Tom S.

To celebrate Invision Community turning 20-years-old (an eternity in Internet years), I interviewed the company's founding fathers.
Ahh the good ol' days. Remember simpler times?
This new video interview touches on Invision Community's past, present and future thanks to the invaluable insight from  @Charles, @Matt and @Lindy. 
 
In our chat together, these gentlemen...
 
Take a nostalgic trip down memory lane and reflect on the company's origins Explain the power of community amidst the social media boom Offer advice for new community leaders on how to grow Share some of the biggest changes to the platform Recant fond memories from the earlier days Reveal a teaser of what's next for Invision Community  
Noteworthy quotes:
Charles:
 
Lindy:
 
Matt:
 
Thoughts on the interview? We'd love to hear from you in the comments! 🎂 

Invision Community's latest update, 4.6, is officially out! 
To celebrate, we hosted a live event on Zoom.
I, alongside two of the three Invision Community co-founders @Charles and @Matt (shout-out to @Lindy) sat down for a roundtable talk to chat about some of the slickest features 4.6 has to offer.
If you'd like to refresh your memory with exactly what features we implemented in 4.6, check out our detailed blog post (after you're done watching our live event above, of course). 
It includes:
Achievements Spam Improvements Health dashboard Web app and push notifications Anonymous posting Solved content Show when a team member has replied
Did you catch the low-key Smart Community announcement? 🙃

We also wanted to take the time to answer a few questions we received during the live event that we couldn't get to in the moment.
Question: regarding the anonymous posting... is it completely anonymous (like no record is stored of who posted it) or is just a pseudo thing, like it shows "anonymous" but admins/mods can see who posted it?

Answer: The community owner can choose whether moderators can see the true identity of the user. This uses the built in moderator permissions so they can have it so all moderators, just specific moderators or nobody can see this info.
---
Question: Is the translation service be hosted by IPS or do we need to use Google or Bing services on our community?
Answer: It will be a turnkey service provided by Invision Community.
---
Question: Does Achievements show how many x Points are left to the next level?
Answer: Yup!

 
---
Question: When will Smart Community be available?
Unsatisfying Answer: We are excited to share more details on Smart Community soon!
---
We appreciate you participating / watching our first-ever live event. We're planning on doing more, so keep an eye out for the next one.
Thoughts? Comments? Questions? Concerns? Drop us a line in the comments!

One of the most popular requests we get for Commerce is for a free trial period for subscriptions. We've heard from many clients that wish to allow their members a free, or reduced cost trial period before auto-renewing the full price.
I'm pleased to say that we've now added this functionality into Invision Community 4.5. Let us take a look at how it works.
Initial Terms
In 4.5 you can now specify an initial term that is different to the normal renewal term for any subscription plan or product. For example, you could make the initial term $0 for 1 week and the normal renewal term $10 per month which will allow you to create 1 week free trial. The initial term doesn't have to be $0, you can use any special price for the initial term you like.

Subscription Plans showing Free Trials
For developers creating their own applications with Commerce integration, this functionality is also available to you simply by passing a DateInterval object representing the initial term when creating the invoice.
Collecting Payment Details for Free Trials
Previously, if you were buying something that is free, the entire of the last step of the checkout would just be skipped and the invoice marked as paid.
In 4.5, if:
The user is purchasing something which has a free initial period, but also has a renewal term (i.e. is a free trial), and You have a payment method which can collect card details (Stripe, Braintree, etc) The user will be prompted to provide payment details that will not be charged until after the free trial. If the user already has a card on file they will not be prompted to provide the details again but will see a confirmation screen rather than the order just being marked paid immediately.

Checkout Process for a Free Trial
As you can see, allowing a free or reduced cost trial period has never been easier. We hope that you enjoy using this new feature of Invision Community 4.5.
 

Minor releases are almost always just maintenance releases. We gather up a fistful of bug reports and fix them to ensure that every month or so, our clients enjoy more stability and efficiency with Invision Community.
However, more recently we've noticed that we're running low on bug reports, so we've managed to squeeze in a handful of improvements in Invision Community 4.4.5.
Let's take a look and see what's new in Pages.
How should the canonical tag behave?
While this isn't the most exciting name for a feature, it does explain it reasonably well. We had a recent discussion on the forums where it was pointed out that the canonical tag directed search engines to the first page of any record. While this makes perfect sense for an articles or blog system where the content you create is more important than the comments, it makes less sense if the user-generated content (aka the comments) is more important than the content you put up. A good example here is where you put up a video or link for review. You don't want the canonical tag pointing to the first page as it will ignore the reviews themselves.

If you didn't understand much of that, don't worry. The idea behind this feature is to provide Google and friends with a better hint about which content is more important. A happier Google bot slurping your site is a good thing.
How about that Admin CP menu?
When you create a new database in Pages, it is shown in the ACP menu under 'Content'. This is fine, but when you get a lot of databases, it starts looking a little cluttered, and it can be hard to find the correct one.

We've reworked the menu so items have their own section, and can be re-ordered using the ACP menu re-ordering system.
Member fields are now filterable.
Pages allows specific field types to be filterable. This means you can sort by them with the table's advanced search box, and you can drag and drop a filters widget next to the table to refine the rows shown.
Now a member custom field is filterable, which is handy if you use them in your databases.
Other areas of the suite.
Messenger search
A while back, we made a change that removed the ability to search messenger by the sender or recipient name. We also limited the reach of the search system to one year and newer.

Unsurprisingly, this wasn't very popular. We've restored sender, and recipient name searching removed the one year limit and re-engineered the internals of search, so it's more efficient and returns results much faster.
How many members do you have?
You can see quite quickly if you have the member stats widget on the front end, but finding out via the Admin CP is a little more tricky. 

 
Until now! We've added a dashboard widget that not only shows the number of members you have registered, but also a break down of their email opt-in status.
A happier autocomplete.
Apple has this cool feature where if you receive a text message for a two-factor authentication login, it offers to auto-fill the code box for you.
We've had a sweep throughout the suite to ensure two-factor authentication fields allow this autocomplete to happen.
While we were at it, we made sure that other fields are more easily autocompleted.
That wraps up the new features in Invision Community 4.4.5. How many have you spotted after upgrading?
Let us know your favourite below.

Braintree is a payment gateway provided by PayPal which provides some great additional features for PayPal transactions including a significantly improved recurring payments model. We are delighted to be bringing full support for Braintree for Commerce in Invision Community 4.4.
What is Braintree?
Braintree is a payment gateway provided by PayPal which supports taking payments by credit cards (including Apple Pay and Google Pay) and Venmo as well as PayPal, providing a good option for communities wanting to use a single payment gateway, and also brings improved functionality for recurring PayPal transactions.
For PayPal transactions, there are no additional fees and the checkout experience uses the normal PayPal experience your customers are used to.
Recurring PayPal Improvements
Recurring payments / Billing Agreements in PayPal have up until now been initiated by PayPal. Invision Community tells PayPal what the renewal terms of a purchase are, but then it's up to PayPal to take that payment and notify your community when it succeeds (or fails).
This comes with a number of limitations and problems. It makes it difficult for you as an admin to modify an existing purchase or for the customer to upgrade/downgrade. It also means the customer has to create separate Billing Agreements for each purchase. Most significantly though, it means if there is a delay in receiving the payment (such as an expired card) it is sometimes unclear what should happen on your community's end, and how it can be resolved if/when the payment is received.
Other payment gateways work the other way around. When a customer pays by card, for example, they have the option of storing their card details. Later, if they make another purchase or a renewal invoice is generated, Invision Community can tell the gateway to recharge the same card - and if it fails, allow the customer to provide an alternative payment method. This allow both you and your customers to have much greater control, and is much more reliable.
Braintree resolves this by allowing customers when paying with PayPal to save their PayPal account in the same way they would save a credit card on file. When paying with PayPal, users will see a simple checkbox which, if checked, will allow future payments to be taken with PayPal automatically.

Storing PayPal Accounts for Recurring Payments
Other Features
In addition to an improved checkout experience, our integration with Braintree supports:
Taking payments by Credit Card, including 3DSecure checking and the ability for customer to store card details on file. Braintree uses a fully PCI-compliant method of taking card details in a way that ensures the card information never reaches your server. Apple Pay and Google Pay Venmo, which also allows storing accounts in the same way as PayPal accounts. Offering PayPal Credit Handling chargebacks/disputes Support for Braintree's Advanced Fraud Tools
A Disputed PayPal Transaction
Existing Setups and Upgrading
The existing PayPal gateway will continue to be available for basic PayPal integration, and your existing set up will continue to work exactly as it does now after upgrading.
If you are using PayPal, especially if you are using Billing Agreements, we strongly recommend switching to Braintree after upgrading. While it isn't possible to convert existing Billing Agreements, you can allow existing ones to continue to work and use Braintree for new purchases.
Please note that while existing setups will work fine, from 4.4 it will no longer be possible to set up a new PayPal method with either Billing Agreements, or to take payments by card, as PayPal has deprecated the API this was using in favour of Braintree and it can no longer be enabled on new accounts.
As mentioned though, this does not affect any existing setups, which, if you do not switch to Braintree, will continue to work as they do now.
This blog is about our upcoming release Invision Community 4.4.

