Dennis_87

We are happy to announce the new Invision Community 4.3 is available!
Some highlights in Invision Community 4.3 include...
Improved Search
We now support Elasticsearch for scalable and accurate searching that MySQL alone cannot provided. There are also enhancements to the overall search interfaces based on your feedback.

 
Emoji
Express yourself with native emoji support in all editors. You can also keep your custom emoticons as you have now.

 
Member Management
The AdminCP interface to manage your members is all new allowing you easier control and management of your membership.

 
Automatic Community Moderation
You as the administrator set up rules to define how many unique member reports a piece of content needs to receive before it's automatically hidden from view and moderators notified.

 
Clubs
The new Clubs feature has been a huge hit with Invision Community users and we are expanding it to include invite-only options, notifications, exposure on the main community pages, paid memberships, and more.
Custom Email Footers
Your community generates a lot of email and you can now include dynamic content in the footer to help drive engagement and content discovery. 
New Gallery Interface
We have reworked our Gallery system with a simplified upload process and more streamlined image viewing.
 
The full list follows. Enjoy!
Content Discovery
We now support Elasticsearch which is a search utility that allows for much faster and more reliable searching. The REST API now supports search functions. Both MySQL and Elasticsearch have new settings for the admin to use to set search-defaults and default content weighting to better customize search logic to your community. Visitors can now search for Content Pages and Commerce Products. When entering a search term, members now see a more clear interface so they know what areas they are searching in and the method of search. Member Engagement
Commerce can now send a customizable account welcome email after checkout. You can whitelist emails in the spam service to stop false-positives. REST API has many enhancements to mange members. Ability to join any OAuth service for login management. Invision Community can now be an OAuth endpoint. Wordpress OAuth login method built in. Support for Google's Invisible ReCaptcha. Groups can be excluded from Leaderboard (such as admins or bot groups). All emails generated by Invision Community can now contain admin-defined extra promotional text in the footer such as Our Picks, and Social Links. Admins can now define the order of Complete Your Profile to better control user experience. Clubs
Option to make a Club visible but invite-only Admins can set an option so any Club a member is part of will also show in the parent application. So if you are in a Club that has a Gallery tab then those image will show both in the Club and in the main Gallery section of the community. Club members can now follow an entire Club rather than just each content section. There is a new option on the Club directory page for a list view which is useful for communities with many Clubs. If you have Commerce you can now enable paid memberships to Clubs. Admins can set limits on number of Clubs per group. If a group has delete permission in their Club, they can now delete empty containers as well. Members can ignore invitations. Moderation and Administration
Unrestricted moderator or administrator permission sets in the AdminCP are visually flagged. This prevents administrator confusion when they cannot do something as they will be able to quickly see if their account has restrictions. You can choose to be notified with a new Club is created. Moderators can now reply to any content item with a hidden reply. Download screenshot/watermarks can now be rebuilt if you change settings. Support for Facebook Pixel to easily track visitors. Moderators can now delete Gallery albums. Automatic moderation tools with rules to define when content should auto-hide based on user reports. Totally new member management view in AdminCP. More areas are mass-selectable like comments and AdminCP functions for easier management. New Features
Commerce now has full Stripe support including fraud tools, Apple Pay, and other Stripe features. Commerce packages can now have various custom email events configured (expiring soon, purchased, expired). Full Emojii support in the editor. Complete overhaul of the Gallery upload and image views. Announcements system overhaul. Now global on all pages (not via widget) and new modes including dismissible announcements and top-header floating bar option. Many new reports on traffic and engagement in the AdminCP. Blog has new view modes to offer options for a traditional site blog or a community multi-member blog platform. The content-starter can now leave one reply to Reviews on their item. Commerce now makes it much easier to do basic account-subscriptions when there is no product attached. Useful Improvements
Forums has a new widget where you can filter by tags. If tags are not required, the tag input box now indicates this so the member knows they do not have to put in tags. Member cover photos can now be clicked to see the full image. Any item with a poll now has a symbol on the list view. Twitch.tv embed support. You can now update/overwrite media in the Pages Media Manager. Mapbox as an additional map provider to Google Maps. Technical Changes
Direct support for Sparkpost has been removed. Anyone currently using Sparkpost will automatically have their settings converted to the Sparkpost SMTP mode so your email will still work. Your cache engines (like Redis) will be checked on upgrade and in the support tool to ensure they are reachable. Third-party applications will now be visually labeled to distinguish them from Invision Community official applications. The queued tasks list in the AdminCP is now collapsed by default as queued tasks are not something people need to pay much attention to during normal operations. When upgrading from version 3 series you must convert your database to UTF8 and the system saves your original data in tables prefixed with orig. The AdminCP now alerts you these are still present and allows you to remove them to reclaim storage space. On new installs there are now reasonable defaults for upload limits to keep people from eating up storage space. Categories in all apps (forums, gallery albums, databases, etc.) no longer allow HTML in their titles. This has been a concern both in terms of security and usability so we were forced to restrict it. Large improvements to the Redis cache engine including use for sessions. The login with HTTPS option has been removed and those who were using it will be given instructions to convert their entire community to HTTPS. Images loaded through the proxy system now honor image limits for normal uploads. We now consider BBCode deprecated. We are not removing support but will not fix any future issues that may come up.
 
