media

We are well into development on IPS Community Suite 4.2 and are excited to start announcing all the new features and improvements.
Our next big release is focused on engagement with your members. You will see enhancements to our Reputation system, new ways to encourage people to register on your community, and enhancements to existing features to make them more interactive. There are also entirely new capabilities we cannot wait to show you ranging from new ways to organize content to tools to help promote your community.
Version 4.2 also features a refreshed AdminCP and default front-end design. Theme changes in 4.2 are mostly in the CSS framework so your existing themes will either work without issue or require minor changes to work in the new version.
Over the next several weeks we will be posting news entries with previews of upcoming features fairly often. Be sure to follow our News section, our Facebook, or Twitter to stay up to date.
We expect IPS Community Suite 4.2 to be out in mid-2017 with a public preview available sooner.
Everyone at IPS has worked very hard on this update and we think you will love it!

Version 4.1.17 is in the final stages of development and will be released soon!
Check out the release notes for the full list of what's new and our preview articles for details on some of the most interesting changes:
Better Analytics Integration Tag Quick Edit Default Warning Notes Custom RSS Feeds Word and Link Filters Leaderboard Moderation Improvements Security and Privacy Embeds and Integration We hope you enjoy all these new additions coming in 4.1.17 and be sure to read the release notes for many smaller changes. The big feature in 4.1.17 is the new Leaderboard which we really think will enhance your community.
If you like using pre-release beta versions, the public beta of 4.1.17 will be available in the client area on 28 November. We support betas on live installs with some exceptions so give it a try if you like to be first to try the new features!

Next week, IPS will be implementing the pricing changes to our product lineup that we published in 2015. In the spirit of Black Friday and Cyber Monday, we are extending an opportunity to purchase a new license or add new applications to your existing suite at 15% off our current pricing.
To take advantage of this offer, please use coupon code IPSPROMO16 at checkout. This promotion is active starting now and valid until 1 December 2016 (EST) and applies to new purchases only. We are unable to retroactively apply the discount.
This promotion also applies to Community in the Cloud for your first month of service!
If you’ve been waiting to purchase a new license or add products to your suite, this is the last opportunity to obtain this level of pricing! Happy shopping!

I'm pleased to announce we're finally ready to open our new Developers area. The aim of this project has been to improve our existing developer documentation by building a central place to contain it, as well as update and expand the content available.
As of today, we have the regular documentation and REST API documentation ready to use. Over the coming weeks and months, we'll be expanding what's available further, going into more detail about the tools available within the framework. We've also started work on comprehensive Getting Started guides, that will walk you through simple developer projects from start to finish - these will be available soon, once they're complete.
If there's a particular aspect of IPS4 development that you don't feel is adequately catered for right now, please let us know! This will help us direct our efforts to the most useful places.
Enjoy!

We are improving our integration options with analytics tracking services to better track and credit all page views. Our focus here was to add the ability for IPS Community Suite to communicate with your analytics tracking provider of choice when it does page change events that do not otherwise get tracked.
Some tracking providers do not understand that an inline AJAX page load (one that loads new content without a full page refresh) should still count as a new page. Even though your browser did not do a full reload, all your content is different so it should count in your metrics.
To solve this issue, IPS Community Suite can now automatically put in custom code to execute on pagination. We include Google Analytics and Piwik code by default and there is also an option to include your own custom pagination event code for other services.

Analytics in AdminCP
If you already have your Google Analytics code in our existing (basic) analytics system then the Suite will detect this on upgrade and automatically enable the new pagination tracking. The screenshot above shows the "Other" option if you do not use Google Analytics or Piwik. If you have other providers you want us to consider just post a feedback topic.
Note: be sure that you embed Google Analytics into your Suite using the built-in analytics system. If you simply pasted the code into your theme templates then we cannot automatically enable the new tracking.
We hope this new feature allows for easier integration with analytics tracking providers and also gives you much better insight into your traffic by properly counting all the page views you may currently be missing out on!
 
This change will be in version 4.1.17 which is scheduled to be released in early December 2016.

