the field. Even though your community looks to be run smoothly, there are still areas to address so your community doesn’t stagnate:
Members: There should be a clearly defined process and welcome guide for onboarding new members, an established pipeline that constantly brings on new superusers, and a rewards program that recognizes members for different types of member journeys. Promotion: Your site is well-known, so the search engine traffic and content within your community is enough to bring in new users. You can optimize your SEO at this point. Content: Almost all content is user-created at this point, which means your focus needs to shift to content recognition, organization, and moderation. Highlight the best community content; categorize and properly tag new content so the community stays organized; and scale your moderation to handle the size of your community. Organization: The community is a key part of your organization’s larger success and supports multiple areas of the business. Be a strong internal advocate for the community and align your community with your organization’s new profit areas. Community: Superusers not only have the privilege of creating their own content for the community, but they’ve stepped up as mentors and moderators. Your community has a strong culture that’s reinforced by members.
Mitosis
Mitosis is the stage when your Invision Community grows beyond its original mission, potentially splitting off into new subgroups. Many communities stagnate at this point with falling engagement and plateauing registration, but you’re catching onto the next big trend in your industry to grow into.
Members: New member registrations flatlines because you’re tracking with the industry. Your goal is to continue to delight members with new forms of omnichannel engagement like regional meetups, video conferencing, and headline conferences. Promotion: Your community self-generates organic traffic. Your promotion should shift from trying to advertise for yourself to exerting influence with industry partners as a trusted leader in the field. Content: Members can find the most comprehensive set of resource documents and discussion on your community. Your goal is to distill the knowledge into the best tips and guides for newcomers to obtain the most accurate information as quickly as possible. You should also archive areas that no longer receive activity while finding growth topics in your field. Organization: The community is a critical part of all business operations and integrates into all relevant workflows. You should build custom metrics to measure results, help determine new investment decisions, and streamline business efficiencies at the organizational level that benefit the community. Community: Your community becomes an incubator of new sections in a controlled manner for potential spin-off. Superusers control and moderate their own areas of the site like Clubs or Blogs.

Online communities evolve through distinct stages of the community lifecycle. At each stage, the needs and activities of members require different tools, features, and community management. Certain strategies are more impactful when they coincide with the right sequence.

Invision Community makes it easy to get started with a technology platform packed with features that every community manager can start using right away. But how you get to the first ten users, to the first thousand posts, or even to one billion likes will be a journey that’s truly your own.

Share your success story of Invision Community in the comments below. Did you make any rookie mistakes that you wish you knew beforehand? What are some strategies that you’re pursuing right now, and why do you think it’s an impactful decision for this stage of your community’s lifecycle?
We’d love to hear your journey along the community lifecycle.

I've had this similar conversation dozens of times in the recent past when someone has taken an interest in what I do.
Person: So what does Invision Community do?
Me: We develop and sell an independent community platform.
Person: Oh. Neat.

I used to say the F word. But this used to cause some confusion.

'We develop and sell a forum system'.
This used to elicit a response similar to this:
"Forums? They're still going?"
This line of thinking is quite prevalent among those who frequent Facebook, or use Facebook Groups to manage their micro communities. Even though they probably use forums regularly, or end up on forum topics when searching for things like "Why is my iPhone not charging", they don't realise this.
I recently guested on a podcast, where we spoke about "Facebook or Forums?", and I received this comment.

 
It appears, then, that the word "forums" has a lot of legacy connotations attached to it. It conjures up images of the past when Netscape Navigator was the world's favourite browser, and AOL was still mailing out CDs.

That is all ancient history now, and we've moved with the times. The product we have now has roots in the product from the early 2000s but it is wildly different and much more capable.
When you explain that you can segment discussions into separate areas (aka forums), and even set up independent micro-communities (clubs), you can see lightbulbs going off.

"That's amazing! I had no idea! So you mean I don't have to have my community in a single stream struggling for attention among adverts?"

Nope, there is another way.

Why not try an independent community platform?

I'd love to hear your thoughts. Do you avoid the F word too?
 

Braintree is a payment gateway provided by PayPal which provides some great additional features for PayPal transactions including a significantly improved recurring payments model. We are delighted to be bringing full support for Braintree for Commerce in Invision Community 4.4.
What is Braintree?
Braintree is a payment gateway provided by PayPal which supports taking payments by credit cards (including Apple Pay and Google Pay) and Venmo as well as PayPal, providing a good option for communities wanting to use a single payment gateway, and also brings improved functionality for recurring PayPal transactions.
For PayPal transactions, there are no additional fees and the checkout experience uses the normal PayPal experience your customers are used to.
Recurring PayPal Improvements
Recurring payments / Billing Agreements in PayPal have up until now been initiated by PayPal. Invision Community tells PayPal what the renewal terms of a purchase are, but then it's up to PayPal to take that payment and notify your community when it succeeds (or fails).
This comes with a number of limitations and problems. It makes it difficult for you as an admin to modify an existing purchase or for the customer to upgrade/downgrade. It also means the customer has to create separate Billing Agreements for each purchase. Most significantly though, it means if there is a delay in receiving the payment (such as an expired card) it is sometimes unclear what should happen on your community's end, and how it can be resolved if/when the payment is received.
Other payment gateways work the other way around. When a customer pays by card, for example, they have the option of storing their card details. Later, if they make another purchase or a renewal invoice is generated, Invision Community can tell the gateway to recharge the same card - and if it fails, allow the customer to provide an alternative payment method. This allow both you and your customers to have much greater control, and is much more reliable.
Braintree resolves this by allowing customers when paying with PayPal to save their PayPal account in the same way they would save a credit card on file. When paying with PayPal, users will see a simple checkbox which, if checked, will allow future payments to be taken with PayPal automatically.

Storing PayPal Accounts for Recurring Payments
Other Features
In addition to an improved checkout experience, our integration with Braintree supports:
Taking payments by Credit Card, including 3DSecure checking and the ability for customer to store card details on file. Braintree uses a fully PCI-compliant method of taking card details in a way that ensures the card information never reaches your server. Apple Pay and Google Pay Venmo, which also allows storing accounts in the same way as PayPal accounts. Offering PayPal Credit Handling chargebacks/disputes Support for Braintree's Advanced Fraud Tools
A Disputed PayPal Transaction
Existing Setups and Upgrading
The existing PayPal gateway will continue to be available for basic PayPal integration, and your existing set up will continue to work exactly as it does now after upgrading.
If you are using PayPal, especially if you are using Billing Agreements, we strongly recommend switching to Braintree after upgrading. While it isn't possible to convert existing Billing Agreements, you can allow existing ones to continue to work and use Braintree for new purchases.
Please note that while existing setups will work fine, from 4.4 it will no longer be possible to set up a new PayPal method with either Billing Agreements, or to take payments by card, as PayPal has deprecated the API this was using in favour of Braintree and it can no longer be enabled on new accounts.
As mentioned though, this does not affect any existing setups, which, if you do not switch to Braintree, will continue to work as they do now.
This blog is about our upcoming release Invision Community 4.4.

