LiquidFractal

Version 4.1.19 is now available in the client area!
This release focuses on bug fixes and performance along with some new key features.
Ability for members to lock and unlock their own content
We've added a new group level option to allow members to lock and unlock their own content. This is disabled by default.

Messenger Quota Display
To help diagnose issues your members may find, we now display their personal message quota in the ACP.

Default view for Activity Stream
When creating a new activity stream, you can specify either expanded or condensed as the default view. This is especially handy for streams you wish to share with other members.

Other key changes include:
Performance and speed improvements. A new moderator setting to restrict users from ignoring moderators. A new group setting to hide a group from filters in search. When moving content moderators are now prompted for where you want to be redirected after the action. An email is now sent when an account is locked for too many bad login attempts. Check out the Release Notes for a full list of changes.

We are well into development on IPS Community Suite 4.2 and are excited to start announcing all the new features and improvements.
Our next big release is focused on engagement with your members. You will see enhancements to our Reputation system, new ways to encourage people to register on your community, and enhancements to existing features to make them more interactive. There are also entirely new capabilities we cannot wait to show you ranging from new ways to organize content to tools to help promote your community.
Version 4.2 also features a refreshed AdminCP and default front-end design. Theme changes in 4.2 are mostly in the CSS framework so your existing themes will either work without issue or require minor changes to work in the new version.
Over the next several weeks we will be posting news entries with previews of upcoming features fairly often. Be sure to follow our News section, our Facebook, or Twitter to stay up to date.
We expect IPS Community Suite 4.2 to be out in mid-2017 with a public preview available sooner.
Everyone at IPS has worked very hard on this update and we think you will love it!

This entry is about our IPS Community Suite 4.2 release.
There are many Calendar related improvements in 4.2 designed to make adding and engaging with events easier than ever before. First of these is Event Reminders. 
Reminders are easy to create. Simply use the Set Reminder button shown on all future events and specify when you would like your reminder.

Choose when you would like to be reminded
Changed your mind? Simply adjust the reminder or remove it altogether.

Easily adjust existing reminders
When the time comes a notification will be sent via the member's chosen email or inline method.

Receive inline or email reminders using the standard notification settings
Event reminders are a simple but often requested feature and we're excited to be introducing it with 4.2. Don't forget to follow the News & Updates section as we have many more announcements to help keep your members engaged.

This entry is about our IPS Community Suite 4.2 release.
Following on from our previous entry about the new Recommended Replies feature, we also have one more small feature change that will be very useful.
Content Message is a small feature available in all IPS Community Suite content areas (forums, blogs, gallery, etc.) and allows a moderator to put a message at the top of any item.

Topic with a moderator message
This is useful if you have a special use for the area people are posting in, need to encourage conversation to stay on topic, or perhaps the conversation is becoming heated and you need to remind people to behave.
Sometimes the smallest features can prove the most useful and already I have found myself reaching for this feature out of habit from using it on our test 4.2 installs and missing it on our production site. I cannot wait to have it available and I am sure you will enjoy the ability to add custom notes to any area of the Suite.
 
Development Note
For our power users: this feature and the Recommended Replies feature use a new content meta data capability. This allows you to store miscellaneous data that is attached to a content item which does not need to be otherwise searched or exposed unless you are viewing that item. We will provide technical details on this later but it is a really easy way to store data about content without having to create additional tables or methods.

This entry is about our IPS Community Suite 4.2 release.
Sometimes you may find situations where you want to highlight one or more replies to a content item to bring attention to a really great response. This is especially true on busy communities where you might have dozens or even hundreds of replies in a single discussion.
There is now an ability for a moderator to Recommend a reply (or multiple replies) and even leave an optional note explaining why they think you should view that post.

Moderator Permission

Optional note for recommended reply
When a reply is Recommended you will see a snippet at the top of the content item along with the optional moderator note and a link to jump right to that reply.

A topic with a recommended reply.
You can Recommend more than one reply and this feature works through IPS Community Suite in forum topic, blog entries, gallery images, and so on. You can set this permission along with other moderator permissions in the AdminCP.
We really think this will allow moderators to bring attention to some of the best replies and guide users to the best content your community has to offer.