It's easy to think that email is a relic from the past; from simpler times long before social media and the rise of phone apps.
And it's reasonable to think that way. Your phone constantly pings at you, and your laptop OS constantly pings at you, so why bother with email?
Because it's still a hugely powerful medium to get and retain attention.
In 2017, over 269 billion emails were sent and received per day. Of those, 3,360,250,000 are opened, read, and a link clicked.
Email is still very much a critical tool in your quest for retention.
Invision Community knows this. We have options to notify members of replies by email, weekly or monthly digests by email and members can opt-in for bulk emails sent from your community team.
Given how important email is, it was only fair that we invested in some love for our email system for 4.4.
Email Statistics
Just above, I mention that 269 billion emails are sent, and 3.4 billion are opened, read and clicked.
How many emails are sent from your Invision Community daily?
(No cheating and checking with SendGrid)
You probably have no idea as we didn't record email statistics.
As of Invision Community 4.4 we do!

Chart showing the number of emails sent daily
We now track emails sent, and the number of link clicks inside those emails.
Email Advertisements
Email notifications are a powerful way to get your members to revisit your community. The member welcomes these emails as it means they have new replies to topics they are interested in reading.

While you have your member's attention, you have an opportunity to show them a banner-style advertisement.


The new email advertisement form
When creating a new email advert, you can choose to limit the advert to specific areas such as topics, blogs, etc. - and even which forums to limit by.


Subliminal messages
This is a new way to reach your audience with your promotions.
Unfollow without logging in
Despite spending most of this blog entry shouting the virtues of email, it's inevitable that one or two members may wish to stop receiving notification emails.
In previous versions, the unfollow link would have taken you to a login page if you were signed out. For members that haven't been back in a while, this may cause some annoyance if they do not recall their login details.
Invision Community 4.4 allows non-logged in members to unfollow the item they received an email about or all followed items without the need to log in.

You no longer need to log in to unfollow items
Respecting your member's inbox is vital to keep on good terms with them and to keep them engaged in your community.
We'd love to know which of these features you're most keen to try in 4.4. Please drop a comment below and let us know!

Ever since its first release, the REST API built into the Invision Community software has proven to be a very powerful and well-received feature.
We love seeing what our clients and modification authors are able to do with the level of integration afforded to them through this capability, and so it is only natural that we have looked to expand the functionality in our upcoming 4.4 release.
Poll Support
Beginning with 4.4, you will now be able to create and update polls for both topics and blog entries through the REST API. Of course, modification authors can use this new endpoint.
Warn Reasons
You will also now be able to manage warn reasons through the REST API. This includes fetching a list of reasons, as well as fetching an individual reason, creating warn reasons, updating existing warn reasons, and deleting warn reasons.
Event Venues
Event venues can now be listed and individual venues fetched through the REST API, and you can now add, update and delete event venues through the REST API.
Member Notifications
You can now retrieve a list of notifications for a specific member through the REST API, useful if you were to attempt to recreate the notifications menu on a third party website (for example).
Warning Users
The REST API will now expose the warnings a user has received through a new endpoint. Additionally, you can fetch individual warnings, issue new warnings, undo and/or delete issued warnings, and acknowledge warnings through the REST API. If you are building a site wrapper around your community, you can leverage this functionality to ensure that users are unable to post elsewhere on your site if they have unacknowledged warnings within the community (and also to provide them with a way to acknowledge those warnings right on your site).

The REST API Reference
Node permissions
Beginning with 4.4, you will now be able to set the permissions for a node when adding or updating it through the REST API (for example, you can now adjust the permissions for a forum or a downloads category through the REST API). Many clients noticed that while they could create new nodes through the API, the nodes would be unusable until an administrator manually went in and specified the permissions, so this change can eliminate this extra step in many situations.
Event filtering
You will now also be able to filter the events you pull through the Calendar REST API endpoints by start and end date (e.g. so you can show events within a specific time frame, such as the current week), and you can now also specify to sort the events returned by the event start date or the event end date.
Clubs
And finally, for those who leverage clubs on their communities, we have built in full REST API support for clubs. You can list all clubs, return a specific club, create new clubs, update existing clubs, and delete clubs through the REST API. Further, you can list all members in a club, add a specific member to a specific club, remove a member from a club, fetch the content types available for use within a club (i.e. so you can determine which applications are installed and have club support on a given site), fetch the nodes (displayed as tabs/sections within a club) created within a club, and delete nodes from a club. Important behind the scenes steps, such as generating invoices for members requesting to join paid clubs, are all handled automatically for you when using the REST API.
We believe these changes will help clients better integrate with our software and open up new possibilities with their websites.
Would you like us to add any other endpoints? Let us know in the comments below!

It might seem a little odd starting a blog on increasing Invision Community's speed with the word "lazy",  but I'll explain why this is a good word for performance shortly.
Earlier this year, Google announced that page speed is a ranking factor.
Simply put, if your site is slow, it will be ranked lower in Google's search results.
It is always a challenge making a large application like Invision Community as efficient as possible per page load. A single Invision Community page can pull in widgets from multiple applications as well as a lot of user-generated content with attachments, movies and images used heavily. 
This is where being lazy helps.
Lazy loading is a method by which attachments, embeds and images are not loaded by default. They are only loaded when the viewer scrolls down enough to make them visible.
This allows the page to load a good deal faster now it doesn't have to load megabytes of images before the page is shown as completely rendered.
I was going to take a fancy video showing it in action, but it's hard to capture as the system loads the media just before you get to it, so it looks fairly seamless, even with sluggish connections.

Not the most dynamic image, but this shows the placeholder retains the size of the image
In addition to image attachments, we have also added this lazy loading to maps and Twitter emoji images.
Improving non-image attachments
Once we had implemented the lazy loading framework, an area we wanted to improve was non-image attachments.
We have listened to a lot of the feedback we had on this area, and have now made it very clear when you add an attachment into a post. We've even returned the download count now it's being loaded on demand.

Using attachments when posting
All the letters
When we first implemented the letter avatars in 4.3, we discussed whether to use CSS styling or use an image.
We decided to go with an image as it was more stable over lots of different devices, including email.
We've revisited this in 4.4, and switched the letter avatars to SVG, which are much faster to render now that the browser doesn't have to load the image files.
Other performance improvements
We've taken a pass at most areas with an eye for performance, here is a list of the most significant items we've improved.
Several converter background tasks have been improved, so they work on less data Duplicate query for fetching clubs was removed in streams Notifications / follower management has been improved Member searches have been sped up (API, ACP live search, member list in ACP, mentions, etc.). Stream performance has been improved UTF8 conversions have been sped up Elasticsearch has been sped up by using pre-compiled queries and parameterisation, as well as the removal of view filtering (and tracking) HTTP/2 support with prefetch/preload has been added Several PHP-level performance improvements have been made Implemented rel=noopener when links open a new window (which improves browser memory management) Several other performance improvements for conversions were implemented that drastically reduce conversion time IP address lookups now fetch IP address details from us en-masse instead of one request per address Cache/data store management has been streamlined and centralised for efficiency Many background tasks and the profile sync functionality have all been improved for performance Brotli compression is now supported automatically if the server supports it Redis encryption can now be disabled if desired, which improves performance Phew, as you can see, we've spent a while tinkering under the hood too.
We'd love to hear your thoughts. Let us know below!
This blog is part of our series introducing new features for Invision Community 4.4.

It's very easy to focus on a single metric to gauge the success of your community.
It's very common for community owners to look at page hits and determine if their SEO and marketing efforts have paid off.
Getting traffic to your site is only half the equation though. The most valuable metric is how many casual visitors you're converting to engaged members.
Invision Community already makes it easy for guests to sign up using external services such as Facebook, Twitter and Google.
However, there has to be a conscious decision to click that sign-up button. For some, this may be a barrier too many.
Invision Community 4.4 reduces this barrier by allowing guests to create a post to a topic they want to engage with.
Once they have posted, they are asked to simply complete their registration. They are more likely to do this now they have invested in your community.
This will be incredibly valuable when you consider how much traffic a forum receives from inbound Google searches. With Post Before Registering, you'll increase your chances of turning that inbound lead into a registered member contributing to your site.
Let me take you through the feature and show you how it works.
When browsing the community guests will see the ability to submit a post, with an explanation that they can post now and complete registration later. The only thing they have to provide in addition to their post is an email address.

Posting as a guest
This works in any application for new content (topics, Gallery images, etc.) as well as comments and reviews. It will only show when a newly registered member would be able to post in that area - for example, it will not show in a forum that only administrators can post in. 
After submitting the post, the post will not be visible to any user, but the user will immediately be redirected to the registration form with an explanation to complete the registration. The email address they provided will already be filled in.

Registration form after posting as a guest
At this point, the user can either fill in the registration form, or use a social sign in method like Facebook or Twitter to create an account. After the account has been created, and validation has been completed if necessary, their post will automatically be made visible just as if they had registered and then posted.
If the user abandons the registration after they've submitted their post, an email will be sent to them to remind them to complete the registration.