There's a lot to talk about here so we are going to lock this entry to comments so things do not get confusing. Feel free to comment on upcoming feature-specific entries or start a topic in our Feedback forum.
 

There are many strategies for growing your community, such as newsletters, mailing lists and advertising on other sites.
IPS Community Suite 4.2 puts a new tool at your disposal: promotions.
There’s no denying the popularity of social media. Worldwide, Facebook has 1.86 billion users active monthly. Every day, millions of people are using Facebook to speak with friends, to talk about their interests and to find new people to connect with.
Of that 1.86 billion people, a good portion of those are actively discussing topics your forum covers. There is a huge opportunity to tap into social media to join in the discussion and to promote your community and provide a venue to carry on the discussion.
For a while, we’ve had social media log in extensions, which means that your users can sign into your community simply by clicking a relevant button. We’ve also had the ability to share things to a personal Facebook account. These tools are great for your users, but how do they help you, forum owner?
IPS Community Suite 4.2 introduces a way to promote your content directly to your brand’s Facebook page and your brand’s Twitter account.
You can curate fun and engaging topics and share them. The workflow is simple. Simply browse your community and queue up interesting topics, comments, gallery items, blog posts or database articles for posting throughout the day to your brand’s social media accounts. You choose the schedule, the hashtags and the wording to send.
Let’s look at the feature set in more detail.
Your first stop is to set up the feature from the admin panel. The system will guide you through the necessary steps of connecting your Facebook and Twitter accounts. Once Facebook has been set up, you can select any page that you are an administrator of on Facebook.
 

The admin panel also offers scheduling options and permissions.
 

You can pre-set the times for when content will be posted. Facebook and Twitter both have analytic tools to determine when your visitors are most frequently online. A good tip here is to set the time to a slightly odd number, so 11:45am is better than 12:00pm as you are likely to catch the attention of someone waiting for lunch, or a lunchtime meeting.
 

You have full control over who can promote items to your social media accounts. You can specify by group or pick individual members who may not be in those groups.
Now that you’ve set up the backend, we can get promoting.
Each item, that is a topic, gallery album, blog entry or article has its own Promote button.

 
Each post and comment can also be shared individually, which is an easy way to share great content your visitors add to existing conversations.

 
Clicking this brings up the sharer.

 
This is where you can customize the text that is sent out to each social media channel. You’ll also notice space to promote this item within your own community in addition (or instead of) Facebook or Twitter, we will explore that shortly.
The sharer is smart enough to pull attachments already added in the post, and you can upload your own images to be sent. Generally, shared items that have an image get better organic reach than just text alone so you’ll almost always want to choose or add an image. Twitter can use up to 4 images, and Facebook allows 1000 pictures per album, but you’ll never want to upload that many!

 
Once you’ve filled out your content and picked your images, you can schedule the promotion. Generally, you’ll want to use the auto schedule option as this allows you to just stack up multiple items and let the auto scheduler post the items according to your pre-set schedule. You can also set a specific date and time if you are looking to run a promotion or other time sensitive event.


The promoted content viewed in Facebook and Twitter
It’s easy to see the status of your queued and sent items from the moderator view.

 
This area allows you to see previous promotions and modify pending promotions.
Earlier, we mentioned that the system has the ability to promote content internally. Promoting items to your own community lets you, the community manager, curate interesting items and comments and present this to your community. This is a great way to allow your visitors to explore content you think they’d enjoy.

 
Promoting content to your community via Our Picks also allow you to promote content if you cannot or choose not to use social networks. It has the advantage that social networks do not have over a community platform like IPS Community Suite: consistency. The content on your community is always there whereas a social network is all about right here right now. Miss it and you miss out. On your community you can engage and re-engage a subject all you want. 
Of course, we’ve built a widget that you can drag and drop to most pages to make this curated list more visible.
IPS Community Suite 4.2 gives you, the site owner and community manager the tools you need to reach out and engage new users already discussing the topics on social media your community covers. With single click sign in and the built in retention functionality the suite offers, you’ll have a powerful way of growing your user base. It furthers that goal by created a list of that promoted content for continual reference and promotion for visitors already on your site.
We’ve got lots more to discuss on this subject, and in the coming months we’ll be putting together some guides on social media best practices and how to leverage Facebook’s excellent post promotion / pay per click tools to further boost your site’s visibility to social media users.
We’re here to help you make a success of your community and to give social media users a venue for when they outgrow Facebook.