I really enjoy writing about the new features the development team have been slaving over for weeks (and sometimes months.)
It's a real joy to be able to share the finished product after we've seen it through inception, discussion, planning, assigning to a developer, coding, peer reviewing and final group testing.
Although sometimes, the features can be explained in a few screenshots, which makes for a pretty thin blog entry.
With that in mind, I've grouped together 6 of the best new micro-features for Invision Community 4.4.
Browser notifications
We introduced browser notifications in a previous version of Invision Community.
Once you've opted in to receive them, you'll get a fancy browser notification when new content is posted while you're off browsing other sites.
However, the browser prompt to ask for permission to push notifications isn't subtle, and it attacks you the second you log in for the first time.
In Invision Community 4.4, we've made it, so you're only asked to opt-in once you open the notification drop down.

No more being attacked by a permission dialog
Widget display settings
One of the most popular features we've added to the front end in recent times is the drag and drop widgets.
We see these used on almost every site we visit.
A popular request, though, was to be able to hide them from specific devices. By default, the sidebars appear under the main content when viewed on a smaller device such as a phone.
There may be times where you wish to show a block for those on tablets and desktops, but remove it for phones, so it doesn't take up precious retail space.
Happily, you can now do this on each block with 4.4.

Desktop only?
Club Navigation
Clubs are relatively new to Invision Community but they incredibly popular as they allow you to run micro-communities within your main community.
You're not limited to just forums either; you can add gallery albums and more to each club.
We've added the ability to re-arrange the club tabs allowing you to prioritise what you members see first.

Rearranging club tabs
Announcement URLS
Announcements have been a core feature for a long time now. We use them whenever we have a holiday so we can notify our customers about reduced support on those days.
We've made it so you can now link to an item, rather than have to provide new copy for each announcement.

We may have overdone it a bit
Time Frame selector
We noticed that in numerous areas around the Admin CP we had time input boxes. These would sometimes be used for seconds, minutes, hours and even days.
We've seen customers forced to enter things like 86400 seconds when they want the time frame to last a day. The lack of consistency wasn't great either.
In Invision Community 4.4, we've added a new Time Frame selector which is used as standard on all areas we ask for a time frame to be entered.
No more taking your socks off to work out how many seconds in a month.

Time is no longer relative
Group Name Styling
For about as long as I can remember (and as I get older, this is not an impressive amount of time), we've allowed group names to be stylized when shown in the online user list.
A very popular request is to extend that same group highlighting throughout the suite.
Finally, Invision Community 4.4 brings this to the suite.

If the group name is visible, that gets the styling, otherwise the name does
These features may be micro in nature, but we hope they make a significant improvement to your community.
Which are you most looking forward to? Drop a comment below and let us know.

It's easy to think that email is a relic from the past; from simpler times long before social media and the rise of phone apps.
And it's reasonable to think that way. Your phone constantly pings at you, and your laptop OS constantly pings at you, so why bother with email?
Because it's still a hugely powerful medium to get and retain attention.
In 2017, over 269 billion emails were sent and received per day. Of those, 3,360,250,000 are opened, read, and a link clicked.
Email is still very much a critical tool in your quest for retention.
Invision Community knows this. We have options to notify members of replies by email, weekly or monthly digests by email and members can opt-in for bulk emails sent from your community team.
Given how important email is, it was only fair that we invested in some love for our email system for 4.4.
Email Statistics
Just above, I mention that 269 billion emails are sent, and 3.4 billion are opened, read and clicked.
How many emails are sent from your Invision Community daily?
(No cheating and checking with SendGrid)
You probably have no idea as we didn't record email statistics.
As of Invision Community 4.4 we do!

Chart showing the number of emails sent daily
We now track emails sent, and the number of link clicks inside those emails.
Email Advertisements
Email notifications are a powerful way to get your members to revisit your community. The member welcomes these emails as it means they have new replies to topics they are interested in reading.

While you have your member's attention, you have an opportunity to show them a banner-style advertisement.


The new email advertisement form
When creating a new email advert, you can choose to limit the advert to specific areas such as topics, blogs, etc. - and even which forums to limit by.


Subliminal messages
This is a new way to reach your audience with your promotions.
Unfollow without logging in
Despite spending most of this blog entry shouting the virtues of email, it's inevitable that one or two members may wish to stop receiving notification emails.
In previous versions, the unfollow link would have taken you to a login page if you were signed out. For members that haven't been back in a while, this may cause some annoyance if they do not recall their login details.
Invision Community 4.4 allows non-logged in members to unfollow the item they received an email about or all followed items without the need to log in.

You no longer need to log in to unfollow items
Respecting your member's inbox is vital to keep on good terms with them and to keep them engaged in your community.
We'd love to know which of these features you're most keen to try in 4.4. Please drop a comment below and let us know!

It's very easy to focus on a single metric to gauge the success of your community.
It's very common for community owners to look at page hits and determine if their SEO and marketing efforts have paid off.
Getting traffic to your site is only half the equation though. The most valuable metric is how many casual visitors you're converting to engaged members.
Invision Community already makes it easy for guests to sign up using external services such as Facebook, Twitter and Google.
However, there has to be a conscious decision to click that sign-up button. For some, this may be a barrier too many.
Invision Community 4.4 reduces this barrier by allowing guests to create a post to a topic they want to engage with.
Once they have posted, they are asked to simply complete their registration. They are more likely to do this now they have invested in your community.
This will be incredibly valuable when you consider how much traffic a forum receives from inbound Google searches. With Post Before Registering, you'll increase your chances of turning that inbound lead into a registered member contributing to your site.
Let me take you through the feature and show you how it works.
When browsing the community guests will see the ability to submit a post, with an explanation that they can post now and complete registration later. The only thing they have to provide in addition to their post is an email address.

Posting as a guest
This works in any application for new content (topics, Gallery images, etc.) as well as comments and reviews. It will only show when a newly registered member would be able to post in that area - for example, it will not show in a forum that only administrators can post in. 
After submitting the post, the post will not be visible to any user, but the user will immediately be redirected to the registration form with an explanation to complete the registration. The email address they provided will already be filled in.

Registration form after posting as a guest
At this point, the user can either fill in the registration form, or use a social sign in method like Facebook or Twitter to create an account. After the account has been created, and validation has been completed if necessary, their post will automatically be made visible just as if they had registered and then posted.
If the user abandons the registration after they've submitted their post, an email will be sent to them to remind them to complete the registration.