Tags are a powerful feature in IPS Community Suite 4 and we have seen clients using them in many ways to enhance content discovery on their site. Adding tags to an item is quite easy but modifying them after the fact requires you to edit the root content item. Not only is this tedious but it also then shows an edited-by line for that item even if all you did was change a tag.
To make this process more user friendly we now have the ability to quickly edit tags when viewing any content item. When you view an item that has tags enabled and you have permission to edit then you will see a link to edit tags.

Tag Quick Edit
That brings up an input box where you can manage your item tags without leaving the page to a full edit screen.

Tag Quick Edit Input
We have been testing the feature for a few weeks internally and it has already saved us time as we tag our discussions. But beyond that, and I think more important, is the fact that we find we are using tags more often. More use means more organization and filter possibilities of your content which is a great thing for busy, data-drive communities.
So we hope that not only will controlling your tags be faster an easier but you too find you use the tagging feature more often with this small but useful change.
 
This change will be in version 4.1.17 which is scheduled to be released in early December 2016.

When a moderator is warning a user they can already input a reason for the warning. However, on busy sites this can get quite tedious plus you also may want some content in there such as your Terms of Service to highlight the member's reason for a warning.
We have added a new default warning note for the warning actions. This allows the admin to setup these notes to pre-populate for the moderator when they select a warning reason. So you might input an admin-approved message, highlight the section of the rules your member violated, or for corporate clients you might include some notice from your legal department.

Admin Configuration
On the front end the moderator will see that content as a pre-filled area in the notes box but the moderator can still edit it to the specific situation.

Moderator Warning Panel
We think this will streamline moderation particularly on busy communities. Admins will be able to define how to approach certain member situations to balance keeping your community running smoothly with the importance of looking professional and polite when you do have to take action on a member. Moderators will also be able to speed up their work by simply clicking a post, selecting a reason, and submitting the warning. No typing needed.
 
This change will be in version 4.1.17 which is scheduled to be released in early December 2016.

There are now two ways to get outbound RSS feeds in IPS Community Suite: Activity Streams and a new Custom RSS Feeds feature we are introducing.
Every Activity Stream you create also creates a related RSS feed. However, Activity Streams take into account recent activity and unread status per-user which you may not want if you want a simple, raw feed of content by date. The new RSS Feeds feature uses similar filter settings to Activity Streams but does a traditional by-date approach to the feed. It also only reports on the initial creation of a content item and does not update based on replies.

Configure RSS Feeds
You can finely select various content settings including selecting just certain categories within an application. So you might create an RSS feed that includes only content from an announcements forum and your blog section which would then be a total feed of all the news on your site.
RSS feeds are useful in the traditional sense for people to subscribe to a feed on your site but they are also useful for integration. Many clients use RSS feeds to pull content into external sources to embed content on a different site, mobile app, or other systems. For those of you looking for even tighter integration with external systems, be sure to check out our REST API.
 
This change will be in version 4.1.17 which is scheduled to be released in early December 2016.

We are changing the existing Profanity Filters feature to become the new Word Filters feature. This change will allow you to define words that will initiate a moderator review before content is posted. With creative use of this new feature you can actually have the Suite self-moderate certain posts.
Right now the Profanity Filters are pretty basic. If you enter "stopword" you can have it change to *****. That's fine for basic profanity but sometimes you want to do other actions with a word. Perhaps someone might mention a competitor, you see common spam words, or you run a site targeted to children and want fine control over what is posted. There are a lot of reasons a simple replace word with *** might not be what you want.
Word Filters introduce an option to let you say "stopword" places a post in moderation queue.

Word Filters
So now you can define a list of words that are not necessarily profanity but are words you want to review if they are posted.
We have also extended this logic to the URL Filters which are now just called Links in the AdminCP configuration. You can now disallow all links and have a post go to approval if someone does post a link. This is also useful for sites where you need really tight control on content either for security or privacy reasons.