Email reminding user to finish registering
 
Some Notes
Invision Community already has a feature that allows guests to post as guests without registration if granted permission. That feature has not been removed and so if you already allow guests to post, the behaviour will not change. This new feature is only available when a guest can't post in a given area, but a member would be able to. The entire feature can also be turned off if undesired. If the area the guest is posting in requires moderator approval, or newly registered members require approval of new posts, the post will enter the moderation queue as normal once their account has been created. Third party applications will require minor updates to support this feature. Once your casual visitor has invested time in your community by crafting a post, they are much more likely to finish the registration to get it posted. If you have set up external log in methods, then registration only takes a few more clicks.
This blog is part of our series introducing new features for Invision Community 4.4.

Who remembers the earlier days of the internet? Back when you popped your logo at the top left of your site and you were largely done?
Invision Community has continually developed to account for all the new services that have been built during our 16 years.
We now have social media sharing images, favicons and more to consider.
Invision Community 4.4 also adds mobile application icons, Safari mask icons and data for an application manifest. Handling of these logos and icons was a prime candidate for improvement in 4.4.
Moving our current options
Step one for improving our handling of these images was to move our current options out of themes and to allow them to be managed suite-wide from a single area. You can still upload a logo image per-theme (which shows in the header area), but the rest of the options have now been relocated to a new area: Customization > Appearance > Icons & Logos.

Adding new options
After giving favicon and share logo management its own dedicated area, we took a look at enhancing the configuration options made available through the interface without requiring theme template edits.
Multiple share logos
You can now upload multiple share logos. If you elect to upload more than one share logo, Facebook and similar sites will generally either show a carousel to allow you to choose which logo to use when sharing, or simply use the first image referenced.
Application icons
You can now upload an image to represent your website which will be used to generate the "home screen" icons for iPhones and Androids automatically. Uploading a single image will result in several different copies of the image (in different dimensions) being generated, and mobile devices will automatically choose the best option from the list as needed.
Safari mask icon
You can also now upload a Safari Mask icon, which is used to represent your website in certain areas on Apple computers (such as on the "touchbar" of certain keyboards). This image must be an SVG image with a transparent background, and all vectors must be 100% black.
Additionally, you can specify the mask color which is used to offset your image when necessary (e.g. to represent it as "selected" or "active").
Application manifest
In order for devices to support the application icons that you upload, a file known as a web manifest must be generated and delivered to the browser. This now happens automatically, using details and icons specified in the AdminCP. Certain details, however, can be configured explicitly from the Icons & Logos page:
Short name
This is a short name to represent your site in areas with limited screen space, such as below your application icon on a mobile phone home screen. Site name
This is the name of the site. The "Website name" setting is automatically used if you do not explicitly override it when configuring the manifest. Description
A short description of your site Theme color
You can choose a (single) color to represent the general theme of the site. This color may be used by devices in areas such as the address bar background. Background color
You can also choose a (single) color to use as the background color for your site when the application is launched from a shortcut saved to the user's device home screen. Display mode
Finally, you can specify the display mode your site should launch in. For our more astute designers and developers, you may have already realized that generating the manifest file lays the groundwork for future PWA (Progressive Web App) development and support. Additionally, some Android devices will automatically prompt users to add your website to their home screen now that a manifest file is generated by the site.
Oh, and for the sake of completeness, we also generate the special browserconfig.xml file that Microsoft products (including Microsoft Edge, Internet Explorer, X-Box, and Microsoft-based mobile devices) look for when pinning sites and generating live tiles. There are no additional configuration options for this file - everything is automatically generated from the aforementioned options.



The end result?
Your community can now better convey, automatically, certain details to the myriad of devices out there that may be accessing your site, and you now have much better control over those details. You can more easily fine-tune the "little things" that help paint a complete picture of your web presence, and the groundwork has been laid for bigger and better things in the future as standardization and adoption of PWA functionality improves.
This blog is part of our series introducing new features for Invision Community 4.4.

Do you recall that scene in Harry Potter where young Harry is sitting in his Uncle’s living room when hundreds of letters from Hogwarts burst through the fireplace, filling the room?
Sometimes, when you log into the administrator’s control panel, it can feel a bit like that.
As the administration control panel has evolved, there has been more of a need to display notifications, alerts and warnings to the administrators.
There are several things which may require an administrator's attention which may show a notice on the AdminCP dashboard, a banner on the community, or send an email. For example:
When a new version of Invision Community is released. A new member registers and requires administrator validation. A configuration issue is detected, for example if dangerous PHP functions are enabled on the server. There are items Commerce which require manual action, such as transactions pending manual approval or items to be shipped. Up until now, each such area would manage how these notifications show and are sent independently. In 4.4 we have introduced a new section of the AdminCP which shows all things which require administrator attention in one place, easily accessible from any AdminCP page.

AdminCP Notification Menu
Clicking on any of these notifications will take you to the relevant area of the AdminCP, or there is also a full-screen Notification Center which allows you to quickly take common actions such as approving members.

AdminCP Notification Center
While the best approach is to take the appropriate action (which will automatically dismiss the notification) so you always have an empty Notification Center, most notification types can be hidden, either temporarily on a per-notification basis by clicking the cross in the top-right, or administrators can hide all notifications of a certain type from their individual settings. Administrators can also choose which type of notifications to receive an email notification about.

Notification Settings
Each notification has a severity indicated by the coloured bar on the side and certain notifications can also show banners either across the AdminCP, or also on the front-end (to administrators).
Notifications group automatically (so for example, if there are 5 members pending approval, you will see 1 notification rather than 5 separate ones) and where appropriate each administrator can choose if they want to receive a single email, or a separate email with each occurrence.
Now you won't miss an invitation to Hogwarts, or anything important again.
This is a blog about our upcoming Invision Community 4.4 release, due later this year.

Unless you've been living under a rock, or forgot to opt-in to the memo, GDPR is just around the corner.
Last week we wrote a blog answering your questions on becoming GDPR compliant with Invision Community.
We took away a few good points from that discussion and have the following updates coming up for Invision Community 4.3.3 due early next week.
Downloading Personal Data
Invision Community already has a method of downloading member data via the member export feature that produces a CSV.
However, we wanted Invision Community to be more helpful, so we've added a feature that downloads personal data (such as name, email address, known IP addresses, known devices, opt in details and customer data from Nexus if you're using that) in a handy XML format which is very portable and machine readable.
 

You can access this feature via the ACP member view
The download itself is in a standard XML format.

A sample export
Pruning IP Addresses
While there is much debate about whether IP addresses are personal information or not, a good number of our customers requested a way to remove IP addresses from older content.
There are legitimate reasons to store IP addresses for purchase transactions (so fraud can be detected), for security logs (to prevent hackers gaining access) and to prevent spammers registering. However, under the bullet point of not storing information for longer than is required, we have added this feature to remove IP addresses from posted content (reviews, comments, posts, personal messages, etc) after a threshold.

The default is 'Never', so don't worry. Post upgrade you won't see IP addresses removed unless you enter a value.

This new setting is under Posting
Deleting Members
Invision Community has always had a way to delete a member and retain their content under a "Guest" name.
We've cleaned this up in 4.3.3. When you delete a member, but want to retain their content, you are offered an option to anonymise this. Choosing this option attributes all posted content to 'Guest' and removes any stored IP addresses.

Deleting a member
Privacy Policy
We've added a neat little feature to automatically list third parties you use on your privacy policy. If you enable Google Analytics, or Facebook Pixel, etc, these are added for you.

The new setting

 
Finding Settings Easily
To make life a little easier, we've added "GDPR" as a live search keyword for the ACP. Simply tap that into the large search bar and Invision Community will list the relevant settings you may want to change.

 
These changes show our ongoing commitment to helping you with your GDPR compliance. We'll be watching how GDPR in practise unfolds next month and will continue to adapt where required.

Invision Community 4.3.3 is due out early next week.

You've no doubt heard about GDPR by now. It's a very hot topic in many circles. Lots of experts are weighing in on the best approach to take before the May 25th deadline.
Which reminds me of my favorite joke:
"Do you know a great GDPR expert?”
Yes, I do!
“Could you send me his email address”
No, I'm afraid not.
I wrote about how Invision Community can help with your GDPR compliance back in December. I've seen a lot of posts and topics on GDPR in our community since then.
First, let's get the disclaimer out of the way. I'm a humble programmer and not a GDPR expert or a lawyer. The information here is presented to assist you in making decisions. As always, we recommend you do your own research and if you're in any doubt, book an appointment with a lawyer.
It is also worth mentioning that GDPR is very much a living document with phrases like "legitimate interest" and "reasonable measures". None of these phrases have any real legal definition and are open to interpretation. Some have interpreted them severely, and others more liberally.
GDRP is about being a good steward of the data you store on a user. It's not designed to stop you from operating an engaging web site. There's no need to create stress about users linking to other sites, embedding images, anonymizing IP addresses, and such on your site. These don't impact any data you are storing and are part of the normal operation of how the web works. Be responsible and respectful of your users' data but keep enjoying your community.
Let's have a quick recap on the points we raised in our original blog entry.
Individual Rights
The right to be informed
Invision Community has a built in privacy policy system that is presented to a new user, and existing users when it has been updated.