Email reminding user to finish registering
 
Some Notes
Invision Community already has a feature that allows guests to post as guests without registration if granted permission. That feature has not been removed and so if you already allow guests to post, the behaviour will not change. This new feature is only available when a guest can't post in a given area, but a member would be able to. The entire feature can also be turned off if undesired. If the area the guest is posting in requires moderator approval, or newly registered members require approval of new posts, the post will enter the moderation queue as normal once their account has been created. Third party applications will require minor updates to support this feature. Once your casual visitor has invested time in your community by crafting a post, they are much more likely to finish the registration to get it posted. If you have set up external log in methods, then registration only takes a few more clicks.
This blog is part of our series introducing new features for Invision Community 4.4.

Today, we're handing over our blog to long time client and friend to Invision Community, Joel R.
@Joel R is often found hanging out in our community offering his insight and wisdom when he's not harassing the team in Slack.
Over to Joel.
Invision Community releases a variety of blockbuster features in every major update, which usually hits once a year.  You may think those updates are not enough (it’s never enough!), but I wanted to spend some time talking about how to survey and incorporate those features into your community systematically. 
This blog post is not about any specific feature, but more a general and philosophical approach in integrating the newest features.  My goal is to help you get the most out of every new IPS update!      
You may think that many of the features in the updates are easy to assess.  You either want them or don’t.  But it’s not that easy. 


 
I was inspired by some recent personal experiences when I found myself revisiting features from 4.2 and earlier.  I was pleasantly surprised to realize that I still had so much to experience and learn from those features, all of which I had previously reviewed when they were initially released.  Invision Community comes packed with rich features, and no community manager is expected to be a master at everything.  But a systematic approach is your best chance at making sure you get the most out of every feature.
To give a personal example, I jumped into Social Media Promotion when it first came out in 4.2.  The new Social Media Promotion offers several powerful tools for social media cross-posting, and I immediately wanted to learn how I could use it to cross-post content to my Facebook and Twitter accounts.  It’s an easy drop-in replacement for services like Hootsuite or Windscribe and allows community managers to drip interesting content to their social media pages for constant advertising and social engagement.
Well, it turns out my Facebook and Twitter reach is nil because I have no followers (wish I was more Internet famous!), so I soon lost interest and dropped Social Media Promotion as a tool.
A couple of months ago, I was assessing my homepage versus other popular websites when I came across a startling realization: I could make a gorgeously visual homepage on par with Instagram using Our Picks – a feature of Social Media Promotion.

 
I would intentionally ignore the social media component, but use the other component of Our Picks for a beautiful new homepage.  The context of using Our Picks for a homepage opened my eyes to a whole new way to evaluate Social Media Promotion, and what was once a feature on the back burner is now – literally - the front page of my Invision community.  I love it!   
To help you incorporate new Invision features, I’ve brainstormed 5 strategies on how to make the most out of Invision feature updates.  Each strategy comes with a mini-lesson for an action plan. 
1.    Learn the knowledge, not the feature.
This is my personal motto when Invision Community releases a new feature.  I’m more concerned about the knowledge and broader usage of the feature than implementing the feature itself: What’s the potential scope of the feature?  In what context could the feature be used?  How did Invision Community intend for the future to be used, and what are other ways it can be used?  
I’ve never worried about the technical configuration of the feature.  You enable or disable some settings, and that’s it.  But what’s more important is how the functionality can best be integrated and in what context.  You never know when you might come back to the feature for the next great idea, and you can only do that if you possess the knowledge and application behind the feature.  
Lesson: Try every feature at least once, even if you don’t need it.
    
2.    When at first you don’t succeed, take a nap.
Some things take a while to think about.  Don’t try to cram through all new Invision Community features.  There’s too many to digest in one pass.
Assess the features you’re most interested in one by one, play with each feature until you’re satisfied, test them, find out how they work, and when you get frustrated, take a nap.  Eat some ice cream.  Go jogging.  And revisit in a month.  The bigger the feature, the longer you should think about it.
  
The biggest “aha” moments didn’t come to me right away.  When you try to rush through a feature, you can get rushed results.  Take your time to bounce ideas around your head and try to think through the context of how to best utilize the feature.   
Lesson: For features that you like, set a calendar to revisit after a month.  Then take a nap.  
3.    You’re running the marathon, not a sprint.  
Successful community managers have evolved with the changing needs of our audiences.  While our mission remains the same, the backdrop of user expectations and digital trends has dramatically changed.  
When you implement a feature, you should be evaluating it for both sustainability and longevity.
Is this a sustainable mechanism to keep up with? 
Is this something that I want to continue for the foreseeable future?  
It’s nice to play with new features; every major update is like a Christmas unwrapping of new features.  But you need to prudently pick-and-choose which feature is most appropriate and how it can give you an impact for the long-term.  Sometimes it’s better to do a few things very well than many things not well at all.
Lesson: Ask yourself if you see yourself using the feature 3 years later?
4.    Make it uniquely yours
Invision Community ships with default features ready to use out of the box, but those features are just that: default.  We like to dress up our theme with custom colors, designs, and logos.  You should apply the same flair for customization with your features.
Some features are ready to be customized: reactions, ranks, and group promotion.  Others, however, might take more thinking.  Here are some examples to spark your creativity:
•    Social Sign-in Streamline – are you using the default message, or did you customize it with a unique and clever introduction?  
•    Fluid Forum – did you activate fluid forum and hope it went well?  Or did you use it as an opportunity to re-analyze your entire forum structure for the modern web?  
•    Leaderboard – did you leave it as a Leaderboard, or could it be Genius board for a technology company, or Joyboard for a nonprofit, or Loyaltyboard for a consumer brand?
Lesson: Make the feature uniquely yours.
5.    Talk through your scenario
Every battle-tested community manager knows that the only thing constant is change – whether it’s our forum software, ACP settings, user expectations, and broader digital trends.  It’s important to find a trusted circle of friends and users who can help you steer and implement features.  It may sound great in your head, but other users may look at it very differently. 
On my site, I have a trusted group of users called “Champions.”  In my pre-planning stage, I float my ideas by them as early in the process as possible.  They’ve provided valuable feedback of user expectations with differing perspectives.  I’ve nixed certain features based on their veto, and I’ve tweaked continuously based upon their continuous input.  Talk through your scenario with your trusted friends, and not just with the voices in your own head!    
Community management is such a uniquely rewarding and challenging role because every community demands and needs a different set of features.   Invision makes it easy with regular releases of exciting features, but you also need to make the most out of those features on your own.  Don’t just turn on the next feature: turn on excitement, joy, and community.  
If you notice, I didn’t include a lesson yet in my last strategy when you’re ready to talk about your scenario.  And that’s because it’s the ultimate lesson:
Write the next guest post in the Invision Community Blog and share your own success story in how you adopted a new Invision feature.  We’d love to hear about it.
Thanks Joel!
We love this angle on how to best evaluate the myriad of opportunities the Invision Community software allows.
What is your biggest take-away from Joel's advice?
 