Link Options
With the new Links feature you can also set allow/disallow list of allows links and if someone posts a link outside those lists (depending on your mode) the post will go into review.
We hope these features allow you to introduce a bit of automatic moderation to your community and you can come up with creative ways to capture posts that need review either for security, privacy, or just keeping things in order.
 
 This change will be in version 4.1.17 which is scheduled to be released in early December 2016.

We are excited to announce the Leaderboard as the latest all new feature of IPS Community Suite. The new Leaderboard is designed to better highlight your most active members and content based on reputation and other metrics. The Leaderboard will greatly enhance both member and content discovery on your community.

Leaderboard Home
First you will notice the new feature of member leaders based on a specific time frame. In the example above it is set to All Time showing those members with the most reputation overall on your community. It also shows the content with the most reputation for the same timeframe so you get a snapshot of both popular members and popular content in one view.

Past Leaders
The Past Leaders tab shows the "winners" of each day in a history. The system counts all reputation made each day and logs the members who had the top reputation counts that day. Using reputation rather than post count encourages your members to post quality of quantity which is really important to any site.

Winner Profile Badge
Those who win the day also get a badge on their profile page to highlight that they were the member with the most reputation for a particular day.

Top Members
Top Members shows you a list of all members sorted by various metrics. By default you will see members sorted by reputation but you can also easily sort by total post content Suite-wide or per-app. All of these views can be linked directly to so if you wanted a menu item to show members who post the most files in Downloads you can just directly link to that sort view.

Leaderboard Settings
There are various settings to control the default behavior of the Leaderboard. You can define the default view and how many members to show which is helpful to tailor it to your needs.
We hope you enjoy this initial launch of the new Leaderboard feature. We are excited about the new content and member discovery abilities this offers and look forward to adding new options to the Leaderboard as we continue to develop!
 
This change will be in version 4.1.17 which is scheduled to be released in early December 2016.

IPS Community Suite 4.1.16 is nearing the end of development so I wanted to go over some of the new features in this upcoming release. Some are big and some are small but we always enjoy making any sort of enhancements to the Suite.
We expect 4.1.16 to go to public beta next week. If you are interested in using a public beta please check out our beta forum (clients only) with more info. We welcome as much testing as possible and our betas are considered safe to use on a live site. We do offer support for betas so, if you are technically minded, consider giving them a try.
Commerce: New Ticket Listing
We have redesigned the ticket listing view in Commerce to be much more user friendly and better use screen space. You can also now group by department which is great for organization.

 
Much like Activity Streams on the front end you can create custom views for tickets based on how you work.

The new My History view allows staff to quickly see their latest replies and actions along with some basic stats.

There are many other smaller improvement in Commerce in 4.1.16 as well. We think you will enjoy all the updates.
Security Questions
To enhance the security of your member accounts we now have a new security questions feature where you can allow your members to put in their own, personal security questions. The member will then be prompted to answer those questions for account actions you define.

Account Change Emails
Members will now receive confirmation emails when they change their email address...

and their password...

Topics per Page
You can now define the number of topics per page in forum view.

Remove all Followers
Moderators can now remove all followers from any item that allows follows. This is useful if you are archiving an old item or otherwise do not want people getting notified of new activity on an item.

Automatic Following
Your members can already choose to automatically follow content they start or reply to but now you can define this as the default behavior for all members. Your members can of course override this to their own preference.

Embed Failure Message
To answer the constant question "why didn't my media embed?" we now show you why. Regular members will just see a message indicating the Suite tried to embed but was not able to. Admins will get more information on what failed.

Suspended Member Page
When you banned/suspended a member previously they simply saw a generic permission denied message. We now show a more friendly page saying they were suspended and why.

The member can click to get the full information from the Warning System as well.

Contact Us
The contact us page now has configuration options to control where messages are sent. You can do email and even Commerce support departments now.

Announcements
Global announcements can now be restricted by member group.