This entry is about our IPS Community Suite 4.2 release.
IPS Community Suite has long had a reputation system; first we had a simple up/down system, later updated to introduce a Likes system as an alternative. Whichever system you chose to use, it tied in with our reputation system.
We're pleased to introduce the latest updates to the reputation system, and it's something that has been requested for quite some time: Reactions.
Quite simply, reactions allow users to offer more fine-grained sentiments towards content than a simple up/down or 'like'. They are now in common usage on social networks, and so users expect to be able to be more nuanced in their response to something they see.
Let's see how they work in a post, and then cover the options you'll have available.

What you see above is the default setup for a site that has used the Like system in version 4.1. We include 5 reactions by default:
Like Thanks Confused Sad Haha If you currently use the older style up/down reputation system, don't fret - you'll still get the new reactions on upgrade, but they'll be disabled by default and instead the new reaction UI will show up/down reactions. This gives you the flexibility to decide which of the new reactions, if any, you want to allow.
So, those are the basics - but what configuration options can you expect to see? First, you can of course add your own reactions! We expect that beyond the default reactions you'd expect to find, some sites will want reaction types specific to their use-case. On an intranet, you might want to have 'agree' and 'disagree' reactions for staff to use when responding to discussions. On a gaming community, you might replace the icons to be some graphic from a video game that means something to your particular userbase. There's a wealth of possibilities.
Each reaction you set up can be configured to adjust the original author's reputation count - a reaction can be positive (i.e. award a reputation point), negative (i.e. subtract a reputation point), or neutral (i.e. leave the reputation count unchanged). Our default set won't include any negative reactions, but you are free to configure these and new reactions to suit your own use-case. A user's total reputation count is still shown alongside their content and in their profile, of course.
If you don't want to use the new reactions for whatever reason, you can disable all of them except Like, and it'll behave just the like 4.1-and-earlier system:

 
Sites that currently use the up/down system don't show a list of names of users, and instead show an overall reputation score for the content. With the new reaction system, you can enable this even if you don't use up/down reactions. This is great if you plan to use reactions as, for example, an agree/disagree system, or where the content score is more important to your site than the individual reaction types.

How the reaction UI looks with the 'count only' setting enabled
As you'd expect, you can click individual reaction counts (or the overall reputation score, if you enable that setting) to view who reacted to the content. This remains a permission setting that you can apply per-group.

On touch devices, on-hover functionality is not suitable, and so for these devices the reactions UI looks like this:

Reactions play well with all areas of the suite, including Recommended Replies:

...and activity streams...

...and a couple of places we aren't quite ready to reveal yet  
 
We hope you're looking forward to this new feature as much as we are. It's already been a hit on our internal testing site, and we're looking forward to seeing how clients customize it for use on their own community.
Developer note: Reactions are one of two new features (the other currently unannounced) so far that make use of PHP Traits.

We are excited to announce the Leaderboard as the latest all new feature of IPS Community Suite. The new Leaderboard is designed to better highlight your most active members and content based on reputation and other metrics. The Leaderboard will greatly enhance both member and content discovery on your community.

Leaderboard Home
First you will notice the new feature of member leaders based on a specific time frame. In the example above it is set to All Time showing those members with the most reputation overall on your community. It also shows the content with the most reputation for the same timeframe so you get a snapshot of both popular members and popular content in one view.

Past Leaders
The Past Leaders tab shows the "winners" of each day in a history. The system counts all reputation made each day and logs the members who had the top reputation counts that day. Using reputation rather than post count encourages your members to post quality of quantity which is really important to any site.

Winner Profile Badge
Those who win the day also get a badge on their profile page to highlight that they were the member with the most reputation for a particular day.

Top Members
Top Members shows you a list of all members sorted by various metrics. By default you will see members sorted by reputation but you can also easily sort by total post content Suite-wide or per-app. All of these views can be linked directly to so if you wanted a menu item to show members who post the most files in Downloads you can just directly link to that sort view.

Leaderboard Settings
There are various settings to control the default behavior of the Leaderboard. You can define the default view and how many members to show which is helpful to tailor it to your needs.
We hope you enjoy this initial launch of the new Leaderboard feature. We are excited about the new content and member discovery abilities this offers and look forward to adding new options to the Leaderboard as we continue to develop!
 
This change will be in version 4.1.17 which is scheduled to be released in early December 2016.