We've recently spoken about how we've brought our Gallery and Blog apps up to date with interface overhauls to bring them inline with the high standards our customers expect.
Keeping this in mind, we're thrilled to announce that we've taken Commerce right back to 2009.
This needs an explanation.
Way back in 2009, Obama was inaugurated as the 44th President. Minecraft was put into beta, Slumdog Millionaire was released to critical praise and we had a product called IP.Subscriptions.
IP.Subscriptions was a lightweight member subscriptions manager that allowed members to purchase elevated permissions via a user group upgrade.
It was a fine little app. However, on the horizon we had a brand new eCommerce app in development. Then called Nexus, now called Commerce (we took months to come up with that).
It made sense for us to merge the products into one app given they both had overlapping functionality. They both could create packages to promote members to a new user group. Commerce was much more developed as an invoicing and billing system.
Everyone was happy.
Almost.
Commerce has grown to be an incredibly powerful app. It can sell anything from physical products like t-shirts, to digital products such as license keys and it can even manage your hosting set-up.
We use it for our support and billing systems, so we know how robust it is.
While it's an incredibly powerful commerce system, setting up basic subscriptions packages became a little more complex.
Over the past few years we've received a lot of feedback on this.
We've listened.
Commerce Member Subscriptions
We've built a brand new section into Commerce specifically for membership subscriptions.
Let's take a look at this in more detail.
On the front end, there's a very clear and easy to understand page for membership subscriptions.

The main subscriptions interface
Here you can see all the available packages, which one you're currently subscribed to and the upgrade and downgrade options.

A simple way to upgrade
There's several choices for costing upgrades in the Admin CP, here we have chosen to charge the difference between packages.

Get to your subscriptions easily
Your subscriptions are easily found in the user menu.
If the Admin allows, the package you're subscribed to appears as a badge on your profile.

 
There's also a little widget showing the packages which you can drag and drop to the sidebar for an additional prompt for non-subscribers.

 
This gives Invision Community a very clear and easy to understand interface for subscriptions which lives outside of the Commerce store and its packages.
Now, let's dive into the Admin CP
The main engine for this feature is the package list. This is in a separate area within Commerce.

 
The list also shows the number of currently active and inactive subscribers. This links to the list of subscribers.

 
Other than Bob having a total nightmare, you can easily view which members are currently active. The buttons link you to the Commerce invoice and purchase.
If you wish to add a member to a subscription without charging them (you generous soul, you), then that is easily possible.

 
Creating a new subscription package is very straight forward. We've built a new form which is stripped down to the fundamental items you'll need for a subscription.

 
As you would expect, there are several settings to control the system.

 
A few things worth mentioning here:
You can force new members to purchase a subscription on sign-up You can show or hide the profile badge indicating which package they purchased. You can choose to allow upgrades or downgrades. You can choose how you'd like to charge for upgrades or downgrades Thank you to everyone who has provided feedback over the years. We're really pleased to present this new feature and hope that it'll make your daily lives just a little easier.
Let us know what you think!
 

This month, we turn sweet sixteen!

We made our own card this year.
I know, it's hard to believe with our youthful looks and energetic personalities, but it's true. Charles and I have known each other longer than I've known my own children and we still make each other laugh on a daily basis.
Over the past 16 years we've seen a lot of trends come and go.
When we started, AOL dial-up was the preferred method of choice (and probably the only method of choice). Compuserve were flying high and I think I'll stop this walk down memory lane before I turn into my own grandfather and start talking about how things were better in my day.
A lot has changed. We've seen the rise of social media and how it disrupted habits. We've seen MP3 players become iPods, and iPods become iPhones and iPhones become iPads (other digital devices are also available).
It's crazy to think that our company pre-dates Facebook, Twitter and Youtube.

Click on this image to see it unless you have excellent eyesight
We're still here because we are always innovating and adapting. The software we're working on right now is vastly different from the one we started out with. And that is how it should be. We listen to our customers and we implement the great ideas.
Of course, we'd not have lasted a year without our customers. We're genuinely thrilled to still be doing a job we love and serving customers who have trusted their community with us.
Thank you all for choosing us and we're looking forward to the next 16 years.

"The world’s most valuable resource is no longer oil, but data", the Economist wrote recently.
Invision Community software stores a lot of important data that can be leveraged to analyze and improve upon the traffic and interactions with your site.
While there are some various statistics tools in the AdminCP already, we spent some time with 4.3 enhancing and improving upon our existing reporting tools, as well as adding some new analytics tools you may find useful.
Chart Filters
Beginning with 4.3, any dynamically-generated charts in the AdminCP that support filtering will allow you to save those filter combinations for easier access in the future. When you open the Filters menu and toggle any individual filters, the chart will no longer immediately reload until you click out of the menu, and 'All' and 'None' quick links have been added to the filters menu to allow you to quickly toggle all filters on or off.
Here is the 'Sales' chart for Commerce, for example. You will see that the interface is now tabbed.

Commerce's Sales chart
After opening the 'Filters' menu, selecting all of my products named 'test', and saving this filter combination as a new chart, I can quickly come back to this chart in the future.

Specific filter configurations allow you to run reports easily
Note that each user can save their own chart filter configurations independent of other users.
Top income by customer
Speaking of Commerce, we have also added a new chart to the 'Income' page, allowing you to view reports of your top customers. As with other dynamic charts, you can save filter configurations here for easy future access, and you can view the results as a table to get a raw list of your top customers' purchases. Further, we have tidied up the table views for the other existing tabs on this page.

Looks like brandon is my top customer
Reaction statistics
We have introduced several statistic pages to expose information about the Reactions/Reputation system and how your users are interacting with it. For instance, you can now view information about usage of each of the reactions set up on your site.

Yes, I'm definitely confused a lot
You can also see which users give and receive the most reputation (which is the sum of their reaction points, keeping in mind that negative reactions can reduce a user's total reputation score), you can see which content on your community has the most reputation (which might prompt you to promote it to the 'Our Picks' page, promote it to social media, or otherwise continue to encourage interaction with the content), and you can see which applications reactions are given in the most. This could allow you, for instance, to focus more efforts in areas of your site to drive more activity, or to foster activity in areas you did not realize were as active as they are.

Some areas of the community aren't as active as they could be
Additionally, when viewing user profiles on the front end you can now see a breakdown of which reactions each user has given and received when you click the "See reputation activity" link in the left hand column.

Apparently I'm not so much confused, as I am confusing
Tag Usage
Another useful statistic introduced with 4.3 is the ability to review tag usage on your community. As with other dynamic charts, you can filter however you like and save those filter configurations for easy future access.