And some technical stuff...
In addition to the new feature additions we have also fixed dozens of issues reported by clients. There was a particular focus on Commerce, Pages, and IPS Connect. Some other items of note:
Performance improvements in: profile view, sitemap generator, posting replies, and Activity Streams We now try to more reliably detect the AWS S3 endpoint for those using S3 file storage Tasks view will now show the last time a task ran More efficient license key checking to keep the keys from being checked too often which can slow your site down If group promotion based on date is enable the system will now auto-promote even if a member does not login If you move your site to a new URL you no longer have to update a constant if using the image proxy You can now press ctrl/cmd+enter in any editor window to submit the reply (yay!) In Commerce ticket view there are keyboard shortcuts to perform common actions (such as press 'r' to open reply box or 'n' for note) There is now logic to prevent double-posting when the initial post encounters an error on submit If your datastore (cache system) is not working properly the AdminCP will now show you a warning telling you that it needs attention.    

We are releasing a patch for IP.Board 3.4.x and IP.Nexus 1.5.x to address two potential security issues brought to our attention.

It has been brought to our attention that an open redirect exists within IP.Nexus which might allow a user to redirect other users to a remote site of their choosing through IP.Nexus. Additionally, an issue has been brought to our attention where-by sensitive user data may be exposed in certain circumstances.


To apply the patch
Simply download the attached zip and upload the files to your server. This single zip file includes the patch files for both IP.Board as well as IP.Nexus.
 
patch-34x-05252016.zip
 
If you are an IPS Community in the Cloud client running IP.Board 3.4 or above, no further action is necessary as we have already automatically patched your account. If you are using a version older than IP.Board 3.4, you should contact support to upgrade.

If you install or upgrade to IP.Board 3.4.9 after the date and time of this post, no further action is necessary as we have already updated the main download zips.

Security should never be an afterthought for your community. All too often, site owners consider beefing up their security only when it's too late and their community has already been compromised. Taking some time now to check and improve the security of your community and server could pay dividends by eliminating the cost and hassle of falling victim to hacking in the first place.
Let's run down 7 ways that you can protect your community with the IPS Community Suite, from security features you may not know about to best practices all communities should be following.
 
1. Be selective when adding administrators
Administrator permissions can be extremely damaging in the wrong hands, and granting administrator powers should only be done with great consideration. Granting access to the AdminCP is like handing someone the keys to your house, so before doing so, be sure you really trust the person and that their role requires access to the AdminCP (for example, would moderator permissions be sufficient for the new staff member?).
Don't forget to remove administrator access promptly when necessary too, such as the member of staff leaving your organization. Always be aware of exactly who has administrator access at any given time, and review regularly. You can list all accounts that have AdminCP access by clicking the List Administrators button on the System -> Security page.
2. Utilize Admin Restrictions
In many organizations, staff roles within the community reflect real-world roles - designers need access to templates, accounting needs access to billing, and so forth. IPS4 allows you to limit administrator access to very specific areas of the AdminCP with the Admin Restrictions feature, and even limit what can be done within those areas. This is a great approach for limiting risk to your data; by giving staff members access to only the areas they need to perform their duties, you reduce the potential impact should their account become compromised in future.
3. Choose good passwords
This seems like an obvious suggestion, but surveys regularly show that people choose passwords that are simply too easy to guess or brute force. Your password is naturally the most basic protection of your AdminCP there is, so making sure you're using a good password is essential.
We recommend using a password manager application such as 1password or LastPass. These applications generate strong, random passwords for each site you use, and store them so that you don't have to remember them.
Even if you don't use a password manager, make sure the passwords you use for your community are unique and never used for others sites too.
4. Stay up to date
It's a fact of software development that from time to time new security issues are reported and promptly fixed. But if you're running several versions behind, once security issues are made public through responsible disclosure, malicious users can exploit those weaknesses in your community.
When we release new updates - especially if they're marked as a security release in our release notes - be sure to update as promptly as you can so you receive the latest fixes. Your AdminCP will also let you know when a new version is ready for download.
5. Use .htaccess protection for your AdminCP
In addition to IPS4's own AdminCP login page, you can set up browser-level authentication, giving you a double layer of protection. This is done via a special .htaccess file which instructs the server to prompt for authentication before access to the page is granted. IPS4 can automatically generate this file for you - simply go to System -> Security in your AdminCP, and enable the "Add a secondary admin password" rule.
And it should go without saying, but to be clear: don't use the same username or password for both your .htaccess login and your admin account, or the measure is redundant!
6. Restrict your AdminCP to an IP range where possible
If your organization has a static IP or requires staff members to use a VPN, you can add an additional layer of security to your community by prohibiting access to the AdminCP unless the user's IP matches your whitelist. This is a server-level feature, so consult your IT team or host to find out how to set it up in your particular environment. If you're a Community in the Cloud customer, contact our support team if you'd like to set up this protection for your account.
7. Properly secure your PHP installation
Many of PHP's built-in functions can leave a server vulnerable to high-impact exploits, and yet many of these functions aren't needed by the vast majority of PHP applications you might run. We therefore recommend that you explicitly disable these functions using PHP's disable_functions configuration setting. Here's our recommended configuration, although you or your host may need to tweak the list depending on your exact needs:
disable_functions = escapeshellarg,escapeshellcmd,exec,ini_alter,parse_ini_file,passthru,pcntl_exec,popen,proc_close,proc_get_status,proc_nice,proc_open,proc_terminate,show_source,shell_exec,symlink,system Another critical PHP configuration setting you need to check is that open_basedir is enabled, especially if you're hosted on a server that also hosts other websites (known as shared hosting). If another account on the server is comprised and open_basedir is disabled, the attacker can potentially gain access to your files too.
Naturally, Community in the Cloud customers needn't worry about either of these steps - we've already handled it for you!
 
