Pescao6

🤔 Strange. I went ahead and upgraded from 4.5.2 to 4.5.3, deleted the theme I had previously installed, and installed the current version. It seems to be working ok, but I'll let you know if I encounter any problems.

This theme seems to be working so far so good for me on 4.5.2, but it appears it isn't compatible for 4.5.3 Do you happen to have an update for version 4.5.3? I was reading the Theme Differences Documentation and it seems like there are only a few minor changes that need to be made.

Did you update AdminCP > System > Posting > Remote images > Serve images from local server? > Insecure images (Recommended) ??? That should fix the error with your site showing as "unsecure" for displaying http images. But if you had a lot of http images on forum posts, those might need to be reuploaded or you might need to manually change the http to https on the HTML source code.

I think the accordion isn't working because the CSS is not getting saved on the guidelines. https://www.w3schools.com/howto/howto_js_accordion.asp I don't feel like editing my theme to put that in there, but I kinda like the way the new rules look using buttons to highlight the rules. @opentype Thanks for the help anyway. 🙃 If anyone has figured out a way to make their rules look prettier, let me know. 😜

Something weird going on with the rules because the accordion works on a page I made, but not on the rules. https://www.elimperiolatino.com/sandbox/

Haven't found much. On WordPress, I use this plugin https://plugins.twinpictures.de/plugins/collapse-o-matic/documentation/

Has anyone created a spoiler for rules? I found this: But it's showing "Reveal hidden contents" I'd like for it to show the rule on the label and then allow people to expand the rule to read the description. See https://www.elimperiolatino.com/guidelines/ in English (US). Any suggestions?

I wouldn't know because I was whitelisted when I configured my Google Adsense. My admins don't have access to Advertisements because I've restricted them from it and I definitely don't want anyone adding scripts to my AdminCP; so if it's blocking Administrators from doing that, I see that as a good thing. After you applied the changes I mentioned and cleared your cache like I said? Did they clear their web browser cookies and cache and have no images or links on their signature?

Neither Sucuri nor Invision have proper documentation at this time, so hopefully this thread will answer some questions. 🦉 0. Yes, that needs to get enabled on AdminCP > System > Advanced Configuration > Trust IP addressess provided by proxies? Sucuri's Firewall blocks third parties to prevent cross scripting attacks and unfortunately they don't have a way to whitelist third party URLs at this time. Twitter Style emojis are not hosted locally on your site. If you look at the source of a twemoji image like is it originates from: https://twemoji.maxcdn.com/2/72x72/1f64a.png Standard emojis like 🙊 shouldn't give you this problem and load faster on your site if you care about performance, but I prefer the twemojis because they look better. This can be changed on AdminCP > Customization > Emoji I found members were being blocked when: Members attempted to use third party images images including twemojis on forum posts or their signature. Using a forum without third party images would be horrible. And I've had cases in the past where spammers posted links to phishing sites and images containing viruses, so this is something you'll need to consider really carefully. I don't know how much I'm exposing my site and everyone using Sucuri for their Invision Community by posting this here, but I will do it only because I don't want you to spend a month trying to figure this out like I had to. I simply whitelisted if a string ended with do=edit$ on Sucuri's Firewall > Settings > Access Control > Whitelist URL Paths After doing so, I went into the my site's AdminCP > System > Posting > Links > Allow only the links specified and whitelisted a bunch of URLs. Admins attempted to edit a forum's description with third party images. I chose not to resolve this because the solution Sucuri suggested would expose my AdminCP and my Admins only seemed to get blocked when attempting to edit forums. I don't know what else you've been trying to do that you refer to as "normal admin stuff," but if you have any mods they may be causing the problem. If you're using SSL and you allow your members to insert dynamic images that might change from a third party, you should also go to your AdminCP > System > Posting > Remote images > Serve images from local server? > Insecure images (Recommended) Another dumb setting I found on Invision by default is AdminCP > System > Posting > Posting > Post Before Registering I strongly recommend changing that to Disabled. You should whitelist yourself before doing any updates, but other than that you shouldn't need to stay whitelisted. Also keep in mind that you will need to: Clear your Invision cache by going to AdminCP > System > Support > Get Support > What do you need help with? > Something isn't working correctly Clear Sucuri's CDN cache by going to Sucuri's Firewall > Settings > Performance > Clear Cache Clear your Web Browser's cookies and cache by pressing CTRL+SHIFT+DEL or CTRL+H And you will need to do so after every change your apply on your AdminCP or Sucuri. I keep my Sucuri Caching Level on "Site caching (using your site headers)" The "Enabled (Recommended)" caching option is too aggressive for forums. You might also find this mod useful: But I would wait until you resolve your Sucuri issues before implementing it. And while it does improve performance by leveraging browser caching, a change like that to your .htaccess could result in your members needing to clear their web browser's cookies and cache if you implement any major changes to your AdminCP or Sucuri. Sucuri's Firewall has A LOT of features. The latest thing I added as an idiot that caused my members to get blocked was switching my Referrer-Policy to origin I then learned that caused some issues and I currently have it set to same-origin on Sucuri's Firewall > Settings > Security > Additional Headers > Referrer-Policy I don't know if that's the "best" option for an Invision Community Refer Policy and if someone suggests something better let me know, but it seems to be working fine. I think it's a beneficial thing to have. I like the weekly reports which you can enable on your Overview > Email Reports Everything seems stable for me so far. I haven't had any members blocked this month. 🧙‍♂️

@Sheffielder The share image is an og:image if you look at your page source. 🙄 🤓 Invision has some pretty naming conventions for things.