Not all tags are equal
Trend charts for topics and posts
When viewing the New Topics and New Posts charts, there are now tabs for "New Topics by Forum" and "New Posts by Forum", allowing you to see which of your forums are the most active. Additionally, you will see a trend line drawn on the chart to show you the trend (e.g. whether activity is increasing or decreasing). You can also filter which forums you wish to review, so you can compare your most active forums, the forums that are most important to your site, or the forums that need the most attention/may not be relevant, for instance.

Viewing new topics by forum

New posts by forum, but viewing only a subset of my most important forums
Other Improvements
Some other miscellaneous improvements have been introduced as well, which you may be interested in:
When viewing Member Activity reports, you can now filter by group. We have also added the content count column to the table so you can quickly sort by top posters if this is relevant to the report you are running. Device usage is now also tracked (mobile, desktop, etc.) and can be viewed on a new Device Usage page. Developers: Dynamic charts now support database joins

We released news of Clubs just under a year ago for Invision Community 4.2 and it has been the best received feature to date.
Clubs opens up new ways to run your community by allowing members to create sub-communities away from the central forum area.
Since the feature was released, we've collated an immense amount of feedback on the feature. Here's what we're improving for Invision Community 4.3.
Paid Club Memberships
If you have Commerce installed on your community, 4.3 adds the ability for members to create paid clubs. Users wishing to join the club will be required to pay a membership fee (which can be one off or recurring) which will be paid to the club owner, minus any commission you want to keep for the site. You can choose which groups can create paid clubs.

Paid Club Settings
If enabled, the club directory will show the price for membership in each club.

Club directory with paid clubs
The process for joining works a little differently depending on the type of club...
For open clubs, the user will immediately be prompted to pay the joining fee. Once they have paid, they are added to the club as normal. For closed clubs, the user will need to request to join as normal. Once they have been accepted to join the club, they will then be able to pay the membership fee, after which they'll be added to the club. For private and read-only (a new type in 4.3, which we'll talk about below) users have to be invited to join the club Public clubs have no membership, and so cannot be paid.
Joining a paid club (a closed club in this screenshot)

Paid club after request to join has been accepted

Paying for club membership
Club leaders can also waive the membership fee, allowing certain users to join the club for free.

Waiving fee when approving request to join

Waiving fee when inviting members

Waiving renewal fees on an existing member
If a member fails to pay their renewal charge, they are moved into an "expired" state. The club leaders can see the status and renewal date for all members, and use the filter tools to just see active or expired members.

Club members management
Paying out membership fees works just as it does with paid files in Downloads. Users receive the amount as account credit. If enabled, they can then request a payout of this via PayPal or a manual payout method you want to use.

Viewing an invoice in the AdminCP where some payment has been given to a member

Viewing account credit with options to withdraw funds
 
 
Club content throughout the community
Currently content in clubs is only visible within the club itself. In 4.3 a new setting allows you to show the content from clubs throughout the community - for example, if a club contains a forum, that forum can show in the main forum list.
 
Club forums showing on main forum list
This is a single toggle: if enabled, all content from clubs that each user has joined will show throughout the community, appearing below the normal categories/etc in that application.
 
 
New Club Type: Read Only
In addition to Open, Closed, Private and Public, we have added a new club type in 4.3: read only. In a read only club, everyone can (without joining) view everything in the club, but cannot participate unless they are invited by a club leader.
 
Following
Users can now follow a club, and will then receive notifications about all new content in the club - the same as if they followed every content area in the club.
 
List View
In addition to the current grid layout of clubs, there is a new list-style.

Clubs List View
The admin can choose which views are available and what the default should be.
 
AdminCP Approval
You can now filter the list of clubs in the AdminCP to clubs requiring approval and approve clubs from within the AdminCP.

Approving clubs in AdminCP
 
Deleting Content Areas
Club leaders can now delete content areas within their clubs. This can be useful if, for example, the leader added a club feature by mistake.
Content areas can only be removed if there is no content within it, or if you have granted club leaders the ability to delete content in their clubs (since they would be able to empty it).

Ability to remove features from clubs
 
Other Minor Tweaks
You can now set per-group the maximum number of clubs a member in that group can create. A member invited to join a club can now delete the invitation if they do not want to accept it (rather than just ignoring it).

Stripe is the most popular payment method in Commerce, allowing communities to take payments by card securely with easy setup.
While there's no doubt that credit cards are still the most popular methods of making a payment, digital innovations such as Apple Pay are increasing in popularity.
For 4.3 we've deepened our integration to support some of their latest features.
Apple Pay & Google Pay
Apple Pay allows users to pay quickly with their iPhone, iPad or Mac (with Safari and either a paired iPhone or using the MacBook Pro with Touch ID) using the card details stored on the device, authenticated with Touch ID or Face ID.
Apple Pay
Google Chrome (on desktop or Android devices) supports a similar feature allowing users to pay with card details stored in their Google account with Google Pay, or stored in Chrome itself.
Paying with card details stored in Google Chrome
 
Both of these features are now supported through Stripe in Invision Community 4.3. Setup is simple - for Apple Pay you simply need to verify that you own your domain by uploading a file you obtain from the Stripe dashboard, and nothing special is needed for Google Pay - and then create the payment method in the AdminCP. Stripe does not charge any additional fees for either option.
Commerce will automatically hide the option if the user's device does not support either method.
3D Secure
Also known as Verified by Visa, Mastercard SecureCode, and other brand names, 3D Secure is a system that is used to verify a customer's identity before purchase is completed and transfers the fraud loss liability from the merchant to the cardholder bank in case of fraudulent disputes.
After the user has entered their card details, they are redirected to their bank's website and asked to provide additional verification.
Our integration with Stripe in 4.3 now supports this process. A new setting allows you to choose if you want to use 3D Secure just for cards which require it (i.e. cards which would decline the payment if 3D Secure is not completed) or for all cards which optionally support it as well.
 
Amex Express Checkout
American Express cardholders can use Amex Express checkout to pay by using their American Express login rather than providing their card information.  This is also now supported through Stripe in 4.3.
Amex Express Checkout
 
Alipay, Bancontact, Giropay, iDEAL, SOFORT
These are popular payment processors internationally (Alipay is popular in China, Bancontact in Belgium, Giropay in Germany, iDEAL in the Netherlands, and SOFORT in several European countries).
The checkout experience is similar to PayPal with the user being redirected to the appropriate site, authenticating the payment, and then being redirected back.
All of these are also now supported through Stripe in 4.3.
 