We have had a question and answer feature in IPS Community Suite for some time and we are now happy to add Google Authenticator as another option. We have also combined the various options it a new Two Factor Authentication (2FA) section in the AdminCP with many more options.

Two Factor Authentication Settings
There are also new settings to control when a user is required (or not) to setup 2FA:

2FA Setup
You can control what areas will prompt for 2FA authentication:

2FA Area Control
And how the system should recover if a user cannot login via 2FA on their account:

2FA Recovery Settings
An administrator can configure these settings to tailor the security needs of their community. For example, you might want to require 2FA your admins and moderators but keep it optional for your members. 
On the front end your members will see a new Account Security section under their settings area.

Account Security Settings
Once authenticated, a user will then be able to enable various security options. For example, the Google Authenticator setup shows an easy to follow setup.

Google Authenticator Setup
We hope you enjoy this new level of system security. IPS has plans to add additional 2FA providers beyond Question and Answers and Google Authenticator. We will keep you updated!
 
This change will be in version 4.1.18 which is scheduled to be released in late January 2017.

We are improving our integration options with analytics tracking services to better track and credit all page views. Our focus here was to add the ability for IPS Community Suite to communicate with your analytics tracking provider of choice when it does page change events that do not otherwise get tracked.
Some tracking providers do not understand that an inline AJAX page load (one that loads new content without a full page refresh) should still count as a new page. Even though your browser did not do a full reload, all your content is different so it should count in your metrics.
To solve this issue, IPS Community Suite can now automatically put in custom code to execute on pagination. We include Google Analytics and Piwik code by default and there is also an option to include your own custom pagination event code for other services.

Analytics in AdminCP
If you already have your Google Analytics code in our existing (basic) analytics system then the Suite will detect this on upgrade and automatically enable the new pagination tracking. The screenshot above shows the "Other" option if you do not use Google Analytics or Piwik. If you have other providers you want us to consider just post a feedback topic.
Note: be sure that you embed Google Analytics into your Suite using the built-in analytics system. If you simply pasted the code into your theme templates then we cannot automatically enable the new tracking.
We hope this new feature allows for easier integration with analytics tracking providers and also gives you much better insight into your traffic by properly counting all the page views you may currently be missing out on!
 
This change will be in version 4.1.17 which is scheduled to be released in early December 2016.

We have added a selection of improvements to moderator workflow and some new features to generally make moderation easier.
We have already talked about a few new moderation improvements:
Default Warning Notes Tag Quick Edit Word and Link Improvements Now let's go over a few more new features that are designed to help moderation.
Multi Page Actions
When you split a topic or delete replies to some content that has multiple pages you would always be redirected back to the first page and first post. This could get a bit annoying if you were previously very deep into a conversation. We now try to remember where you were and keep your place after those items are removed.
Hide Unapproved Content
Previously you had only two options when viewing content that was pending moderator approval: delete and approve. You can now choose to hide an item rather than approving it so you can remove it from the approval queue without deleting.
Moderator Actions on Reports

Report Status
When a moderator changes a report status it now logs that action so other moderators can view when and who changed a status.
Display Name History

Display Name History
You can now see a display name history on the front end for a user. This can also be enabled for the public to see per-group if you want everyone to see the display name changes of a member.
Animated Profile Photos
You can now disable animated profile photos so your users cannot apply them to their profile. This will not go back and remove existing photos but will stop new additions.
IP Tools

IP Use Overview
The IP tools have had an update to make finding IPs with their related members and posts easier. This works with both IPv4 and IPv6.

IP Search
You can also search for all uses of an IP by member or wildcard search an IP to find all uses of an IP range.
 
These changes to moderator tools will help you better moderate your community and allow you to focus on member interaction rather than member management. In addition to the items linked at the top of this entry we have already talked about, these small changes come together to make moderation even easier in IPS Community Suite.
 
This change will be in version 4.1.17 which is scheduled to be released in early December 2016.