 
What should your privacy policy contain? I personally like the look of SEQ Legal's framework which is available for free.
This policy covers the important points such as which cookies are collected, how personal information is used and so on.
There may be other services out there offering similar templates.
Right to erasure
I personally feel that everyone should listen to "A Little Respect" as it's not only a cracking tune, but also carries a wonderful message.
The GDPR document however relates to the individuals right to be forgotten.
Invision Community allows you to delete members. When deleting members, you can elect to remove their content too. There is an option to keep it as Guest content, thus removing the author as identifiable.
It's worth using the 'keep' option after researching the user's posts to make sure they haven't posted personal information such as where they live, etc.
Emailing and Consent
Invision Community has the correct opt-in for bulk emails on registration that is not pre-checked. If the user checks this option, this is recorded with the member's history. Likewise, if they retract this permission, that action is also recorded.

 
When you edit the terms and conditions or privacy policy, all users are required to read it again and opt-in again.
Cookies
A lot of GDPR anxiety seems to revolve around these tiny little text files your browser stores. If you read the GDPR document (and who doesn't love a little light reading) then you'll see that very little has actually changed with cookies. It extends current data protection guidance a little to ensure that you are transparent about which cookies you store.
Invision Community has tools to create a floating cookie opt-in bar, and also a page showing which cookies are stored and why.
This is the page that you'd edit to add any cookies your installation sets (if you have enabled Facebook's Pixel, or Google Analytics for example).
Your GDPR Questions
Now let's look at some questions that have been asked on our community and I'll do my best to provide some guidance that should help you make decisions on how to configure your Invision Community to suit your needs.

Alan!!
Is the soft opt-in cookie policy enough? What about the IP address stored in the session cookie?
Great question. There's conflicting advise out there about this. The GDPR document states:
The ICO states that session cookies stored for that session only (so they are deleted when the tab / window is closed) are OK as long as they are not used to profile users.
This is re-enforced by EUROPA:

My feeling is that GDPR isn't really out to stop you creating a functioning website, they are more interested in how you store and use this information.
Thus, I feel that storing a session cookie with an IP address is OK. The user is told what is being stored and instructions are given if they want to delete them.
Given the internet is very much driven by IP addresses, I fail to see how you can not collect an IP address in some form or another. They are collected in access logs deep in the server OS.
Finally, there is a strong legitimate interest in creating a session cookie. It's part and parcel of the website's function and the cookie is not used in any 'bad' way. It just allows guests and members to retain preferences and update "last seen" times to help deliver content.
Do I need to delete all the posts by a member if they ask me to?
We have many large clients in the EU with really impressive and expensive legal teams and they are all unanimous in telling us that there is no requirement to delete content when deleting a user's personal information. The analogy often given is with email: once someone sends you an email you are not obligated to delete that. The same is true with content posted by a user: once they post that content it's no longer "owned" by them and is now out in public.

Ultimately, the decision is yours but do not feel that you have to delete their content. This is not a GDPR requirement.
What about members who haven't validated? They're technically not members but we're still holding their data!
No problem. The system does delete un-validated users and incomplete users automatically for you. You can even set the time delay for deletion in the ACP.

 
What about RECAPTCHA? I use this, and it technically collects some data!
Just add that you use this service to your privacy policy, like so:
I see many companies emailing out asking for members to opt back in for bulk mail, do I need to do this?
Short answer: No.
Since Invision Community 4.0, you can only ever bulk email users that have opted in for bulk emails. There's no way around it, so there's nothing to ask them to opt-in for. They've already done it.
There is a tiny wrinkle in that pre 4.2.7, the opt-in was pre-checked as was the norm for most websites. Moving forward, GDPR asks for explicit consent, so this checkbox cannot be pre-ticked (and isn't in Invision Community 4.2.7 and later). However, the ICO is clear that if the email list has a legitimate interest, and was obtained with soft opt-in, then you don't need to ask again for permission.
What about notifications? They send emails!
Yes they do, but that's OK.
A notification is only ever sent after a user chooses to follow an item. This falls under legitimate interest.
There is also a clear way to stop receiving emails. The user can opt-in and opt-out of email as a notification device at their leisure.

 
Do I need to stop blocking embeds and external images?
No. The internet is based on cross-linking of things and sharing information. At a very fundamental level, it's going to be incredibly hard to prevent it from happening. Removing these engaging and enriching tools are only going to make your community suffer.

There's no harm in adding a few lines in your privacy policy explaining that the site may feature videos from Vimeo and Youtube as part of user contributions but you do not need to be worried. As stated earlier, GDPR isn't about sucking the fun out of the internet, it's about being responsible and transparent.
Phew.
Hopefully you've got a better understanding about how Invision Community can assist your GDPR compliance efforts.
The best bit of advice is to not panic. If you have any questions, we'd love to hear them. Drop us a line below.

We've recently spoken about how we've brought our Gallery and Blog apps up to date with interface overhauls to bring them inline with the high standards our customers expect.
Keeping this in mind, we're thrilled to announce that we've taken Commerce right back to 2009.
This needs an explanation.
Way back in 2009, Obama was inaugurated as the 44th President. Minecraft was put into beta, Slumdog Millionaire was released to critical praise and we had a product called IP.Subscriptions.
IP.Subscriptions was a lightweight member subscriptions manager that allowed members to purchase elevated permissions via a user group upgrade.
It was a fine little app. However, on the horizon we had a brand new eCommerce app in development. Then called Nexus, now called Commerce (we took months to come up with that).
It made sense for us to merge the products into one app given they both had overlapping functionality. They both could create packages to promote members to a new user group. Commerce was much more developed as an invoicing and billing system.
Everyone was happy.
Almost.
Commerce has grown to be an incredibly powerful app. It can sell anything from physical products like t-shirts, to digital products such as license keys and it can even manage your hosting set-up.
We use it for our support and billing systems, so we know how robust it is.
While it's an incredibly powerful commerce system, setting up basic subscriptions packages became a little more complex.
Over the past few years we've received a lot of feedback on this.
We've listened.
Commerce Member Subscriptions
We've built a brand new section into Commerce specifically for membership subscriptions.
Let's take a look at this in more detail.
On the front end, there's a very clear and easy to understand page for membership subscriptions.

The main subscriptions interface
Here you can see all the available packages, which one you're currently subscribed to and the upgrade and downgrade options.

A simple way to upgrade
There's several choices for costing upgrades in the Admin CP, here we have chosen to charge the difference between packages.

Get to your subscriptions easily
Your subscriptions are easily found in the user menu.
If the Admin allows, the package you're subscribed to appears as a badge on your profile.

 
There's also a little widget showing the packages which you can drag and drop to the sidebar for an additional prompt for non-subscribers.

 
This gives Invision Community a very clear and easy to understand interface for subscriptions which lives outside of the Commerce store and its packages.
Now, let's dive into the Admin CP
The main engine for this feature is the package list. This is in a separate area within Commerce.

 
The list also shows the number of currently active and inactive subscribers. This links to the list of subscribers.

 
Other than Bob having a total nightmare, you can easily view which members are currently active. The buttons link you to the Commerce invoice and purchase.
If you wish to add a member to a subscription without charging them (you generous soul, you), then that is easily possible.

 
Creating a new subscription package is very straight forward. We've built a new form which is stripped down to the fundamental items you'll need for a subscription.

 
As you would expect, there are several settings to control the system.

 
A few things worth mentioning here:
You can force new members to purchase a subscription on sign-up You can show or hide the profile badge indicating which package they purchased. You can choose to allow upgrades or downgrades. You can choose how you'd like to charge for upgrades or downgrades Thank you to everyone who has provided feedback over the years. We're really pleased to present this new feature and hope that it'll make your daily lives just a little easier.
Let us know what you think!
 

Viewing and editing a member is probably one of the most frequently used features of the AdminCP. With the design unchanged for many years, and the tabbed interface starting to grow unwieldy, it was due for some love. We have not only dramatically improved the design but added many new features.

New AdminCP Member Page
Let's look at some of the improvements:
Easy Toggle between Member and Customer View
If you have Commerce installed, you can now toggle between "Member View" (which shows the screen above) and "Customer View" (which shows the current customer page in Commerce with the user's purchases, invoices, etc.). This makes it much easier to view all of a member's information in one place.
If you don't have Commerce installed, the top tab bar will not show.
Basic Information
The pane in the top-left shows the member's basic information like name, email address and photos. You can now reposition a member's cover photo and crop the profile photo (functions previously not available in the AdminCP). To change the display name or email address, you just click and hold on the information and a textbox appears. The buttons below allow you to merge, delete, sign in as, and edit the preferences or password for the member.
  
Basic Member Information Pane
In addition, this pane lists any social networks the user is logged in with. It shows you the member's profile photo and profile name on that network (for example in this screenshot, it is showing my Facebook profile's photo and name) and for many networks you can click on this to be taken directly to their Facebook/Twitter/etc profile. You can also edit the syncing options for the method and unlink the accounts, features which weren't available previously.
If you have Commerce installed, there is also an indicator if the user has an active subscription.

