CoffeeCake

If you have Pages, you could create pages for these special URLs and use the URL option to point to the corresponding page entries you have (rather than the built in options created for you). This would retain the menu and account bar.

Do you have any social logins enabled? For example, facebook/Twitter/Google/Apple/Microsoft/etc. We saw this issue with members who created a social account but then wanted a separate account password.

This is default behavior in the default theme with 4.5 (and earlier?). Here, they're using a customized theme from the default that behaves differently. There is no setting to change this behavior, however you could install or create a custom theme that addresses this. No idea why it is the way that it is, but confirming it's not just you.

You'll want to open a support request and work to get to the bottom of why the issue exists and resolve it. The notifications are important messages that alert you to something not working as it should. Do you have your cron set to run once per minute? Is your web server or MySQL server underpowered, causing long running processes?

Understood, yet by doing so, my concern is that you'd only be adding the impression of additional security, without actually taking measures that would achieve what you appear to be setting out to do. Remember that anything you can control within the ACP, can be controlled by a malicious actor by virtue of exploiting a vulnerability in the software and elevating access. By taking these mitigations to other layers of your stack, you'd achieve the same result in a more hardened manner. Now, to bypass your restrictions, the malicious actor would need to compromise your web server's configuration, your filesystem, and your firewall solution, rather than just get elevated access through a security issue or brute force attack via IPS. I'd encourage you to strongly consider hiring a consultant to do those things for you according to best practices if time is the issue, rather than hire someone to develop a plugin or application that can simply be disabled and does little to protect your community in the end.

The behavior is cookie based, so if you're not accepting cookies (or switching browsers/devices/etc.), you won't see your draft content. It is not saved in the site's database.

Hi there, I'm not sure you need a plugin/resource to accomplish what you're seeking to do. Are you aware that you can alter the path of the Admin CP via a setting in constants.php? See: CP_DIRECTORY This would address requirement #4 in your list. For #3, you can remove the link from the theme to the ACP. I'd encourage you to look into authorizing access to known IP addresses at the server or firewall level for requirement #7 and blocking all other traffic. If you are trying to prevent malicious actors from gaining elevated access, I'd encourage a multi-layered approach. You can do things like automatically block traffic for any connections attempting to access URLs that they have no business accessing (i.e. if they try to hit /admin, or /wp-login.php). CDNs offer things like this as well out of the box. Best not to put all your eggs in one basket!

We use Cloudflare, and only accept inbound connections via Cloudflare's proxies: https://cloud.google.com/network-connectivity/docs/cdn-interconnect#providers

"Malformed communication packet" is a good clue (that message is coming from MySQL): https://dba.stackexchange.com/questions/102567/sql-error-2027-malformed-packet For 500 server errors, you'll likely be wanting to look at the various logs maintained by your web server (apache, nginx, etc.), php error logs (enable them temporariliy if you have them disabled), your MySQL logs, and your general server logs (system/messages/etc.). Reviewing these for errors will give you clues as to root causes. Use command line tools like tail, less, and grep to find relevant entries in text log files. You typically can only look at the most recent entries, which tail, piped into less would be a great start. Type "man <command>" to read the documentation.

It would be fantastic to have the option not to count advertisement impressions per campaign/ad. What a ridiculously large number that is meaningless to us for network/third party use, and I imagine the overhead of updating that count is rather not worth it.

Yes, we use Google Cloud SQL for the SQL backend and Compute Engines for the frontend to host our large community. We use standard distro linux servers in Compute Engine, without any sort of plesk/cPanel/etc. If you're only comfortable using something like that, then you have the freedom and ability to provision accordingly. It may be possible to use App Engine for the front end, however we did not go that route. We do not host anything other than our Invision community on our IPS-specific instances, and for other projects, create separate instances as needed. We have a number of administrative web-based tools that run on separate SQL and engine instances. In our situation, isolating these things from each other makes sense. We were able to significantly reduce costs compared to what we were paying with leased dedicated servers through what's now IBM's datacenter offering, and can take advantage of the ability to quickly scale. It also helps us with our testing environment, as we can quickly spin up copies of production for testing upgrades and new extension/application deployment. As GCP offered an initial credit for new customers, we were able to get a sense for average cost and correctly size our instances during the trial period without the risk of actual costs incurred while we tested things out and continued running our legacy infrastructure. Highly recommend. We have not tried Azure nor Amazon's offerings, so I can't speak to comparison on that end.