Tags are a powerful feature in IPS Community Suite 4 and we have seen clients using them in many ways to enhance content discovery on their site. Adding tags to an item is quite easy but modifying them after the fact requires you to edit the root content item. Not only is this tedious but it also then shows an edited-by line for that item even if all you did was change a tag.
To make this process more user friendly we now have the ability to quickly edit tags when viewing any content item. When you view an item that has tags enabled and you have permission to edit then you will see a link to edit tags.

Tag Quick Edit
That brings up an input box where you can manage your item tags without leaving the page to a full edit screen.

Tag Quick Edit Input
We have been testing the feature for a few weeks internally and it has already saved us time as we tag our discussions. But beyond that, and I think more important, is the fact that we find we are using tags more often. More use means more organization and filter possibilities of your content which is a great thing for busy, data-drive communities.
So we hope that not only will controlling your tags be faster an easier but you too find you use the tagging feature more often with this small but useful change.
 
This change will be in version 4.1.17 which is scheduled to be released in early December 2016.

Often when you are reading a topic, comments, or other posts, you will see team members replying. Although IPS Community Suite already allows groups to set up custom images and member titles, these replies can get lost in the noise.
Version 4.1.13 now allows you to switch on post highlighting per member group. This makes sure the reply stands out from the rest of the replies.

 
Of course, this feature works everywhere; from calendar comments to article replies.

 
The feature is switched on via the Group form in the ACP.

 
You can edit the look of the highlighting via the theme’s settings which allows for different color schemed per-theme.

 
We have also ensured that theme designers can get the most out of the system by embedding a data attribute noting the group of the author. This means that you can add custom CSS to use different colours per member group.

 
 
 
We think post highlighting will be a simple way to bring attention to member posts in groups that you define.
 
 

In line with our aim to make incremental improvements in each release, I wanted to go over a few of the small but useful changes to the personal messenger that you'll find in our next release, 4.1.13.
 
Read/unread filtering
The first improvement is that you can now filter the message list by read and unread, making it a little easier to browse through just the messages you're interested in.
 
Search improvements
Next up, the messenger search has been improved in a couple of ways; first, you can now also search the names of both the recipients and the senders, and second, we've added a menu so you can specify which fields in particular you want to search by.
 
Easier moving
Finally, we've added a popular request - the ability to use the mass-move tool inside the messenger. You can now check multiple messages, and the usual mass-action toolbar will appear that will allow you either move them to another folder, or, has been the case in the past, delete them.
 
While these are each small improvements by themselves, we hope the incremental changes in each release add up to a more pleasant experience for users. 

IPS4's theme system has a feature called template plugins, which are special tags that do something to the values you pass in. You'll see them throughout the templates - they look like this:
{lang="..."} This tag displays the language string for the key you pass into it, and is probably the most commonly used one. But there's many others too, so let's review some of the useful ones you can use in your themes and addons.
 
{member}
If you need to show any data about a member, the {member} tag is very useful. It's a shorthand that can display properties and call methods on a member object, so it's much neater than the manual approach. It's used like this:
// Get a property, like 'name' {member="name"} // Call a method, like 'link()' {member="link()"} By default, it will work with the currently logged-in member, but you can pass an id attribute to show data about any member:
// Show the name of member #67 {member="name" id="67"}  
{expression}
The expression tag allows you insert simple one-line PHP expressions into your templates. For example, if a variable is an array of values and you want to show one per line, instead of writing a loop, you could do:
{expression="implode( '<br>', $myArray )"}  
{prefix}
The prefix tag is unusual in that it's designed specifically for use in CSS files. It prefixes CSS styles with the various vendor prefixes, meaning instead of writing:
.myClass { -webkit-transform: scale(3) rotate(45deg); -moz-transform: scale(3) rotate(45deg); -o-transform: scale(3) rotate(45deg); transform: scale(3) rotate(45deg); } You can write:
.myClass { {prefix="transform" value="scale(3) rotate(45deg)"} }  
{hextorgb}
Continuing with the CSS theme, next there's the "Hex to RGB" tag. If you're a theme designer and want to use a theme setting value but apply some transparency, this tag will be particularly useful to you. Color theme settings are simple hex values, e.g. #000000. To apply some transparency, you need to use the rgba notation however (the 'a' meaning 'alpha channel', otherwise known as transparency). The {hextorgb} tag does this for you.
It accepts either a hex color, or a theme setting key. By default it outputs the same color in rgb notation, but if you want to add transparency, you can add an opacity parameter which will represent the alpha channel value.
{hextorgb="#ff0000"} --> rgb(255,0,0) {hextorgb="page_background" opacity="0.6"} --> rgba(235,238,242,0.6)  
{truncate}
Finally, there's the truncate tag. This tag takes some text (usually as a variable), and truncates it to the length you specify. By default it appends an ellipsis (...) to the end of the content, although this is configurable via the append parameter.
{truncate="$someLongText" length="300"} Note that this isn't designed to be used on HTML markup; you may break your page if HTML tags are included in the text. For those cases, consider using the javascript ipsTruncate widget instead.
 