Dispute/Chargeback Handling
A dispute (also known as a chargeback) occurs when one a cardholder questions your payment with their card issuer, which causes the funds, plus a fee, to immediately be taken from your account until evidence is provided that the transaction was legitimate.
Anyone operating an online store knows how frustrating this experience can be. In 4.3, we've made dealing with this situation a little easier. When a dispute is created, Commerce will now mark the transaction as disputed, which will immediately revoke any benefits from the purchase (for example, if it's for a subscription that moves them into a different group, they will be placed back into their original group; if it's a Downloads file, they won't be able to download it any more; if it's for a physical item that hasn't been shipped yet, the shipping order will be placed on hold).

Disputed Transaction
All transactions with currently open disputes can be accessed quickly from the transaction list. The transaction page will show you the status and reason for the dispute, and links to your Stripe dashboard where you can respond.
When the dispute is resolved, the transaction screen will be updated, with either the transaction being marked as refunded if the dispute is lost, or going back to paid if the dispute is won and the funds returned to you.

A dispute that was lost

A dispute that was won
 
 
Radar
Radar is Stripe's suite of fraud detection tools using machine learning and customisable rules to help detect fraudulent transactions.
Stripe will automatically blocks transactions is considers highest risk already. However, for "elevated" risk transactions, while Stripe would alert you of them so you could review them, Commerce would process the transaction normally.
In 4.3, Commerce will place any transactions which Radar reports as having an "elevated" risk level on hold for manual review, so you can decide whether to approve or not before the funds have been captured.
In addition, the transaction details screen for Stripe transactions now provides some additional information about Stripe's checks on the transaction, including the Radar risk level, if the CVC check passed, and if the billing address provided matches the card's billing address.
If a fraudulent transaction does make it through, you will now have the option to indicate this when refunding the transaction to help Stripe's anti-fraud systems learn.

The best way to convert guests into members is to make the onboarding process as simple as possible.
Over the years, we've added special log in methods for Facebook, Google, LinkedIn and Microsoft. We've carefully hand coded these integrations to allow guests to sign up with just a few clicks using services they're already a member of.
These services used to use proprietary methods to link with other websites, but a new standard has emerged.
OAuth
You may not know it, but you're probably familiar with OAuth already. If you have enabled the ability for users of your community to sign in with their Facebook, Twitter, Google, LinkedIn or Microsoft account, you may have noticed that the process for setting up each of these is quite similar. This is because they all use the OAuth protocol.
In Invision Community 4.3, we are introducing several exciting new features:
In addition to all of the existing social networks above, which retain their "easy setup" status, we have also added Wordpress. Users on your community can now sign in with any Wordpress site you control (you will need to install a Wordpress plugin to enable OAuth capabilities). As well as those "easy setup" options, we have also added the ability for you to allow users on your site to sign in with any OAuth 2.0 based provider. This means, for example, if your community is based in a location where other social networks are popular, if they use OAuth, you can set those up too. While the setup is a little bit more complicated, this doesn't require any custom programming - you'll just need to find out a few more pieces of information from the provider (an example is provided below). Invision Community itself can now also serve as an OAuth 2.0 server so you can set up other sites to be able to facilitate logins using credentials from your community. This works in conjunction with our REST API, allowing you to make API calls as an authenticated member, which will return just the information that user has access to. With the ability for Invision Community to serve as both an OAuth server and client, this now provides standard integration for multiple Invision Communities together, which will now replace the old IPS Connect feature. We have also taken this opportunity to make a few other minor tweaks to login, registration and account management features, especially for communities which rely heavily on non-standard login methods (more details below).  
Setting Up a Custom OAuth Provider
For this example, I'm going to use vk.com, which is a popular social network in Europe. While Invision Community doesn't provide this as one of the "easy setup" options, it is based on OAuth 2.0 so we can use the new functionality in Invision Community 4.3 to set it up.
In older versions, the list of login handlers in the AdminCP had all of the providers listed with enable/disable toggles - because now you can add as many custom handlers as you like in 4.3, it's now a list where you can add/delete options:

Login Handlers List
When clicking the "Create New" button, you'll see all of the different handlers Invision Community supports. Since vk.com isn't in the list, but is still OAuth 2.0-based, I'll choose the "Other OAuth 2.0" option:
 
Choosing a Login Handler
You'll now need to use the documentation provided by the site you want to integrate with to fill out this form. While no custom programming is required, the documentation is usually quite technical in nature - but you only need a few key pieces of information. We anticipate that for some of the more popular options, guides will be provided to help you find the information you need.
I have created an application in vk.com's developer center and so I will copy and paste my credentials into the form:

Inputting vk.com credentials
I then need to find the endpoints from vk.com's documentation and input those too.

Inputting vk.com endpoints
Next I need to find the endpoint where I can access the user's information within their API and the parameters they are returned by. The only required piece of information is an ID, but you can also provide the parameters for accessing the display name, email address and profile photo. If display name/email address isn't available/provided, the user will be asked for this the first time they sign in. vk.com's API doesn't provide access to the email, but I can use the screen name as the display name, and they do provide access to the photo:


Inputting vk.com User Information Endpoint and response parameters
Finally, provide a logo and a color for the sign in button and some final settings:

Inputting vk.com Logo and Button Color
And now vk.com login is set up. A button will now show up on the front end which I can use to sign in. I didn't provide a way to access the email address, so on the first sign in, the user will be prompted to provide that, but the screen name and profile photo from vk.com will be used:

Signing in with vk.com
 
Using Invision Community as an OAuth Server
You can also set up Invision Community itself to be an OAuth Server. This may be useful for two main reasons:
If you want to integrate two communities together, or integrate with something else which supports adding custom OAuth clients. If you are a developer and want to use the REST API using OAuth for authentication rather than an API Key. You can either make requests as an authenticated user (by obtaining an access token) or using Client Credentials. The screenshots below show the full capabilities which are quite technical and mostly aimed at developers. If you will just use this feature to link two communities, don't be concerned if it looks too complicated, an easy-to-follow guide will be available to achieve that.
You will set up the clients from the AdminCP:


Setting up an OAuth Client
When creating the OAuth Client, you can control which scopes are available, and which endpoints of the REST API they provide access to:

Defining OAuth Client Scopes
The login process is then the standard OAuth flow, and users have the ability to view authorisations in the account settings:

Authenticating an OAuth Client
The REST API has new and updated endpoints to be aware of the authenticated user:

A new REST API endpoint which returns details of the currently authenticated user

An updated REST API endpoint which, when called using OAuth authentication, will only return data the authenticated user has access to
 
Other Login System Tweaks
Users can now choose if they want to change their local display name or email address if it is changed by an external login method (or the administrator can choose this behaviour). If there is an issue with this (for example, it wants to change the email to one that is already taken), or profile photo syncing, this is now better communicated to the user. You can now control per-login-handler if new registrations are allowed using it. This addresses some confusion from previous versions as to if the "Allow New Registrations" setting applies to accounts being created by social network logins. The Standard login handler can be disabled if you rely totally on an alternate login method. To allow this to happen:  All areas where a user is prompted to re-enter their password (some areas of the account settings) now allow reauthentication using any login handler. You can disable local registration but still allow accounts to be created by other login handlers, or redirect users to an external URL to register an account. You can also disable or redirect to an external URL for changing email address / password or the Forgot Password tool. You can now create multiple instances of the external MySQL database and LDAP login methods which have also had some other minor tweaks: The external MySQL database handler now has PHP's password_hash() function as an available option for password encryption type, and defining a custom encryption method is now much easier, done entirely in the AdminCP without needing to modify PHP files. You can now choose if changes to the local display name / email address / password is synced back to the external database / LDAP database. You can optionally show these handlers in the Account Settings pages like other login handlers to allow users with an existing account to link their accounts. You can define a Forgot Password URL for the external database which the user will be redirected to if they try to use the Forgot Password tool and that is how their account is authenticated. 