I believe this plugin handles this: It may just address the username+anythingyouwant@gmail.com variant though.

Yes, I'm sure this would be possible.

False advertising! Realism settings 2/10. That this plugin does not offer the option to play the sound of in-sink electric disposal upon deleting content is a crime against humanity. Edit: AND there's no built in dish soap dispenser!

@PlanetChristmas, I've reported this as a bug beginning with 4.5. If there is only one location point, the default view is entirely too zoomed in to be useful. It was noted in that support request (#67145) that a proposed fix was made, to make it in some future version. This was a month ago though. Not sure if the fix was included in 4.5.4. There's nothing in the release notes that indicate that it was. @bfarber: did you get rejected like me at prom?

If you're sure you changed both like_ and react_ version of that string, I'd open a support request. Looking at the source code, I don't see any hardcoded "and"s that jump out as obvious in the blurb bits.

The same error code? 1ZD100? That is not in the IPS core suite. If I had to take a stab, I'd say it was a custom Zendesk integration IPS is using in the "Client area" install of IPS.

Matteo, You have some options! If you are not on 4.5, make sure you install the following extension (this is built in to 4.5--make sure you have Captcha setup): Additionally, you may be able to filter spam at your mail server before it's parsed by Commerce. Using something like sendgrid integration will give you an option to filter for spam. We've been successful at eliminating it entirely (except for those spammers that directly are filling out the contact form with a human, but these are far and few between), and we have very well known e-mail addresses on a very large community that has been online for decades. Edit: Almost forgot, we also parse our e-mail through GSuite (or whatever it's called nowadays). Emails are received and then forwarded to sendgrid before being imported into Commerce, with the advantage of Gmail's spam heuristic filters kicking in as well.

<word key="like_blurb_others_secondary" js="0">and {# [?:more]}...</word> <word key="react_blurb_others_secondary" js="0">and {# [?:more]}...</word> Take another look at "react_blurb_others_secondary" and "like_blurb_others_secondary." Both of these contain the word "and." Noting, that I don't know what the difference between "like" and "react" is here, but my guess is the like one is the one you've missed.

I don't think you understood. If you label someone as "banned," yes that would have a negative connotation. Maybe, in a community where people like to be admonished, that's a not a bad thing. Who are we to judge? However, what I said was (emphasis added): If you translate "banned" so that everywhere it appears on IPS, the word is replaced with "Member Requested Account Deactivation," there is no negative connotation. It's all in how the community is run. Adding a feature to the software that is toggled on or off (or giving individuals the ability to do something easily via CSS modifications), doesn't mean your community needs to do what other people need to do. Try to imagine how others may use something, even if it isn't how you might. This is a feature request, not a religious debate. Some folks find it valuable. I think it would be kind practice here to only comment on someone's feature request when: You like the idea, and see how it could work for others/yourself You're concerned that the implementation of the idea might change how you use the platform, and want to be sure that your use cases are considered Speculating about how you would never personally benefit from something as a measure of the validity of the customer feedback left here by saying "I don't get this and would never use this" is akin to saying "I don't have the desire to exercise the taking on of the perspective of others to see things from their worldview." I think we can be better than that.

Don't forget limitations imposed from moderation via accumulation of warning points. There's validity in use cases where people who cannot participate in a discussion are represented as such. I think the issue may be that we naturally want to assume "banned" means "bad." "Banned" is simply a name assigned to it for its most common use case, however there are reasons in which members are set into a "cannot post on the site right now" for an infinite number of reasons. In our community, we use these features, yet rename all of these terms through translation to reflect how we use them. It's a good sign that the software offers that degree of flexibility. Some communities are managed where moderators are only able to apply warnings, and cannot change usergroups. There's no permission presently to restrict the usergroups one can move a member into. Remember principle of least privilege. Things that work for Communities A, B, and C, may not work in D, E, or F. Reputation/karma points are a good example. Even though there are communities that would never show things like the leaderboard, or "who won the day" because they simply don't fit the culture, doesn't invalidate the value in having it as an option for the platform.

YES.

Your CSS resources and such are returning 404 errors. Can you confirm that they are on the filesystem where the theme is calling them from? Have you checked filesystem permissions? I think the requirements checker does this:

I assume you tried the ACP > Support > Something isn't working option?

@Bart Russel: .htaccess will only work if your web server is provisioned to use it and can read the file. Is this a shared hosting environment? Are you using apache or some other web server like nginx (you'd need to this another way if nginx)? Can the account at the web server is running on read the .htaccess file?