niKee reacted to Matt for an entry, 4.4: SEO Improvements
It's been said that the best place to hide a dead body is on page 2 of Google.
While we can't promise to get you to page 1 for a generic search term, we have taken some time for Invision Community 4.4 to do an SEO sweep.
Moz.com defines SEO as "a marketing discipline focused on growing visibility in organic (non-paid) search engine results. SEO encompasses both the technical and creative elements required to improve rankings, drive traffic, and increase awareness in search engines."
We have the technical skills and were fortunate enough to have Jono Alderson of Yoast lend his time, knowledge and vast experience to improve our SEO.
This blog article gets a little technical. It's completely fine to leave at this point with the comfort of knowing that Google will be a little happier on your site with Invision Community 4.4.
The majority of the changes are designed to send stronger signals to Google and friends over which content to slurp and which to look at a bit later.
Still here? Good. Let us roll up our sleeves and open the hood.
The most visible change is that we've taken pagination out of query strings and placed it in the path.
For example, the current pagination system looks a little like:
Which is fine but it gets a little confusing when you add in a bunch of sort filters like so:
A better approach would be to make a clear signal to both Google and humans that pagination is a separate thing.
Invision Community 4.4 does this:
Not only is this good for search engines, but it's also good for the humans too as it is more readable and no longer confused with filter parameters.
Of course, we ensure that the old style pagination is redirected (via a 301 header) to the new pagination URL automatically so nothing breaks.
These tags are a way of telling search engines that a specific URL is the 'master copy' of a page. This helps prevent duplicate content from being indexed.
Without it, you are leaving it up to the search engine to choose which is the master copy of the page.
yoursite.com/community/forums/123-forum/ and yoursite.com/community/forums/123-forum/?sort=desc&field=time may show the same content but have different URLs.
By setting the canonical tag to point to yoursite.com/community/forums/123-forum/ regardless of filters sends a strong signal to the search engines that this is the page you want to be spidered.
Invision Community sets these tags in many places, but we audited these in 4.4 and found a few areas where they were missing.
For example, viewing a member's profile doesn't always set a canonical tag which may confuse search engines when you click on "View Activity" and get a list of content items.
When an application or website wants to tell the visitor that the page they are looking for doesn't exist, it sends a 404 header code along with a page that says something "We could not find that item" or "No rows available".
If a search engine spiders a page that looks like a 404 page, but it doesn't have the 404 header code, it logs it as a "soft 404".
Given the short amount of time Google has on your site to discover new content, you don't want it to hit many soft 404s.
Invision Community 4.4 omits containers (such as forums, blogs, etc.) that have no content (such as a new forum without any topics yet) from the sitemap, and also adds a 'noindex, follow' meta tag into the HTML source.
Google will periodically check to see if the status of the page has changed and happily slurp away when content has been added.
Although the changes listed here don't deserve their own section in this article, they are no less important.
We have audited the new JSON-LD markup added to Invision Community 4.3 to help search engines better understand the relationship between pages.
The profile view in Invision Community contains a mix of information pertinent to the member and content they've authored.
We've ensured that the content areas are using a specific URL, with appropriate canonical tags. This will help reduce confusion for search engines.
If you made it this far, then well done. It's time to slam the hood closed and mop our collective brows.
These changes will certainly help Google and friends spider your site a little more efficiently and have a clearer idea about what pages and data you want to be indexed which can only improve your ranking.
niKee reacted to Rikki for an entry, How to lock down and keep your community secure
Making security considerations a key part of your community setup and maintenance can save you from many future headaches.
You've worked hard to get your community moving. Don't make yourself an easy target and undo that work.
Here’s our current advice to our customers.
1. Enable HTTPS
HTTPS is fast becoming the standard way to serve websites. In 2016, more than 50% of web requests were served under HTTPS for the first time. Chrome and Firefox now explicitly warn users on login forms that aren’t sending data over HTTPS, and it’s not hard to imagine that in the near future all insecure pages will receive the warning.
HTTPS simply means that website data is served over a secure connection and can’t be read or tampered with by a ‘middle man’ hacker. You can identify a site using HTTPS because the address in your browser will show ‘https://’ (instead of http://), and normally a lock icon or the word ‘secure’.
Invision Community supports HTTPS by default simply by changing your base URL configuration to include HTTPS. Of course your web host will need to support it as well and our Invision Community Cloud services support it by default. Contact support if you have any questions.
Recommendation: Set up HTTPS for your entire community to prevent ‘man in the middle’ attacks.
2. Set up Two Factor Authentication
Invision Community supports Two Factor Authentication (2FA for short), and we highly recommend making use of this feature for your users, but especially for your administrator staff.
2FA is a system that requires both a user’s password and a special code (displayed by a phone app) that changes every few seconds. The idea is simple: if a user’s password is somehow compromised, a hacker still wouldn’t be able to log in to the account because they would not have the current code number.