Making security considerations a key part of your community setup and maintenance can save you from many future headaches.
You've worked hard to get your community moving. Don't make yourself an easy target and undo that work.
Here’s our current advice to our customers.
 
1. Enable HTTPS
HTTPS is fast becoming the standard way to serve websites. In 2016, more than 50% of web requests were served under HTTPS for the first time. Chrome and Firefox now explicitly warn users on login forms that aren’t sending data over HTTPS, and it’s not hard to imagine that in the near future all insecure pages will receive the warning.
HTTPS simply means that website data is served over a secure connection and can’t be read or tampered with by a ‘middle man’ hacker. You can identify a site using HTTPS because the address in your browser will show ‘https://’ (instead of http://), and normally a lock icon or the word ‘secure’.
Invision Community supports HTTPS by default simply by changing your base URL configuration to include HTTPS. Of course your web host will need to support it as well and our Invision Community Cloud services support it by default. Contact support if you have any questions.
Recommendation: Set up HTTPS for your entire community to prevent ‘man in the middle’ attacks.

2. Set up Two Factor Authentication
Invision Community supports Two Factor Authentication (2FA for short), and we highly recommend making use of this feature for your users, but especially for your administrator staff.
2FA is a system that requires both a user’s password and a special code (displayed by a phone app) that changes every few seconds. The idea is simple: if a user’s password is somehow compromised, a hacker still wouldn’t be able to log in to the account because they would not have the current code number.
You may already be familiar with 2FA from other services you use. Apple’s iCloud, Facebook and Google all offer it, as do thousands of banks and other security-conscious businesses.
Invision Community supports 2FA via the Google Authenticator app (available for iOS and Android) or the Authy service, which is able to send codes to users via text message or phone call. You can also fall back to security questions instead of codes.
You can configure which members groups can use 2FA, as well as requiring certain groups to use it. 
Recommendation: Require any staff with access to the Admin Control Panel or moderation functions to use 2FA, to ensure that no damage can be done should their account passwords be discovered. Allow members to use 2FA at their discretion.
 
3. Configure password requirements
The password strength feature displays a strength meter to users as they type a new password, showing them approximately how secure it is, as well as some tips for choosing a good password.
While you can leave this feature as a simple recommendation for users, it’s also possible to require them to choose a password that reaches to a certain strength on the meter. 
Recommendation: Require users to choose at least a ‘Strong’ password.
 
4. Use Admin restrictions
It’s very common that many different staff members need access to the Admin Control Panel depending on the role. You may have design staff, billing staff, community managers, and so on, all with particular tasks they would like to achieve.
Invision Community can help improve the security of your Admin Control Panel by allowing you to restrict the functions available to each administrator, granting them access to only the tools needed to do their job. 
Recommendation: Audit your community’s administrator accounts and applying restrictions where it makes sense to do so.
 
5. Stay up to date
It’s important to ensure you’re always running the latest release of Invision Community. With each release, we add new security features, audit code and fix any issues reported through responsible disclosure. Falling behind can therefore make your community a tempting target for potential hackers.
Your Invision Community Admin Control Panel will let you know when a new release is available, and you can also check out our Release page to track releases.
For our Enterprise customers, we’ll automatically apply updates for you shortly after release as part of your plan. For our self-hosted and Cloud customers, you can easily apply new updates via the Admin Control Panel with a couple of clicks.
Our Invision Community Cloud contains all best practices for security. However, if you are self-hosted, be sure to work with your web host to ensure your server is setup properly. Ensuring that server software, firewalls, and access controls are in place is very important as an insecure server can be your worst enemy.
Recommendation: Aim to install latest updates as soon as feasible.
 
6. IP address restrictions
For organizations where staff are centrally-based in one location, or are required to use a VPN, you can improve your community security by restricting access to the Admin Control Panel to the IP addresses your staff will be using. This is a server-level feature, so contact your IT team to have this facility set up your installation. Enterprise customers who wish to utilize IP restrictions should contact our Managed Support team, while Cloud customers can submit a support ticket to have this set up.
Recommendation: Where staff all access the community from a small number of IP addresses, restrict Admin Control Panel access to those IPs. 

Summary
Don’t leave security as an afterthought. Invision Community includes a range of tools to help you ensure your data and members protected, as well as industry-standard protections ‘under the hood’. Make use of these features, and they’ll help ensure the wellbeing of your site.
As always, if you have any questions or need advice, our support team are on hand to assist you.

Here is the roundup of what's new in Invision Community 4.2!
Highlights
There's a lot of new feature in 4.2 but here are a few of the highlights:
Promoting Content - A new way to promote content in your Community internally, on Facebook, and on Twitter.

 
Clubs - Clubs are a brand new way of supporting sub-communities within your site. Many people have requested social group functionality in the past and Clubs are our implementation of this concept.

 
Reactions - Offer more fine-grained sentiments towards content than a simple up/down or 'like'. They are now in common usage on social networks, and so users expect to be able to be more nuanced in their response to something they see.

 
Complete Your Profile - Encourage or require members to fill out the details on their profile. Also now allows for quick registration to encourage joining.

 
And a whole lot more..
It goes on... here is the full list!
Leaderboard Enhancements Richer Embeds Group Promotion Improvement Fluid Forum View Member History Editor Uploading Improvements Authy Integration Commerce Improvements New REST API Endpoints Gallery Improvements Statistic Reporting Copy Topic to Database Downloads Index Page Blog Sidebar Promoting Content Clubs Reactions Calendar Venues Social Sign In Streamlining Calendar Add Similar Event Gallery Lightbox Navigation Letter Profile Photos SEO Improvements Device Management Delayed Deletes Calendar Event Reminders Content Messages Recommended Replies Complete Your Profile Be sure to visit each entry above for more information and screenshots. We hope you enjoy Invision Community 4.2!
 