So there we go - a brief overview of 7 common-sense ways you can better protect your community and its users. As software developers, we're constantly working to improve the behind-the-scenes security of our software, but as an administrator, there's also a number of steps you should take to keep your community safe on the web.
If you have any tips related to security, be sure to share them in the comments!

When IPS4 encounters an error (be it a simple 404 Not Found or a more complex configuration issue), the user sees a standard built-in error page. That's fine in many cases, but did you know you can create your own error page using our Pages app?
This is a particularly good approach for communities that use Pages for their website too. If you have built a website theme, the standard error page may not fit with your visual style, so building your own error page allows you to improve it. You might want to show some helpful links to other parts of your website, for example.
 
Creating your error page
The first step is creating your error page in Pages. Note that for this page, you must create a manual page - the Page Builder tool can't be used in this case.
In order to show the error on your page, there's two special tags you should insert in the page content. When your page is shown in response to an error, Pages will swap out these tags for the relevant text. They are:
{error_code}
Replaced with the technical error code for this error. This code identifies the exact piece of code that triggered the error, and can be given to IPS support technicians to help diagnose problems. {error_message}
Replaced with a human-friendly description of the error that occurred.  
Configuring Pages to use the error page
Next, set Pages to display the error page. You do this in the Pages section; click the Advanced Settings button, and select your page from the list. Note that this will replace all error pages across the suite - not just errors triggered by Pages itself!
 
Have a request for a theme tip? Let us know in the comments and we'll try and help out in a future tip! 
 

HTML Logic is our name for the additional tags available in IPS4's templates that allow runtime logic to be executed. It comprises if/then/else statements as well as loops and more.
Since HTML Logic has access to all of the underlying PHP framework in IPS4, it's very powerful and a lot can be achieved with it. One common use is to limit certain content within a template to particular member groups. Let's see how that might be done.
 