A member with an active subscription
 
Alerts
If a member is validating, banned, flagged as a spammer, or locked, a large banner will display drawing your attention to this. For validating and banned, it will explain exactly what the status is (for example, if they haven't responded to the validation email yet versus they are awaiting admin approval, or if they have been banned manually versus are in a group without permission to access anything).

A member that has been locked



Other possible alerts
 
Locations & Devices
This pane shows you, on a map, all of the locations the user has been when using the community (based on their IP address) as well as the IP address they used to register and most recently.

IP Address Locations
While the devices tab shows the most recently used devices.

Recently Used Devices
 
Content Statistics
Right in the middle of the profile you can see some statistics about the member's activity. This includes:
A sparkline graph of their recent content. Their content count and reputation count (with tools to manually change or rebuild). A breakdown of the amount of content they have made across all applications. A visual indication of how much of their messenger and attachment storage they have used. If Gallery and Downloads are installed, the existing statistics overview provided by these apps are also available here.
Content Statistics
Warnings & Restrictions
This block shows recent warnings on the account, and also highlights if any restrictions (i.e. content moderation, restricted from posting, or application-level restrictions) are being applied, which previously was difficult to see at a glance.

Warnings & Restrictions Block for an account which has content moderation in effect
 
Account Activity
On the right is a pane which shows all of the latest account activity. While this was available in previous versions (called "Member History") we have made some significant improvements:
The number of things that get logged has been significantly expanded. We now log photo changes, group changes, when a new device is used to login, if an account is locked (by failed logins or failed two factor authentication attempts) or unlocked, password/email/display name changes, when a user links or unlinks a social network login method, initial registration and validation, merges, being flagged/unflagged as a spammer, receiving/acknowledging/revoking a warning, restrictions being applied, two factor authentication being enabled/disabled/changed, an OAuth token being issued if Invision Community is being used as an OAuth Server, enabling/disabling receiving bulk mails, and accepting the privacy policy / terms and conditions, as well as all of the Commerce-related information that is already logged. Much more information is now shown such as who made the change (i.e. an admin, the user themselves, or if it was changed by the REST API or syncing with a social network) and how the change was made (for example, for a password change - if the user used the "Forgot Password" tool or changed it in their Account Settings) and what the data was before and after. This includes being aware of if the change was made by an admin after using the "Sign in as User" tool. You can now filter what information you are seeing to quickly find what you are looking for.
Recent Account Activity
 
Extensibility
The new profile has been designed with extensibility in mind. Third party developers can easily add new blocks our even entire new tabs. Any apps/plugins which are currently adding a tab to the "Edit Member" form will retain backwards compatibility with their tab continuing to appear when clicking the "Edit Preferences" button in the basic account information pane.

"The world’s most valuable resource is no longer oil, but data", the Economist wrote recently.
Invision Community software stores a lot of important data that can be leveraged to analyze and improve upon the traffic and interactions with your site.
While there are some various statistics tools in the AdminCP already, we spent some time with 4.3 enhancing and improving upon our existing reporting tools, as well as adding some new analytics tools you may find useful.
Chart Filters
Beginning with 4.3, any dynamically-generated charts in the AdminCP that support filtering will allow you to save those filter combinations for easier access in the future. When you open the Filters menu and toggle any individual filters, the chart will no longer immediately reload until you click out of the menu, and 'All' and 'None' quick links have been added to the filters menu to allow you to quickly toggle all filters on or off.
Here is the 'Sales' chart for Commerce, for example. You will see that the interface is now tabbed.

Commerce's Sales chart
After opening the 'Filters' menu, selecting all of my products named 'test', and saving this filter combination as a new chart, I can quickly come back to this chart in the future.

Specific filter configurations allow you to run reports easily
Note that each user can save their own chart filter configurations independent of other users.
Top income by customer
Speaking of Commerce, we have also added a new chart to the 'Income' page, allowing you to view reports of your top customers. As with other dynamic charts, you can save filter configurations here for easy future access, and you can view the results as a table to get a raw list of your top customers' purchases. Further, we have tidied up the table views for the other existing tabs on this page.

Looks like brandon is my top customer
Reaction statistics
We have introduced several statistic pages to expose information about the Reactions/Reputation system and how your users are interacting with it. For instance, you can now view information about usage of each of the reactions set up on your site.

Yes, I'm definitely confused a lot
You can also see which users give and receive the most reputation (which is the sum of their reaction points, keeping in mind that negative reactions can reduce a user's total reputation score), you can see which content on your community has the most reputation (which might prompt you to promote it to the 'Our Picks' page, promote it to social media, or otherwise continue to encourage interaction with the content), and you can see which applications reactions are given in the most. This could allow you, for instance, to focus more efforts in areas of your site to drive more activity, or to foster activity in areas you did not realize were as active as they are.

Some areas of the community aren't as active as they could be
Additionally, when viewing user profiles on the front end you can now see a breakdown of which reactions each user has given and received when you click the "See reputation activity" link in the left hand column.

Apparently I'm not so much confused, as I am confusing
Tag Usage
Another useful statistic introduced with 4.3 is the ability to review tag usage on your community. As with other dynamic charts, you can filter however you like and save those filter configurations for easy future access.

Not all tags are equal
Trend charts for topics and posts
When viewing the New Topics and New Posts charts, there are now tabs for "New Topics by Forum" and "New Posts by Forum", allowing you to see which of your forums are the most active. Additionally, you will see a trend line drawn on the chart to show you the trend (e.g. whether activity is increasing or decreasing). You can also filter which forums you wish to review, so you can compare your most active forums, the forums that are most important to your site, or the forums that need the most attention/may not be relevant, for instance.

Viewing new topics by forum

New posts by forum, but viewing only a subset of my most important forums
Other Improvements
Some other miscellaneous improvements have been introduced as well, which you may be interested in:
When viewing Member Activity reports, you can now filter by group. We have also added the content count column to the table so you can quickly sort by top posters if this is relevant to the report you are running. Device usage is now also tracked (mobile, desktop, etc.) and can be viewed on a new Device Usage page. Developers: Dynamic charts now support database joins

Often it's the smaller changes that can make a big improvement in the day to day use of your community. We have made quite a few updates that will make your community flow better for you and your members.
Update files in Pages Media Manager
Previously when you wanted to update a file in the Pages Media Manager you actually had to upload a new file and then change the references to that file to the new one. This was obviously not so great.
When you select a file there is now a replace option. We're not sure why we didn't do this earlier but as they say: better late than never!
Tag Input when Optional
On communities with tagging enabled, we have often noticed that people tend to feel the need to tag everything even when it's not really necessary. If your site is about cars you don't really need everything people post to be tagged "car" as that's sort of obvious.

 
So to make it a bit clearer that tags are not required we have hidden the input field behind a Choose link so people have to actively choose to tag if they really think it's necessary. We hope this cuts down on tag noise. If tagging is required then the normal input box will always show.
Google Invisible reCAPTCHA
The new Google Invisible reCAPTCHA allows you to prevent bot registrations without the need for all users to fill out the normal captcha process. As often as possible your members will never notice there is even a captcha happening on the page. It's another way to make the flow from guest to member easier.
Whitelist for Spam Service
The spam defense service Invision Community provides works very well at combatting spam signups automatically. The issue is sometimes it works too well!
Let's say you are at work and all your colleagues share the same public IP. You are excited about your new community (of course you are) and your whole office tries to register at once. Our spam service would probably see your office IP as suspicious with that sudden influx of traffic and may even block it.
The new whitelist tool allows you to specify IPs and email addresses to always allow on your community regardless of what score our spam defense gives it.
Reply as Hidden
Sometimes it would be nice if your moderators could reply to an item with a hidden reply. You might want to leave a note for other moderators or perhaps you have a database and want some replies public and some private.

 
If you have permission you will now see a hide toggle when replying. This works in all apps anywhere you can reply to a content item and have hide permission.
Exclude Groups in Leaderboard
You can now exclude certain groups from being ranked in the Leaderboard. This is very useful if your staff or RSS bot tend to get all the reputation points. By excluding those groups you can focus on your actual member participation which is a better reward to encourage engagement.
On a personal note this will make me very sad as I usually win reputation counts on our site. But, being such a great person, I am willing to make this sacrifice for you.  
Complete Your Profile Order
The Complete Your Profile feature introduced in version 4.2 has been a great success for clients. We have heard many reports of increased engagement as the system can walk people through the sign up process. Not having a big, scary registration form is always a huge plus.
For 4.3 we added the new ability to change the order of completion for your members. This will allow you to stress the items you really want them to complete first and move your less important profile options later in the steps.
Mapbox Support
Mapping has been a feature of Invision Community for quite some time but up until now has been limited to Google Maps integration. For 4.3 we have added support for Mapbox which is based on OpenStreetMap data. The maps are beautifully designed and bring greater flexibility with an alternative look. The groundwork is now laid for some exciting new features still to come!
Some of our existing customers also found Google policies and pricing structure incompatible with their own internal policies which this addition addresses.