For our self-hosted customers, we wanted to give you advanced notice that support for PHP 5.4 in the IPS Community Suite will be ending soon. IPS Community Suite 4.1.11 will be the last release to support this version of PHP.
PHP 5.4 was released in 2012 and reached 'end of life' in September 2015, and so we will be requiring at least PHP 5.5 from IPS Community Suite 4.1.12 onwards. We do recommend PHP 5.6 or greater as 5.5 is approaching end of life as well.
If you currently use PHP 5.4, please contact your host and ask them to upgrade to a supported version as soon as possible.
If you would rather not have to worry about server-level issues like this, consider switching to one of our Community in the Cloud plans. They include all of our suite apps and we take care of all of the server management for you, leaving you to focus on running your community. If you are currently self-hosting, we can transfer your community to a cloud plan for free, in most cases. Contact our sales team for more information.

Security should never be an afterthought for your community. All too often, site owners consider beefing up their security only when it's too late and their community has already been compromised. Taking some time now to check and improve the security of your community and server could pay dividends by eliminating the cost and hassle of falling victim to hacking in the first place.
Let's run down 7 ways that you can protect your community with the IPS Community Suite, from security features you may not know about to best practices all communities should be following.
 
1. Be selective when adding administrators
Administrator permissions can be extremely damaging in the wrong hands, and granting administrator powers should only be done with great consideration. Granting access to the AdminCP is like handing someone the keys to your house, so before doing so, be sure you really trust the person and that their role requires access to the AdminCP (for example, would moderator permissions be sufficient for the new staff member?).
Don't forget to remove administrator access promptly when necessary too, such as the member of staff leaving your organization. Always be aware of exactly who has administrator access at any given time, and review regularly. You can list all accounts that have AdminCP access by clicking the List Administrators button on the System -> Security page.
2. Utilize Admin Restrictions
In many organizations, staff roles within the community reflect real-world roles - designers need access to templates, accounting needs access to billing, and so forth. IPS4 allows you to limit administrator access to very specific areas of the AdminCP with the Admin Restrictions feature, and even limit what can be done within those areas. This is a great approach for limiting risk to your data; by giving staff members access to only the areas they need to perform their duties, you reduce the potential impact should their account become compromised in future.
3. Choose good passwords
This seems like an obvious suggestion, but surveys regularly show that people choose passwords that are simply too easy to guess or brute force. Your password is naturally the most basic protection of your AdminCP there is, so making sure you're using a good password is essential.
We recommend using a password manager application such as 1password or LastPass. These applications generate strong, random passwords for each site you use, and store them so that you don't have to remember them.
Even if you don't use a password manager, make sure the passwords you use for your community are unique and never used for others sites too.
4. Stay up to date
It's a fact of software development that from time to time new security issues are reported and promptly fixed. But if you're running several versions behind, once security issues are made public through responsible disclosure, malicious users can exploit those weaknesses in your community.
When we release new updates - especially if they're marked as a security release in our release notes - be sure to update as promptly as you can so you receive the latest fixes. Your AdminCP will also let you know when a new version is ready for download.
5. Use .htaccess protection for your AdminCP
In addition to IPS4's own AdminCP login page, you can set up browser-level authentication, giving you a double layer of protection. This is done via a special .htaccess file which instructs the server to prompt for authentication before access to the page is granted. IPS4 can automatically generate this file for you - simply go to System -> Security in your AdminCP, and enable the "Add a secondary admin password" rule.
And it should go without saying, but to be clear: don't use the same username or password for both your .htaccess login and your admin account, or the measure is redundant!
6. Restrict your AdminCP to an IP range where possible
If your organization has a static IP or requires staff members to use a VPN, you can add an additional layer of security to your community by prohibiting access to the AdminCP unless the user's IP matches your whitelist. This is a server-level feature, so consult your IT team or host to find out how to set it up in your particular environment. If you're a Community in the Cloud customer, contact our support team if you'd like to set up this protection for your account.
7. Properly secure your PHP installation
Many of PHP's built-in functions can leave a server vulnerable to high-impact exploits, and yet many of these functions aren't needed by the vast majority of PHP applications you might run. We therefore recommend that you explicitly disable these functions using PHP's disable_functions configuration setting. Here's our recommended configuration, although you or your host may need to tweak the list depending on your exact needs:
disable_functions = escapeshellarg,escapeshellcmd,exec,ini_alter,parse_ini_file,passthru,pcntl_exec,popen,proc_close,proc_get_status,proc_nice,proc_open,proc_terminate,show_source,shell_exec,symlink,system Another critical PHP configuration setting you need to check is that open_basedir is enabled, especially if you're hosted on a server that also hosts other websites (known as shared hosting). If another account on the server is comprised and open_basedir is disabled, the attacker can potentially gain access to your files too.
Naturally, Community in the Cloud customers needn't worry about either of these steps - we've already handled it for you!
 
So there we go - a brief overview of 7 common-sense ways you can better protect your community and its users. As software developers, we're constantly working to improve the behind-the-scenes security of our software, but as an administrator, there's also a number of steps you should take to keep your community safe on the web.
If you have any tips related to security, be sure to share them in the comments!