Showing or hiding content only to guests
We'll first look at a simpler idea: showing or hiding content specifically to guests (i.e. anyone who isn't logged in). Within IPS4, the \IPS\Member::loggedIn() object contains information about the current user. Guests always have a member_id of NULL (i.e. no value), so we can simply check that value in our logic tag:
{{if \IPS\Member::loggedIn()->member_id === NULL}} This content *only* shows to guests, since they have a NULL member_id. {{endif}} {{if \IPS\Member::loggedIn()->member_id}} This content *only* shows to logged-in users since their member_id is a number, which will equal true. {{endif}}  
Showing content only to specific groups
Let's go a bit further and this time show content to specific (primary) member groups. First, you need to get the IDs for the group(s) you want to deal with. You can find this by editing the group in the AdminCP, and making a note of the id parameter in the URL. On my installation, the Administrator group is ID 4 so we'll use that in our example.
Once again, we're using the \IPS\Member::loggedIn() object, but this time we're using the member_group_id property.
{{if \IPS\Member::loggedIn()->member_group_id === 4}} This content only shows to members in the "Administrators" group (ID 4 in our example) {{endif}}  
Working with multiple groups at once
Following the code above, you could simply repeat the check against \IPS\Member::loggedIn()->member_group_id several times, for each ID you want to allow. However, since our templates allow arbitrary PHP expressions to be used, there's a neater way: use an array of member group IDs you want to allow, and check against that using PHP's in_array function. Here's an example where we only show content to group IDs 2, 4 and 6:
{{if in_array( \IPS\Member::loggedIn()->member_group_id, array( 2, 4, 6 ) )}} This content only shows to members in groups with the ID 2, 4 or 6. {{endif}}  
Have a request for a theme tip? Let us know in the comments and we'll try and help out in a future tip! 

Many of the regular visitors to our community won't have failed to notice the new look we launched last week. Now that the dust has settled, I thought it was a good time to explain why we've made the change.
Streamlined access to everything we offer
Ever since IPS was founded in 2002, our community has been distinct from our website. The community is also where we kept all kinds of resources, from guides to the Marketplace. For those customers who know us well and enjoy hanging out in our community (and we have many who have been with us since that day in 2002!), this is no problem. Unfortunately, the downside is many new and potential customers didn't see everything we have to offer: all the wonderful addons our contributors offer, additional support resources, plentiful advice from other community administrators, and more.
In addition, we've always used the default theme that our software ships with, but with our self-service demo system now being the primary way new customers get to try out our software, this has become less important.
So, we took the decision to move some parts of the community to the website for more exposure and easier discovery by new visitors. We made some tweaks to our navigation so that finding these areas is easier than before. And, of course, we've brought the website header over to the community, giving it a fresher look and more consistent navigation, wherever you happen to be on our website.
Of course, all of our website is built in IPS4, as you would expect. Whereas before our website existed on a separate installation, as part of the update we merged our community and website together. This means you can sign in from anywhere, see your notifications and so on.
This is just the first step we've taken on improving what we offer and how we offer it. We have many plans in progress. You may have seen the theme tip we posted this week, which is the first in a series of regular tips we'll be sharing to help you get the most out of the IPS Community Suite. We'll also be highlighting some of the incredible work our customers do, whether it's a unique use of our software, or something in our Marketplace that adds a great feature.
Stay tuned!

Activity Streams were first introduced in version 4.1 and have been very well received by people who enjoy all the flexibility they create in filtering and sorting content in a community for easy discovery of what is being posted.
As with any new feature, we received a lot of feedback and have had time to take that in and make improvements to mature the Activity Streams with key changes in 4.1.9 being interface, performance, and bug fixes in the system.
One recurring theme we heard were people saying "the new Activity Streams cannot do..." when actually they could do it but the options were not obvious. We used to have the options in a large drop down box that users could edit and then save to update their Stream. This meant that options were not clearly visible and therefore people did not even know all the powerful settings available to them. So in 4.1.9 we have moved those options into a new dynamic filter bar.

With the new filter bar you see all your options available right there. We also changed the interface so Streams instantly update when you make a change. You no longer have to click save and update, wait for interface to collapse, and so on. Now your changes instantly update your Stream.
When you do change your Stream settings a save button appears prompting you to save your new selection. You can choose to save if you like the new options or not if it is just a temporary change you made. If you edit filters on a stream you do not own then it will prompt you to save your options as a new stream.
 
We hope you enjoy this more dynamic approach to Activity Streams.