I hope this overview of 5 lesser-known template tags will help you as you build themes or applications! Share your related tips in the comments.

We are currently beta testing our next release, 4.1.12, which contains hundreds of bug fixes, dozens of improvements, as well as a handful of new features. In this post, I want to cover some improvements we've made to two key areas: activity streams and search.
Activity Streams
The first improvement we made is to change how the expanded/condensed toggles are displayed to improve their clarity. From studying the feedback from administrators and users, we discovered that many people did not realize the view could be changed. To improve this, the toggles now explicitly say 'Condensed' and 'Expanded', making it much clearer how the view can be toggled to your own preference.

More clearly marked expand and condense options for Activity Streams
Next, a common point of feedback about Activity Streams is that clicking a result and then hitting the Back button in the browser means you are put back at the first batch of results, losing your place in the stream. In 4.1.12 we improved this so that clicking Back will load the last batch of results you were viewing, enabling you to continue browsing from whence you left off.
Finally, in the Content Types menu we added an Apply button. We discovered that users were not always sure how to save the selection of content types they had made (which automatically happened when that menu was closed). To alleviate this, the new Apply button will save the selection and close the menu, updating the stream results in real-time as expected. You can still simply click out of the menu to apply changes as well.

The new Apply button in the Content Types menu
Search
While overall improvements to search (specifically the algorithms to match and return the results) are a matter of ongoing research and refinement which we will improve in the 4.2 series and beyond, 4.1.12 sees one small improvement to the options available to users. While you have always been able to search within a particular forum, category etc. while browsing that area, you were not able to retroactively filter into particular areas after performing a more general search. IPS Community Suite 4.1.12 adds this ability to the interface, allowing you to get more specific results from a particular area of the community.
Version 4.1.12 is currently in beta testing and should be released in the next two weeks.

We are currently beta testing our next release, 4.1.12, which contains hundreds of bug fixes, dozens of improvements, as well as a handful of new features. I wanted to introduce one of those new features: post preview.
Long-time users of our software will know that a post preview function was a standard feature, but we took the decision to not include it in the initial IPS4 release. It had a couple of drawbacks:
it only applied to certain pages, such as topic view - other WYSIWYG editors simply didn't get a preview the workflow wasn't very good for modern web apps, requiring a round-trip to the server and a full page refresh When IPS4 was released, we felt that the built-in rendering of the editor was a sufficient preview of how the end result would appear. However, while analyzing ongoing customer and user feedback for IPS4 in its first year of release, we have seen that a preview still has a use. There are some circumstances when a true WYSIWYG experience is just not possible such as using more advanced formatting (like LaTeX) or when admins create certain custom editor plugins.
As a result, we rethought post preview. We wanted to ensure that all editors could be previewed, and that it didn't have a clunky workflow. In addition, since IPS4 uses a responsive theme, we wanted to give users the opportunity to preview how their post would look on different devices.
Here's the result, and what will be available in 4.1.12:

Post preview in IPS Community Suite 4.1.12
The preview is shown by clicking a new button on the toolbar (meaning it can be moved, removed, etc. just like the other default buttons). When the preview loads, the toolbar allows the user to resize it to different device sizes. If they are on desktop, they can also view it at tablet at phone sizes; on a tablet, it can also be viewed at phone size.
So now we not only show a true preview of what content will look like when posted, but we also allow you to preview how it will look on other devices. Of course that preview is just a best-guess since different devices have different window sizes but it does give you an idea.
We hope this reimagining of an old feature for a more modern web will please end-users and make posting content a more accurate process. Stay tuned for more updates on what's included in 4.1.12!
Version 4.1.12 is currently in beta testing and should be released in the next two weeks.