Stripe is the most popular payment method in Commerce, allowing communities to take payments by card securely with easy setup.
While there's no doubt that credit cards are still the most popular methods of making a payment, digital innovations such as Apple Pay are increasing in popularity.
For 4.3 we've deepened our integration to support some of their latest features.
Apple Pay & Google Pay
Apple Pay allows users to pay quickly with their iPhone, iPad or Mac (with Safari and either a paired iPhone or using the MacBook Pro with Touch ID) using the card details stored on the device, authenticated with Touch ID or Face ID.
Apple Pay
Google Chrome (on desktop or Android devices) supports a similar feature allowing users to pay with card details stored in their Google account with Google Pay, or stored in Chrome itself.
Paying with card details stored in Google Chrome
 
Both of these features are now supported through Stripe in Invision Community 4.3. Setup is simple - for Apple Pay you simply need to verify that you own your domain by uploading a file you obtain from the Stripe dashboard, and nothing special is needed for Google Pay - and then create the payment method in the AdminCP. Stripe does not charge any additional fees for either option.
Commerce will automatically hide the option if the user's device does not support either method.
3D Secure
Also known as Verified by Visa, Mastercard SecureCode, and other brand names, 3D Secure is a system that is used to verify a customer's identity before purchase is completed and transfers the fraud loss liability from the merchant to the cardholder bank in case of fraudulent disputes.
After the user has entered their card details, they are redirected to their bank's website and asked to provide additional verification.
Our integration with Stripe in 4.3 now supports this process. A new setting allows you to choose if you want to use 3D Secure just for cards which require it (i.e. cards which would decline the payment if 3D Secure is not completed) or for all cards which optionally support it as well.
 
Amex Express Checkout
American Express cardholders can use Amex Express checkout to pay by using their American Express login rather than providing their card information.  This is also now supported through Stripe in 4.3.
Amex Express Checkout
 
Alipay, Bancontact, Giropay, iDEAL, SOFORT
These are popular payment processors internationally (Alipay is popular in China, Bancontact in Belgium, Giropay in Germany, iDEAL in the Netherlands, and SOFORT in several European countries).
The checkout experience is similar to PayPal with the user being redirected to the appropriate site, authenticating the payment, and then being redirected back.
All of these are also now supported through Stripe in 4.3.
 
Dispute/Chargeback Handling
A dispute (also known as a chargeback) occurs when one a cardholder questions your payment with their card issuer, which causes the funds, plus a fee, to immediately be taken from your account until evidence is provided that the transaction was legitimate.
Anyone operating an online store knows how frustrating this experience can be. In 4.3, we've made dealing with this situation a little easier. When a dispute is created, Commerce will now mark the transaction as disputed, which will immediately revoke any benefits from the purchase (for example, if it's for a subscription that moves them into a different group, they will be placed back into their original group; if it's a Downloads file, they won't be able to download it any more; if it's for a physical item that hasn't been shipped yet, the shipping order will be placed on hold).

Disputed Transaction
All transactions with currently open disputes can be accessed quickly from the transaction list. The transaction page will show you the status and reason for the dispute, and links to your Stripe dashboard where you can respond.
When the dispute is resolved, the transaction screen will be updated, with either the transaction being marked as refunded if the dispute is lost, or going back to paid if the dispute is won and the funds returned to you.

A dispute that was lost

A dispute that was won
 
 
Radar
Radar is Stripe's suite of fraud detection tools using machine learning and customisable rules to help detect fraudulent transactions.
Stripe will automatically blocks transactions is considers highest risk already. However, for "elevated" risk transactions, while Stripe would alert you of them so you could review them, Commerce would process the transaction normally.
In 4.3, Commerce will place any transactions which Radar reports as having an "elevated" risk level on hold for manual review, so you can decide whether to approve or not before the funds have been captured.
In addition, the transaction details screen for Stripe transactions now provides some additional information about Stripe's checks on the transaction, including the Radar risk level, if the CVC check passed, and if the billing address provided matches the card's billing address.
If a fraudulent transaction does make it through, you will now have the option to indicate this when refunding the transaction to help Stripe's anti-fraud systems learn.

We are happy to announce the new Invision Community 4.3 is available!
Some highlights in Invision Community 4.3 include...
Improved Search
We now support Elasticsearch for scalable and accurate searching that MySQL alone cannot provided. There are also enhancements to the overall search interfaces based on your feedback.

 
Emoji
Express yourself with native emoji support in all editors. You can also keep your custom emoticons as you have now.

 
Member Management
The AdminCP interface to manage your members is all new allowing you easier control and management of your membership.

 
Automatic Community Moderation
You as the administrator set up rules to define how many unique member reports a piece of content needs to receive before it's automatically hidden from view and moderators notified.

 
Clubs
The new Clubs feature has been a huge hit with Invision Community users and we are expanding it to include invite-only options, notifications, exposure on the main community pages, paid memberships, and more.
Custom Email Footers
Your community generates a lot of email and you can now include dynamic content in the footer to help drive engagement and content discovery. 
New Gallery Interface
We have reworked our Gallery system with a simplified upload process and more streamlined image viewing.
 
The full list follows. Enjoy!
Content Discovery
We now support Elasticsearch which is a search utility that allows for much faster and more reliable searching. The REST API now supports search functions. Both MySQL and Elasticsearch have new settings for the admin to use to set search-defaults and default content weighting to better customize search logic to your community. Visitors can now search for Content Pages and Commerce Products. When entering a search term, members now see a more clear interface so they know what areas they are searching in and the method of search. Member Engagement
Commerce can now send a customizable account welcome email after checkout. You can whitelist emails in the spam service to stop false-positives. REST API has many enhancements to mange members. Ability to join any OAuth service for login management. Invision Community can now be an OAuth endpoint. Wordpress OAuth login method built in. Support for Google's Invisible ReCaptcha. Groups can be excluded from Leaderboard (such as admins or bot groups). All emails generated by Invision Community can now contain admin-defined extra promotional text in the footer such as Our Picks, and Social Links. Admins can now define the order of Complete Your Profile to better control user experience. Clubs
Option to make a Club visible but invite-only Admins can set an option so any Club a member is part of will also show in the parent application. So if you are in a Club that has a Gallery tab then those image will show both in the Club and in the main Gallery section of the community. Club members can now follow an entire Club rather than just each content section. There is a new option on the Club directory page for a list view which is useful for communities with many Clubs. If you have Commerce you can now enable paid memberships to Clubs. Admins can set limits on number of Clubs per group. If a group has delete permission in their Club, they can now delete empty containers as well. Members can ignore invitations. Moderation and Administration
Unrestricted moderator or administrator permission sets in the AdminCP are visually flagged. This prevents administrator confusion when they cannot do something as they will be able to quickly see if their account has restrictions. You can choose to be notified with a new Club is created. Moderators can now reply to any content item with a hidden reply. Download screenshot/watermarks can now be rebuilt if you change settings. Support for Facebook Pixel to easily track visitors. Moderators can now delete Gallery albums. Automatic moderation tools with rules to define when content should auto-hide based on user reports. Totally new member management view in AdminCP. More areas are mass-selectable like comments and AdminCP functions for easier management. New Features
Commerce now has full Stripe support including fraud tools, Apple Pay, and other Stripe features. Commerce packages can now have various custom email events configured (expiring soon, purchased, expired). Full Emojii support in the editor. Complete overhaul of the Gallery upload and image views. Announcements system overhaul. Now global on all pages (not via widget) and new modes including dismissible announcements and top-header floating bar option. Many new reports on traffic and engagement in the AdminCP. Blog has new view modes to offer options for a traditional site blog or a community multi-member blog platform. The content-starter can now leave one reply to Reviews on their item. Commerce now makes it much easier to do basic account-subscriptions when there is no product attached. Useful Improvements
Forums has a new widget where you can filter by tags. If tags are not required, the tag input box now indicates this so the member knows they do not have to put in tags. Member cover photos can now be clicked to see the full image. Any item with a poll now has a symbol on the list view. Twitch.tv embed support. You can now update/overwrite media in the Pages Media Manager. Mapbox as an additional map provider to Google Maps. Technical Changes
Direct support for Sparkpost has been removed. Anyone currently using Sparkpost will automatically have their settings converted to the Sparkpost SMTP mode so your email will still work. Your cache engines (like Redis) will be checked on upgrade and in the support tool to ensure they are reachable. Third-party applications will now be visually labeled to distinguish them from Invision Community official applications. The queued tasks list in the AdminCP is now collapsed by default as queued tasks are not something people need to pay much attention to during normal operations. When upgrading from version 3 series you must convert your database to UTF8 and the system saves your original data in tables prefixed with orig. The AdminCP now alerts you these are still present and allows you to remove them to reclaim storage space. On new installs there are now reasonable defaults for upload limits to keep people from eating up storage space. Categories in all apps (forums, gallery albums, databases, etc.) no longer allow HTML in their titles. This has been a concern both in terms of security and usability so we were forced to restrict it. Large improvements to the Redis cache engine including use for sessions. The login with HTTPS option has been removed and those who were using it will be given instructions to convert their entire community to HTTPS. Images loaded through the proxy system now honor image limits for normal uploads. We now consider BBCode deprecated. We are not removing support but will not fix any future issues that may come up.
 
There's a lot to talk about here so we are going to lock this entry to comments so things do not get confusing. Feel free to comment on upcoming feature-specific entries or start a topic in our Feedback forum.
 