You may already be familiar with 2FA from other services you use. Apple’s iCloud, Facebook and Google all offer it, as do thousands of banks and other security-conscious businesses.
Invision Community supports 2FA via the Google Authenticator app (available for iOS and Android) or the Authy service, which is able to send codes to users via text message or phone call. You can also fall back to security questions instead of codes.
You can configure which members groups can use 2FA, as well as requiring certain groups to use it.
Recommendation: Require any staff with access to the Admin Control Panel or moderation functions to use 2FA, to ensure that no damage can be done should their account passwords be discovered. Allow members to use 2FA at their discretion.
3. Configure password requirements
The password strength feature displays a strength meter to users as they type a new password, showing them approximately how secure it is, as well as some tips for choosing a good password.
While you can leave this feature as a simple recommendation for users, it’s also possible to require them to choose a password that reaches to a certain strength on the meter.
Recommendation: Require users to choose at least a ‘Strong’ password.
4. Use Admin restrictions
It’s very common that many different staff members need access to the Admin Control Panel depending on the role. You may have design staff, billing staff, community managers, and so on, all with particular tasks they would like to achieve.
Invision Community can help improve the security of your Admin Control Panel by allowing you to restrict the functions available to each administrator, granting them access to only the tools needed to do their job.
Recommendation: Audit your community’s administrator accounts and applying restrictions where it makes sense to do so.
5. Stay up to date
It’s important to ensure you’re always running the latest release of Invision Community. With each release, we add new security features, audit code and fix any issues reported through responsible disclosure. Falling behind can therefore make your community a tempting target for potential hackers.
Your Invision Community Admin Control Panel will let you know when a new release is available, and you can also check out our Release page to track releases.
For our Enterprise customers, we’ll automatically apply updates for you shortly after release as part of your plan. For our self-hosted and Cloud customers, you can easily apply new updates via the Admin Control Panel with a couple of clicks.
Our Invision Community Cloud contains all best practices for security. However, if you are self-hosted, be sure to work with your web host to ensure your server is setup properly. Ensuring that server software, firewalls, and access controls are in place is very important as an insecure server can be your worst enemy.
Recommendation: Aim to install latest updates as soon as feasible.
6. IP address restrictions
For organizations where staff are centrally-based in one location, or are required to use a VPN, you can improve your community security by restricting access to the Admin Control Panel to the IP addresses your staff will be using. This is a server-level feature, so contact your IT team to have this facility set up your installation. Enterprise customers who wish to utilize IP restrictions should contact our Managed Support team, while Cloud customers can submit a support ticket to have this set up.
Recommendation: Where staff all access the community from a small number of IP addresses, restrict Admin Control Panel access to those IPs.
Don’t leave security as an afterthought. Invision Community includes a range of tools to help you ensure your data and members protected, as well as industry-standard protections ‘under the hood’. Make use of these features, and they’ll help ensure the wellbeing of your site.
As always, if you have any questions or need advice, our support team are on hand to assist you.
niKee reacted to Charles for an entry, Invision Community 4.3 Coming Soon
Our recent release of Invision Community 4.2 was the most well-received version ever! The feedback we received on new features like Clubs, Reactions, and Promotes was better than we could have hoped and we really enjoyed seeing all the creative uses as people implemented them on their own communities.
We have been hard at work on version 4.3 with a goal of improving on all the great new features. It is well under way and we are happy to able to start announcing what's new over the next few weeks.
Invision Community 4.3 will not only contain new features but also have a core focus on refinement from 4.2's new features. You will see many improvements to Clubs, new integration options, large application improvements, new promotional features, and more changes large and small.
You can expect to see news posts about new features and changes very soon with a release date in early 2018. Follow our news section or subscribe to our newsletter to receive updates.
niKee reacted to Charles for an entry, New: Two Factor Authentication
We have had a question and answer feature in IPS Community Suite for some time and we are now happy to add Google Authenticator as another option. We have also combined the various options it a new Two Factor Authentication (2FA) section in the AdminCP with many more options.
Two Factor Authentication Settings
There are also new settings to control when a user is required (or not) to setup 2FA:
You can control what areas will prompt for 2FA authentication:
2FA Area Control
And how the system should recover if a user cannot login via 2FA on their account:
2FA Recovery Settings
An administrator can configure these settings to tailor the security needs of their community. For example, you might want to require 2FA your admins and moderators but keep it optional for your members.
On the front end your members will see a new Account Security section under their settings area.
Account Security Settings
Once authenticated, a user will then be able to enable various security options. For example, the Google Authenticator setup shows an easy to follow setup.
Google Authenticator Setup
We hope you enjoy this new level of system security. IPS has plans to add additional 2FA providers beyond Question and Answers and Google Authenticator. We will keep you updated!
This change will be in version 4.1.18 which is scheduled to be released in late January 2017.