Occasionally you'll want to style a specific element on a specific page of your community - maybe you want to change how topic titles are shown inside a topic, or do something specific to the styles used in activity streams, without also altering other screens where the same elements are used.
Your first instinct might be to open the template editor and add some custom classnames so you can style them. This would certainly work, but the downside is your template is now customized, so any future IPS4 updates would leave the template out of date. Not ideal by any means.
Instead, you can use some helpful attributes that IPS4 adds to the body element, and then build a CSS selector around them. There's four attributes, and they always reference the current page the user is on:
data-pageApp - The application key (e.g. core, forums, cms etc.) data-pageModule - The current module with the application (e.g. pages) data-pageController - The current controller within the module (e.g. topic, page etc.) data-pageLocation - Either admin or front. So let's say we want to change how the .ipsPageHeader element looks within topic view. Our selector would look like this:
body[data-pageapp="forums"][data-pagemodule="forums"][data-pagecontroller="topic"] .ipsPageHeader { ...your styles } If you don't want to be that specific, you can just use the attributes you need. For example, if you want to change all .ipsPageHeader styles in the Forums app, you'd do:
body[data-pageapp="forums"] .ipsPageHeader { ...your styles } Tip: If you don't know the correct app/module/controller for the page you're on, you can find out by visiting the page and then viewing the page source. You'll see these attributes in the body tag near the top.
And as always, be sure you add your CSS to custom.css to keep your upgrades easy  
This theme tip is taken from our guides section.

We frequently encourage people to use custom CSS files when designing their themes. The reason for this is simple: it makes upgrading your site much easier because IPS4 can apply any changes to its own CSS files, and will leave your custom CSS files untouched. If instead you made edits to IPS4's CSS directly, it wouldn't be able to upgrade them automatically, which means more work for you, and a potentially broken UI on each upgrade.
Something that's not quite as common, but that we still strongly suggest, is using custom template bits as much as possible. The most common template you'd edit is globalTemplate, perhaps to include some extra resources in the <head>, a custom header, and maybe some footer pieces. The usual approach would be to simply add all of that custom HTML directly into globalTemplate, but my recommendation is that you instead create each piece as a custom template bit, and then include it.
With templates, it's not quite as much of a clear-cut benefit as with CSS; you'll still need to modify the original template in order to include your custom pieces of course. But there's still good reasons for doing so; it keeps your template as clean as possible, meaning if in a later upgrade you have to revert it to get the latest changes, reapplying your custom pieces is easy - you just add the template includes back in.
We've been taking this approach with all custom themes we've created since IPS4's release (dozens by my last count). We try and keep the naming convention consistent too. All custom templates are named _customABC.phtml and exist in the /front/global/ group in the core application. This puts them in an easy-to-find location, and because of the underscore prefix, they're shown at the top of the directory.

Example custom template bits in a custom theme
Using them is simple:
{template="_customHeader" group="global" app="core"}  
I hope this approach helps you keep your templates clean and more manageable! If you have any tips for working with your templates, please share them in the comments!

Our Pages app includes a powerful feature that allows you to create your own databases within the community. Within each database, you create custom fields (we support a number of custom types, from plain text fields, to YouTube embeds and more). And while we provide some generic, simple templates to display your data, custom templates allow you to more precisely control how your database looks in a manner best suited to your site.
Anyone who has created a Pages database will be familiar with using custom fields. You may have created a field for the title of your item, or an upload field so that the item contains a file for users to download. But beyond these straightforward uses, I wanted to explore some more advanced uses of custom fields. Fields don't necessarily have to be displayed to the user - or at least not in the usual way. We can use them as configuration options for our record display, or manipulate the data in order to show it in a different way. Let's take a look at some examples.
 