This entry is about our IPS Community Suite 4.2 release.
I am sure we have all accidentally clicked delete on a post in your community and then realized you needed it. Luckily we now have Delayed Deletes to easily restore deleted content.

Settings in AdminCP
You can delete just as you normally do as you moderate and your posts will be removed just like now. The main difference is that you can now view recently deleted content and restore as needed in the Moderator Control Panel.

Easily view what is pending delete
All you have to do is click the deleted item and you will be taken to that item in context of where it used to be. This makes is much easier to understand why it was deleted and decide if you should restore.

Restore and view deleted content in context
Delayed Deletes is a feature that could be a life saver for your community and we cannot wait to get it out to you.

I'm pleased to announce we're finally ready to open our new Developers area. The aim of this project has been to improve our existing developer documentation by building a central place to contain it, as well as update and expand the content available.
As of today, we have the regular documentation and REST API documentation ready to use. Over the coming weeks and months, we'll be expanding what's available further, going into more detail about the tools available within the framework. We've also started work on comprehensive Getting Started guides, that will walk you through simple developer projects from start to finish - these will be available soon, once they're complete.
If there's a particular aspect of IPS4 development that you don't feel is adequately catered for right now, please let us know! This will help us direct our efforts to the most useful places.
Enjoy!

Often when you are reading a topic, comments, or other posts, you will see team members replying. Although IPS Community Suite already allows groups to set up custom images and member titles, these replies can get lost in the noise.
Version 4.1.13 now allows you to switch on post highlighting per member group. This makes sure the reply stands out from the rest of the replies.

 
Of course, this feature works everywhere; from calendar comments to article replies.

 
The feature is switched on via the Group form in the ACP.

 
You can edit the look of the highlighting via the theme’s settings which allows for different color schemed per-theme.

 
We have also ensured that theme designers can get the most out of the system by embedding a data attribute noting the group of the author. This means that you can add custom CSS to use different colours per member group.

 
 
 
We think post highlighting will be a simple way to bring attention to member posts in groups that you define.
 
 

We are releasing a patch for IP.Board 3.4.x and IP.Nexus 1.5.x to address two potential security issues brought to our attention.

It has been brought to our attention that an open redirect exists within IP.Nexus which might allow a user to redirect other users to a remote site of their choosing through IP.Nexus. Additionally, an issue has been brought to our attention where-by sensitive user data may be exposed in certain circumstances.


To apply the patch
Simply download the attached zip and upload the files to your server. This single zip file includes the patch files for both IP.Board as well as IP.Nexus.
 
patch-34x-05252016.zip
 
If you are an IPS Community in the Cloud client running IP.Board 3.4 or above, no further action is necessary as we have already automatically patched your account. If you are using a version older than IP.Board 3.4, you should contact support to upgrade.

If you install or upgrade to IP.Board 3.4.9 after the date and time of this post, no further action is necessary as we have already updated the main download zips.

We are currently beta testing our next release, 4.1.12, which contains hundreds of bug fixes, dozens of improvements, as well as a handful of new features. I wanted to introduce one of those new features: post preview.
Long-time users of our software will know that a post preview function was a standard feature, but we took the decision to not include it in the initial IPS4 release. It had a couple of drawbacks:
it only applied to certain pages, such as topic view - other WYSIWYG editors simply didn't get a preview the workflow wasn't very good for modern web apps, requiring a round-trip to the server and a full page refresh When IPS4 was released, we felt that the built-in rendering of the editor was a sufficient preview of how the end result would appear. However, while analyzing ongoing customer and user feedback for IPS4 in its first year of release, we have seen that a preview still has a use. There are some circumstances when a true WYSIWYG experience is just not possible such as using more advanced formatting (like LaTeX) or when admins create certain custom editor plugins.
As a result, we rethought post preview. We wanted to ensure that all editors could be previewed, and that it didn't have a clunky workflow. In addition, since IPS4 uses a responsive theme, we wanted to give users the opportunity to preview how their post would look on different devices.
Here's the result, and what will be available in 4.1.12:

Post preview in IPS Community Suite 4.1.12
The preview is shown by clicking a new button on the toolbar (meaning it can be moved, removed, etc. just like the other default buttons). When the preview loads, the toolbar allows the user to resize it to different device sizes. If they are on desktop, they can also view it at tablet at phone sizes; on a tablet, it can also be viewed at phone size.
So now we not only show a true preview of what content will look like when posted, but we also allow you to preview how it will look on other devices. Of course that preview is just a best-guess since different devices have different window sizes but it does give you an idea.
We hope this reimagining of an old feature for a more modern web will please end-users and make posting content a more accurate process. Stay tuned for more updates on what's included in 4.1.12!
Version 4.1.12 is currently in beta testing and should be released in the next two weeks.

We have released version 4.1.9 with many bug fixes, performance improvements, and feature enhancements. Our thanks to the QA team and all our clients who participated in the beta release.
This is also a security release so please upgrade as soon as possible. All Suites will see the red alert banner show.
To be notified of updates as soon as they are available you can add an email address in your AdminCP under General Configuration.
 
New or Changed Features
When your link auto-embeds in a post such as with an image, YouTube video, Twitter link, etc. an option will now display to revert the embed back to a plain text link if you do not want the embed. New setting to disable embedding. Facebook/Twitter integration improvements If you are an administrator and encounter a system error, additional debug output will now display. Regular members will see the normal error message. Custom Fields for Support Requests in Commerce now show on the front-end. If an advertisement is set up with a main image, but not smaller images for tablets/mobiles, the ad would not show at all on tablets/mobiles. This has changed so the main image will display on all devices unless smaller images are provided. Topics scheduled to automatically lock or unlock will now reflect this in the topic listing and when viewing the topic. Placing a link to a Facebook status will embed when possible. When viewing a report, the container (for example, the forum) the content is from is displayed. Three character searches are now allowed in the Admin CP Live Search. The Account Settings page now uses vertical rather than horizontal tabs to prevent overflow. If Gravatar is enabled, and a user has not defined an profile photo, then their email address will be used to fetch from Gravatar unless explicitly set not to. Gfycat embeds now use their oEmbed endpoint rather than their JS API. Using Amazon CloudFront as https provider will now be recognized as valid secure connection. The member REST API endpoint will now return custom fields. The Developer Center for Plugins now shows the filename in the list of hooks, and when editing a hook, a breadcrumb includes a link back to the list. Inline notifications can now be dismissed Efficiency improvements to the search index You can now close a poll independently of the topic You may want to read a bit more on our embed improvements:
And Activity Stream improvements:
We are well into development on version 4.1.10 which will follow along soon. Keep an eye on our Release Notes for updates on what will be coming in that release.
If you have any issues please open a support ticket. You can also submit reports to our bug tracker. Thank you!