Has anyone done a major upgrade like this before? I'm a bit confused on how this is done: What do you upgrade first? The plugins or the board?

@pequeno You don't need to use the og:image meta tag to add an image to all posts. You can upload a share image on AdminCP > Customization > Icons & Logos > Default share images. Note: You will need to clear your site's cache by going to the AdminCP > System > Support > Something isn't working correctly. And if you're using a CDN, which you should because CloudFlare is free if you don't want to pay for one like SiteLock or Sucuri, you will also need to clear the CDN cache. You will need to wait at least 2 minutes for the site's cache to get fully cleared before testing if the changes were applied. You can test the share image by using the Facebook Sharing Debugger or Discord. You can also check how your site will get displayed on Twitter with the Twitter Card Validator, but I didn't need to add any Twitter tags. Don't freak out if it's been 5 minutes and it still isn't showing. I've seen cases where I know I did everything correctly and because I had recently tested on Discord, apparently Discord cached my last shared URL so I had to wait like 15 minutes. Obviously if it's been 1 hour and it still hasn't shown, you've done something wrong like you might be missing other meta tags. To add your other meta tags, go to the AdminCP > System > Site Promotion > Search Engine Optimization > Meta Tags. Here is a screenshot of the ones I'm currently using: Same as with changing any Icons & Logos, you will need to clear the site's and CDN cache for the changes to get applied. You could technically create an og:image tag for every post under your Meta Tags using the Live Meta Tag Editor, but that's a lot of manual work so I'd use the plugin @opentype recommended if that's what you wanted.

All forums are high targets for attacks. I can comment on several CMS I've used where I know I did in fact get DDOS attacks, SQL injections, Cross Scripting attacks, etc. And the only way I know to deal with those is by having a CDN and WAF. Technically, no site is 100% safe. If someone really wanted to hack you, I'm sure they could find a way. If you wanted to scan your site to see what you could do to enhance your security, these free tools are useful: https://sitecheck.sucuri.net https://observatory.mozilla.org I strongly agree with this. The latest release of IPS has more security features than previous ones so I feel more safe with using it. These internet heroes are some trusted companies that can help you secure your site even more: CloudFlare SiteLock Sucuri CloudFlare's CDN is free and it is the most popular CDN on the internet. I've never used their WAF, but from what I've read it seems good. I've used SiteLock's WAF and it was great at blocking and removing stuff automatically. I can't comment on their CDN, but it should be good as well. Sucuri was acquired by GoDaddy, so it's cheaper to buy it as GoDaddy Web Security which includes both a CDN a WAF making it easier to manage all of your site's security from one place. The things I like the most about Sucuri include that they remove things by having a security expert manually scan your site, their exceptional customer service, their easy to understand documentation, and the fact their Dashboard makes it really easy for you to add additional security features. Other than that... YOU are the biggest risk to your own site. Try your best to follow internet safety guidelines like using different emails and passwords on different websites and keeping your phone and computer clean. Secure your emails, IPS Board, cPanel, etc. with Two Factor Authentication. Read EVERYTHING on your AdminCP and lock down your permissions. Do it like the military; if someone doesn't NEED access to something, don't give it to them. Backup backup backup! If a file doesn't exist in at least 3 places, it doesn't exist. Try to stay informed. These are some security blogs I follow: https://threatpost.com/ https://www.schneier.com/ https://krebsonsecurity.com/ You might also enjoy this thread: I'll probably be adding more to that as I continue developing my site. 🙂

We currently have these Social Profiles available to add to the bottom of our IPS4.4: Facebook Twitter Youtube Tumblr DevianArt Etsy Flickr Foursquare Github Instagram Pinterest LinkedIn Slack Xing Weibo VKontkte I'd like to add a few others like: Soundcloud Twitch Mixer It'd be nice to have an option to add costume one letting us upload our own images. 🙂

If it helps anyone, the problem was I selected "ea-php7x" instead of "alt-php7x" Message gone. Problem fixed. 😎 Amazing quick and descriptive support from my host. @Makoto Thanks for teaching me a thing or two and trying to help. 🤗 @Lucas James Thanks for trying to help. 🙃

🤔 I'm going to contact my host and see what they say. I'm using LiteSpeed and I rather have them restart it if needed in case it breaks.

It seems like it was on there already. Any idea of why the error might be still showing on the ACP?

I don't fully understand the steps on how to do that, otherwise I'd try it myself. Where do I go to edit my php.ini configuration? I would think these functions would show on "Select PHP Version" in cPanel where I see others, but these aren't listed there.

Does anyone have any experience getting rid of this message? I tried contacting my host and I can't remember whether they had fixed it or not. I switched to PHP 7.4 on cPanel, but it's not currently supporting ioncube and I noticed this warning again after switching back to PHP 7.3

I prefer www.mysite.com/forums because the first part of the URL wouldn't change and this makes it look like it's part of the same website. A subdomain might be preferable if you're trying to distinguish a separation like for example if you want to make it look like the news on your website are from the official website and everything else on the forum is community led content.

This explains so much. 😲 Support for this feature to be added. 👍 IPS 4 currently does not support any authenticated methods for Google to use to login. ☹️