1. Adding an optional badge to records
We'll start with a fairly simple example. In our Guides section, we highlight guides that have a video tutorial by showing an 'Includes Video Guide' label on the listing:

We achieve this simply by having a Yes/No field that we turn on as needed. In the field format, we turn the Yes/No value into the label by setting the format to Custom and using this code:
{{if $formValue == 1}} <span class='ipsType_medium'><i class='fa fa-video-camera'></i> <strong>Includes Video Guide</strong></span> {{endif}}  
2. Using fields as a way to configure the record display
Fields don't necessarily need to be shown to users. Instead, we can use them as a means to configure the record display, giving us some really powerful flexibility in how we show records. In this contrived example, I'm going to create a field that changes the background color of the content.
Create a Select Box field. Each option key will be a hex color, while the value will be the name the record creator will choose. Set the field key to record_background Set the field formatting to Custom, and the format to simply: {$formValue}. This means it will output our hex value instead of the color name. In the display template assigned to this database for records, we can use the field like so: <div style='background-color: #{$record->customFieldDisplayByKey('record_background', 'listing')|raw}' class='ipsPad'> ...rest of the template... </div> Now, when you create a record, you can choose a color and that color will be used when the record is shown:
You can use this approach in others ways - toggles to control the layout of the record, or options for grid sizes, or even take an upload field for images and set the background of an element as that image.
 
3. Pass data to 3rd-party integrations
Pages has built-in support for several 3rd party integrations, such as Spotify, Soundcloud, YouTube and Google Maps. But using custom fields, you can pass data to other services too. Let's say we wanted to embed an iTunes album widget into each of our records - perhaps the album is relevant to the Pages record in some way and we hope to encourage some click-throughs. In this example, we'll use the embed.ly service. 
Create a URL custom field. Set the field key to itunes_album Set the field formatting to Custom, and the format to: <a class="embedly-card" href="{$formValue}">iTunes Album</a> <script async src="//cdn.embedly.com/widgets/platform.js" charset="UTF-8"></script> In your database display template, position the field as desired by adding: {$record->customFieldDisplayByKey('itunes_album', 'listing')|raw} Now when you add an iTunes album link to your record, you'll get an embed automatically!

This approach is great for a range of uses. Perhaps you have an Amazon Associates account and want to add a relevant product link to each of your records so that you earn a commission when users click through. Using database fields and templates in this way, it's easy to set up.
 
I hope that's given you some ideas of other ways you might use database fields in Pages. Share any interesting uses you've come up with in the comments!

Security should never be an afterthought for your community. All too often, site owners consider beefing up their security only when it's too late and their community has already been compromised. Taking some time now to check and improve the security of your community and server could pay dividends by eliminating the cost and hassle of falling victim to hacking in the first place.
Let's run down 7 ways that you can protect your community with the IPS Community Suite, from security features you may not know about to best practices all communities should be following.
 