Despite your best efforts, is engagement a problem for your community? You have your site promotion running well and you are seeing plenty of traffic but it doesn't convert into comments, posts or reactions?
Invision Community is a powerful platform that offers layers of complexity for the many sites it powers. When you are struggling to convert page views into comments, it's worth taking a step back and evaluating your site from a new user's point of view.
We'll take you through our 6 best tips to simplify your site and increase engagement using built in tools.
#1 Use Social Sign In with at least Facebook and Twitter enabled.
Social sign in makes it easy for causal visitors to become content contributors by creating an account. Social sign in removes the complex registration form that may put some off.

 
It's a fact that most people visiting your site will have either a Facebook account or a Twitter account. Use that to your advantage!
#2 Use Profile Completion
One of the biggest reasons sites fail to convert visitors into members is because of large or complex forms. If you have many required profile fields, your potential member is likely to abandon the form. Use the Profile Completion system with fewer fields where possible for a simpler registration form.

 
The Profile Completion system allows new members to complete their profile in their own time. Of course, you can still enforce vital fields before members can contribute.
#3 Use Fluid View
Traditional forums can be a little daunting to site visitors used to Facebook. The top down categorisation is a strength for separating conversations. Yet, it can be confusing for a first time visitor to navigate.

 
Fluid view breaks down these boundaries by presenting your conversations in one simple list. By removing the need to jump between forum containers, new visitors are encourage to keep diving deeper into your conversations. An engaged visitor is more likely to contribute.
#4 Keep your forum structure simple
Even with fluid view enabled, complex forum structures can confuse. Consider a brand new forum with a hundred different conversation areas. Would a new user know where to go and post? Would they be put off thinking they are posting in the wrong area? The best advice is always start off with as few forum containers as possible and increase them as your community grows.
#5 Use Reactions
One of the simplest ways to increase engagement is to turn on Reactions. Reactions allow other members to leave feedback on a post in a few clicks. The default reactions allow one to like, give thanks, express confusion, sadness or happiness. You can add your own reactions to tailor the platform to your niche and personality.

 
Non-verbal engagement is important for your active posters. If they receive reactions to their posts, they are more likely to reply more and return often to see what feedback they have received.
#6 Use the Sign In/Sign Up widget
A very simple way to increase visitor to member conversion is to just ask them to register. Invision Community ships with a drag and drop widget that you can use to outline what your site is about and encourage registration.

 
In one very simple but prominent box, you can see what the site is about and how to join in.
Summary
New and existing communities should take a moment to see their site through a new visitor's eyes. Consider how easy your structure is to navigate and how many barriers to registration there are.
You can streamline both registration and conversation presentation with our built in tools. The key to increasing engagement is to make it a simple as possible to join your community. Make sure your barriers or entry are set low.
Not using Invision Community? We can convert you from other platforms preserving your data. Our migration page has more information on the platforms we can convert you from.

It's hard to believe that we're close to wrapping up 2017 already. It seems like only yesterday we were putting the finishing touches to Clubs, Fluid View, Profile Completion and all the other new features added this year. We're not resting though, Invision Community 4.3 is well underway and we'll be releasing news of its new features soon.
Our developers have been busy squashing bugs and release Invision Community 4.2.6. Regular visitors to our own community may have noticed that we've been running several search tests to improve the results search brings.
Our latest community articles continue to be well received. This month's highlights are:
In team talk we post a simple question that proved hard to answer.
As always, we'd love to hear what you think of our articles. If there's anything you'd like covered, just let us know below!
Thanks!
 
 
 

Making security considerations a key part of your community setup and maintenance can save you from many future headaches.
You've worked hard to get your community moving. Don't make yourself an easy target and undo that work.
Here’s our current advice to our customers.
 
1. Enable HTTPS
HTTPS is fast becoming the standard way to serve websites. In 2016, more than 50% of web requests were served under HTTPS for the first time. Chrome and Firefox now explicitly warn users on login forms that aren’t sending data over HTTPS, and it’s not hard to imagine that in the near future all insecure pages will receive the warning.
HTTPS simply means that website data is served over a secure connection and can’t be read or tampered with by a ‘middle man’ hacker. You can identify a site using HTTPS because the address in your browser will show ‘https://’ (instead of http://), and normally a lock icon or the word ‘secure’.
Invision Community supports HTTPS by default simply by changing your base URL configuration to include HTTPS. Of course your web host will need to support it as well and our Invision Community Cloud services support it by default. Contact support if you have any questions.
Recommendation: Set up HTTPS for your entire community to prevent ‘man in the middle’ attacks.

2. Set up Two Factor Authentication
Invision Community supports Two Factor Authentication (2FA for short), and we highly recommend making use of this feature for your users, but especially for your administrator staff.
2FA is a system that requires both a user’s password and a special code (displayed by a phone app) that changes every few seconds. The idea is simple: if a user’s password is somehow compromised, a hacker still wouldn’t be able to log in to the account because they would not have the current code number.
You may already be familiar with 2FA from other services you use. Apple’s iCloud, Facebook and Google all offer it, as do thousands of banks and other security-conscious businesses.
Invision Community supports 2FA via the Google Authenticator app (available for iOS and Android) or the Authy service, which is able to send codes to users via text message or phone call. You can also fall back to security questions instead of codes.
You can configure which members groups can use 2FA, as well as requiring certain groups to use it. 
Recommendation: Require any staff with access to the Admin Control Panel or moderation functions to use 2FA, to ensure that no damage can be done should their account passwords be discovered. Allow members to use 2FA at their discretion.
 
3. Configure password requirements
The password strength feature displays a strength meter to users as they type a new password, showing them approximately how secure it is, as well as some tips for choosing a good password.
While you can leave this feature as a simple recommendation for users, it’s also possible to require them to choose a password that reaches to a certain strength on the meter. 
Recommendation: Require users to choose at least a ‘Strong’ password.
 
4. Use Admin restrictions
It’s very common that many different staff members need access to the Admin Control Panel depending on the role. You may have design staff, billing staff, community managers, and so on, all with particular tasks they would like to achieve.
Invision Community can help improve the security of your Admin Control Panel by allowing you to restrict the functions available to each administrator, granting them access to only the tools needed to do their job. 
Recommendation: Audit your community’s administrator accounts and applying restrictions where it makes sense to do so.
 
5. Stay up to date
It’s important to ensure you’re always running the latest release of Invision Community. With each release, we add new security features, audit code and fix any issues reported through responsible disclosure. Falling behind can therefore make your community a tempting target for potential hackers.
Your Invision Community Admin Control Panel will let you know when a new release is available, and you can also check out our Release page to track releases.
For our Enterprise customers, we’ll automatically apply updates for you shortly after release as part of your plan. For our self-hosted and Cloud customers, you can easily apply new updates via the Admin Control Panel with a couple of clicks.
Our Invision Community Cloud contains all best practices for security. However, if you are self-hosted, be sure to work with your web host to ensure your server is setup properly. Ensuring that server software, firewalls, and access controls are in place is very important as an insecure server can be your worst enemy.
Recommendation: Aim to install latest updates as soon as feasible.
 
6. IP address restrictions
For organizations where staff are centrally-based in one location, or are required to use a VPN, you can improve your community security by restricting access to the Admin Control Panel to the IP addresses your staff will be using. This is a server-level feature, so contact your IT team to have this facility set up your installation. Enterprise customers who wish to utilize IP restrictions should contact our Managed Support team, while Cloud customers can submit a support ticket to have this set up.
Recommendation: Where staff all access the community from a small number of IP addresses, restrict Admin Control Panel access to those IPs. 

Summary
Don’t leave security as an afterthought. Invision Community includes a range of tools to help you ensure your data and members protected, as well as industry-standard protections ‘under the hood’. Make use of these features, and they’ll help ensure the wellbeing of your site.
As always, if you have any questions or need advice, our support team are on hand to assist you.

We all know what a pain spam can be. We deal with it daily in our inboxes often relying on clever software to filter it out for us. Even worse, some spam is so well disguised that it can fool you into thinking it is a genuine message.
You've put in the hard work with your community. You've used the built in social promotion tools and SEO features to get it noticed. Now that it's indexing well with Google, you've become a target.
Invision Community has several tools in its arsenal to deal with spam leaving you free to concentrate on your members and content. We'll take a look at these tools in more detail.
First, it's important to know that there are two main types of spam. Computer generated and human generated.
Computer generated spam is malicious software that throws millions of messages out and hopes some sticks to high profile communities.
Human generated spam is more pernicious as it can often bypass automated measures. Human spammers often register accounts and post as members on your community.
 
The first line of defense
Invision Community comes equipped with Spam Defense. This is free with all cloud and licensed plans. Spam Defense harnesses the combined knowledge of thousands of Invision Communities. It will assess the potential threat of each new user and stop them before they can cause any problems.
To date, Spam Defense has blocked over 3,000,000 spam accounts.
Spam Defense works by evaluating the registering member against its database. It will score the account from 1 (not a spammer) to 4 (a known spammer) allowing you to decide what to do with each level.
 

If a spammer gets past the Spam Defense, flag them as a spammer using the built in tools. This will clear up all their posts in a single action and report back to Spam Defense that this account has spammed your site. These community led reports allow Spam Defense to learn and adapt.
 
Preventing spammers from registering
The CAPTCHA ("Completely Automated Public Turing test to tell Computers and Humans Apart") is a well tested and robust method to defeat computerised spammers. It is usually a small widget on a sign up form that asks you to re-enter words shown in an image.
Invision Community supports Recaptcha2 by Google, meaning that in most cases your users don't even have to type in random letters. Instead, Google algorithms determine if the user is human or otherwise. Invision Community supports KeyCaptcha. This requires guests to solve a simple problem before they can contribute.

 
The Question and Answer challenge works on its own or in conjunction with a CAPTCHA. This system allows you to create simple question and answer challenges unique to your community. As these answers are unique, computerized spammers cannot solve them. Also, human spammers not knowledable with your niche are often unable to solve them too.
While the above are great for reducing the number of computerized spammers, we need to be especially clever to weed out human spammers.
 
Dealing with human spammers
Smart configuration of your community will also help in defeating spammers. Invision Community supports posting without registering. This feature allows for fast engagement but use it with caution. It works best if you only allow it for specific forums.
Invision Community's membership promotion system also has tools which you can leverage.
To make your site less appealing to human spammers, you can configure two membership groups. Let us look at an example which uses "New Members" and "Members".
"New Members" is the default group for new registrations. In this group you can remove the ability to add a signature to each post. Often spammers use signatures to earn referrals on links.
You can also define a limit for posts per day. This will throttle the number of spam posts a member can make.
 

Now that you have your "New Members" group set up to build trust, you can promote them using Group Promotions.
A good strategy is to promote them to "Members" when they have reached a certain level of reputation. This shows that they have become a trusted member of the community.
You may wish to promote them a week after joining knowing that spammers usually leave after a day or so.
There are many different criteria you can use allowing you to tailor it for your own needs.
 
Summary
Dealing with spam is a reality for every successful community. Invision Community has several features to mitigate its impact.
Through leveraging its built in tools to smart configuration, you can make your community a fortress against spam. In addition, our exclusive Spam Defense system grows and learns every day stopping spammers from registering.
To learn how to configure Invision Community's spam prevention tools, please see our help guide.
Not using Invision Community? We can convert you from other platforms preserving your data. Our migration page has more information on the platforms we can convert you from.

This week, we were inspired to discuss home automation after @Joel R raised the question in a topic.
With so many commercial options available now, such as Alexa, Siri and Google Home, we started discussing what automation we have in our homes. This week we'll focus on the a few team members who have heavily automated teams. Although @bfarber's answer "I have kids to help automate the home" was a clear winner.
Marc S (Support technician & cycle injury enthusiast)
For me I just have Hive, which is automation for my central heating system, and an Echo. So I can tell my heating to switch on and off by speaking to the echo if I wish, but to be honest its very rare that I do so. I tend to just use my phone, as it would rely on me being in the same room as my echo. 
I have some lights which are on sensors in my en-suite, and in my entrance hall. I have thought about getting bulbs I can switch on and off with voice control, but I'm honestly not sure how much they would be used in comparison to what they cost to buy. Because of the way my lights are configured, it would cost a fortune to do (for example my living room would need 5 bulbs for the main light). If I decided to go down that route, I would be looking for lightswitch adaptations, rather than bulbs.
Andy  (Developer and Support technician)
This is a hobby of mine so might be a long answer! When I fully renovated my apartment I took the opportunity to go wild and put structured cabling and do all the prep work for a complete system. I use a system designed and manufactured by a company in my local area (Idratek.com) as the “controller” which handles heating, lighting, presence detection, intercoms, door locks etc and binds everything together. I installed everything myself and in total used about 2km worth of cat5e wiring with hidden magnetic reed switches recessed in door and window jams. I’ve then extended this by adding integrations with other things such as Hue lighting, automated curtains, zoned heating, a smart kettle and cameras etc. A particular favourite of mine is the integration with Logitech Squeezebox. If somebody rings the doorbell or calls me on Skype then the volume automatically decreases in the room I’m in so I can take the call.

This system goes beyond the mainstream ad hoc automation kits such as Hue and other retail “smart” products in that it’s not just motion detection but presence. So for example if you’re in a room and the doors and windows are closed the system knows you are in that room until the door is opened. So if you’re sat still reading the light won’t turn off on you but it will still turn off automatically as soon as you leave. There’s no relying on extended 10 minute time outs. Lighting is controlled using internal and external light level sensors too so there’s no messing about adjusting the on/off times with seasonal changes.

The system has all the usual smartphone controls but the idea is that it is truly “smart” in that once set up there is little intervention required. Heating is weather compensated for example and although curtains open automatically once the sun comes up, they won’t do so if you’re still in the room to prevent inadvertent flashing to neighbours. If you open a window in a room then the radiators in that room and connecting rooms are automatically switched off so you’re not wasting money heating the outside. I like to kid myself that I’m saving money but in reality the money I have spent probably exceeds any savings I will make in two lifetimes. So if I’m not saving money at least I’m being eco friendly whilst having some fun seeing how far I can push the tech.
Mark W (The Senior Developer)
I'm not as crazy as Andy, but I do have quite a bit of stuff:
All the lights in the house are Hue. These are coupled with motion sensors (Hue motion sensors which also handily double as temperature and light sensors) but for completeness, I took all of the light switches off the walls, replaced the switches with a blank plate which I then added Hue Dimmer Switches on top of - this means that I can still use "normal" light switches when I want to. I have a Hive thermostat, and wrote a Homebridge plugin (https://github.com/mark-wade/homebridge-hive) to allow me to control it with Homekit, which is what I use to tie all my stuff together (Homebridge itself is running on a Raspberry Pi) I have a coffee machine and kettle from Smarter, which I also have Homebridge plugins for. Every room has a Sonos (Play:1 in bedroom and bathroom, Play:3 in office, kitchen and living room), again with Homebridge plugins I have automation set up to:
Turns the lights and music on and off as I move throughout the house Turn the coffee machine on after I go into my office in the morning Turn everything off and turn the thermostat down once everyone has left the house But, because I use Homekit to tie it all together, I also use Siri quite a lot. "Hey Siri, turn the coffee machine on" literally never gets old.
I'd really like to get a smart door lock and window blinds, but I'm still waiting for products that are actually decent to arrive on the market (there's a lot of US-centric stuff available, but here in the UK we normally need to wait a bit longer).
 
Mark H (Support Technician and part-time Phil)
I use an ISY-994i by Universal Devices, which controls *almost* all lights in the house, the door locks (Schlage Z-wave), and is integrated with my: 
Elk security system OneLink fire/CO alarms 3 Raspberry PI's with temperature sensors (DS2482-100 I2C to 1-Wire IC)  Logitech Harmony Davis weather station (Vantage Pro 2)
The mobile App I use to control this all, is Orchestrated Mobilinc.
Daniel (Support Technician and Developer)
A Raspberry Pis running HomeBridge
2 Amazon Dots + 3 Logitech Harmony Hubs & Elite Controllers allow me to control everything via remote controls, phone or voice.
Lights: Hue
Sound: Sonos in all rooms
I have also dozen of homekit compatible sockets to control some none smart devices via the system.
The Harmony Hub but also the Raspberry allow me also to control Dyson Fans.
Since I moved to a Samsung Phone it's quite a mess because I had to find an alternative to control the homekit stuff
Quite clearly, giving developers a box of gadgets and some spare time can lead to very creative things. Do you have any home automation? Do you prefer Alexa to Google Home? Do you also want to move into Andy's house? Let us know.
 

This entry is about our IPS Community Suite 4.2 release
 
Improved Stripe Integration
Stripe is a popular payment gateway that supports card payments. In IPS Community Suite 4.2 we have made some improvements to our integration:
When viewing a transaction in the AdminCP, it will show the last 4 digits of the card used, and the result of Stripe's risk evaluation. More information is sent to Stripe for easier cross-reference between Stripe's control panel and your AdminCP. This includes the customer's name, billing and shipping addresses, email address, associated transaction/invoice/customer IDs, and the invoice title.  

Stripe Transaction in the AdminCP showing risk evaluation and card details

Transaction in Stripe's control panel showing customer and invoice details
 
Anti-Fraud Improvements
Anti-Fraud Rules now have some additional filters:
Products being purchases includes... Account was registered more/less than [x days] ago Customer is/isn't in group Customer has previously spent more/less than Time since last purchase is more/less than [x days] ago Custom profile fields (both at member and customer level) IP address is x (exactly, contains or matches regular expression) Customer has previously made transactions that failed (opposed to "were blocked by fraud rules") Email address matches regular expression
Some of the new Anti-Fraud Rule options
 
MaxMind per gateway
A new setting has been added that allows you to run MaxMind only against transactions using particular payment gateways.

New MaxMind gateways setting
 
Transaction Search
You can now enter the transaction ID provided by the payment gateway in the AdminCP search box to find a transaction.

Looking up a transaction by gateway ID
 
Renewal Savings
If you have a product with multiple renewal terms, a new setting allows you to show alongside each option how much is saved. This can be shown either as a monetary value, or as a percentage.

Product showing savings for different renewal options