1. Be selective when adding administrators
Administrator permissions can be extremely damaging in the wrong hands, and granting administrator powers should only be done with great consideration. Granting access to the AdminCP is like handing someone the keys to your house, so before doing so, be sure you really trust the person and that their role requires access to the AdminCP (for example, would moderator permissions be sufficient for the new staff member?).
Don't forget to remove administrator access promptly when necessary too, such as the member of staff leaving your organization. Always be aware of exactly who has administrator access at any given time, and review regularly. You can list all accounts that have AdminCP access by clicking the List Administrators button on the System -> Security page.
2. Utilize Admin Restrictions
In many organizations, staff roles within the community reflect real-world roles - designers need access to templates, accounting needs access to billing, and so forth. IPS4 allows you to limit administrator access to very specific areas of the AdminCP with the Admin Restrictions feature, and even limit what can be done within those areas. This is a great approach for limiting risk to your data; by giving staff members access to only the areas they need to perform their duties, you reduce the potential impact should their account become compromised in future.
3. Choose good passwords
This seems like an obvious suggestion, but surveys regularly show that people choose passwords that are simply too easy to guess or brute force. Your password is naturally the most basic protection of your AdminCP there is, so making sure you're using a good password is essential.
We recommend using a password manager application such as 1password or LastPass. These applications generate strong, random passwords for each site you use, and store them so that you don't have to remember them.
Even if you don't use a password manager, make sure the passwords you use for your community are unique and never used for others sites too.
4. Stay up to date
It's a fact of software development that from time to time new security issues are reported and promptly fixed. But if you're running several versions behind, once security issues are made public through responsible disclosure, malicious users can exploit those weaknesses in your community.
When we release new updates - especially if they're marked as a security release in our release notes - be sure to update as promptly as you can so you receive the latest fixes. Your AdminCP will also let you know when a new version is ready for download.
5. Use .htaccess protection for your AdminCP
In addition to IPS4's own AdminCP login page, you can set up browser-level authentication, giving you a double layer of protection. This is done via a special .htaccess file which instructs the server to prompt for authentication before access to the page is granted. IPS4 can automatically generate this file for you - simply go to System -> Security in your AdminCP, and enable the "Add a secondary admin password" rule.
And it should go without saying, but to be clear: don't use the same username or password for both your .htaccess login and your admin account, or the measure is redundant!
6. Restrict your AdminCP to an IP range where possible
If your organization has a static IP or requires staff members to use a VPN, you can add an additional layer of security to your community by prohibiting access to the AdminCP unless the user's IP matches your whitelist. This is a server-level feature, so consult your IT team or host to find out how to set it up in your particular environment. If you're a Community in the Cloud customer, contact our support team if you'd like to set up this protection for your account.
7. Properly secure your PHP installation
Many of PHP's built-in functions can leave a server vulnerable to high-impact exploits, and yet many of these functions aren't needed by the vast majority of PHP applications you might run. We therefore recommend that you explicitly disable these functions using PHP's disable_functions configuration setting. Here's our recommended configuration, although you or your host may need to tweak the list depending on your exact needs:
disable_functions = escapeshellarg,escapeshellcmd,exec,ini_alter,parse_ini_file,passthru,pcntl_exec,popen,proc_close,proc_get_status,proc_nice,proc_open,proc_terminate,show_source,shell_exec,symlink,system Another critical PHP configuration setting you need to check is that open_basedir is enabled, especially if you're hosted on a server that also hosts other websites (known as shared hosting). If another account on the server is comprised and open_basedir is disabled, the attacker can potentially gain access to your files too.
Naturally, Community in the Cloud customers needn't worry about either of these steps - we've already handled it for you!
 
So there we go - a brief overview of 7 common-sense ways you can better protect your community and its users. As software developers, we're constantly working to improve the behind-the-scenes security of our software, but as an administrator, there's also a number of steps you should take to keep your community safe on the web.
If you have any tips related to security, be sure to share them in the comments!

We have updated a few of our embed options in version 4.1.9. Our goal was to make the embeds more user friendly and give admins more control over embed in general.
When you paste in a link from common services like YouTube, Twitter, and so on the system tries to embed a nice box instead of just a link. For example, if I pasted in this link:
https://twitter.com/invisionps/status/708019275521363968 It would create this box:
New in version 4.1.9 you can now optionally choose to revert the automatic embed back to a simple text link.
So in the above example, when I pasted in my Twitter link, I saw a bar come up giving me the option to revert back to a link. This is useful when you do not want a formatted embed box but instead simply want to reference something and get the visitor to click the link. It is also useful when you want to reference something as part of a single sentence and not have a break in the flow that an embedded content box creates.
There is also a new AdminCP setting to completely disable embeds across your entire Suite. Some clients have communities where they like to keep things down to just simple, plain text. You could always disable formatting option button in the editor and now you can also disable automated embeds.
As a reminder, the following formats are supported with our embed system. Simply paste a link to any of these services and you will get a nice, rich embed experience that really encourages engagement on your community.
College Humor Facebook Flickr Gfycat Google+ Hulu Instagram SoundCloud Spotify Ted Twitter Vimeo Vine YouTube You can also embed links to anything inside of the IPS Community Suite. So you could paste a link to another forum topic in the comment on a Gallery image and it will show a preview of that topic rather than a simple link.
We are always open to suggestions so feel free to post in our feedback forum. Thank you!