MacOS86it

Well, friends, what a journey we've been on since we started work on Invision Community 4.6.0.
With 11 developers accumulating 934 commits over 3,157 files changing 120,281 lines of code, we're ready to show it to the world.
Along with over 260 bug fixes, this new release contains some great new functionality. Let's take a look at what's new.
Achievements
Achievements, badges, ranks, rules, gamification, whatever you want to call it, this is the most significant feature for Invision Community 4.6.0. This brings a whole new level of earning and showing trust to other members while gently nudging more quality contributions to your community.
 
Zapier integration
Do you want new member registrations to magically appear in a Google spreadsheet? Perhaps you want members who opt-in for newsletters to be added to Mailchimp or ActiveCampaign. Cloud and Enterprise customers can do all this and more without writing a single line of code, thanks to Zapier.
 
Web app and push notifications
We took the time to round out our PWA (progressive web application) framework for 4.6.0 to include service workers, push notifications and more. I barely understand it, but Rikki takes you through the changes in our blog entry.
 
Anonymous posting
For some types of community, where discussion topics are particularly sensitive, community owners want to make sure that members register with their real details but are given the option to post anonymously where appropriate. For example, organisations dealing with abuse or sensitive topics might want the member to feel safe and disinhibited to post info without fear of being identified by the rest of the community.
 
Solved content
In Invision Community 4.6.0, we have rounded out our "solved" feature by allowing the feature to be enabled on a regular forum, along with notifications, statistics and more.
 
Show when a team member has replied
When you're scanning a list of topics, it's helpful to know when a community team member has replied, as these replies tend to have more authority and are more likely to resolve an issue. 4.6.0 adds a feature to show when a member of the team has replied.
 
Health dashboard
As Invision Community is a top of the line community platform with excellent developers and an amazing QA team, it's unlikely ever to go wrong. On the infrequent occasions that you need to identify potential issues within your community, the new health dashboard makes it easier to diagnose problems and request support.
 
Spam improvements
Our Enterprise customers run very visible and very busy communities. One of the pain points they had was identifying and limiting the annoyance of spam within the community. We created a new round of improvements based on that feedback to mitigate spam, and these changes are available to all Invision Community owners with 4.6.0.
Cloud and Enterprise customers will also benefit from multiple under-the-hood optimisations for our cloud platform, including better caching of resources for faster response times.
Let me know in the comments which feature you're looking forward to the most!

Security should never be an afterthought. Don't wait until an attack has compromised your site before you take action.
All too often, site owners consider increasing their security only when it's too late, and their community has already been compromised.
Taking some time now to check and improve the security of your community and server will pay dividends.
In this blog, we run down 8 ways that you can protect your community with Invision Community. We go through the security features you may not know about to best practices all communities should be following.
1. Set up Two Factor Authentication
Invision Community supports Two Factor Authentication (2FA for short), and we highly recommend making use of this feature for your users, but especially for your administrative staff.
2FA is a system that requires both a user's password and a special code (displayed by a phone app) that changes every few seconds. The idea is simple: if a user's password is somehow compromised, a hacker still wouldn't be able to log in to the account without the current code number.
You may already be familiar with 2FA from other services you use. Apple's iCloud, Facebook and Google all offer it, as do thousands of banks and other security-conscious businesses.
Invision Community supports 2FA via the Google Authenticator app (available for iOS and Android) or the Authy service, which can send codes to users via text message or phone call. You can also fall back to security questions instead of codes.
You can configure which members groups can use 2FA, as well as requiring certain groups to use it. 
Recommendation: Require any staff with access to the Admin Control Panel or moderation functions to use 2FA. This will ensure that no damage will occur should their account passwords be discovered. Allow members to use 2FA at their discretion.
2. Configure password requirements
The password strength feature displays a strength meter to users as they type a new password. The meter shows them approximately how secure it is, as well as some tips for choosing a good password.
While you can leave this feature as a simple recommendation for users, it's also possible to require them to choose a password that reaches a certain strength on the meter. 
Recommendation: Require users to choose at least a 'Strong' password.

3. Be selective when adding administrators
Administrator permissions can be extremely damaging in the wrong hands, and granting administrator powers should only be done with great consideration. Giving access to the AdminCP is like handing someone the keys to your house. Before doing so, be sure you trust the person and that their role requires access to the AdminCP (for example, would moderator permissions be sufficient for the new staff member?).
Recommendation: Don't forget to remove administrator access promptly when necessary too, such as the member of staff leaving your organization. Always be aware of exactly who has administrator access at any given time, and review regularly. You can list all accounts that have Administrative access by clicking the Administrators button under staff on the Members tab.
4. Utilize Admin Restrictions
In many organizations, staff roles within the community reflect real-world roles - designers need access to templates, accounting needs access to billing, and so forth. 
Invision Community allows you to limit administrator access to particular areas of the AdminCP with the Admin Restrictions feature, and even limit what can is done within those areas.
This is a great approach for limiting risk to your data; by giving staff members access to only the areas they need to perform their duties, you reduce the potential impact should their account become compromised in future.
Recommendation: Review the restrictions your admins currently have. 
5. Choose good passwords
This seems like an obvious suggestion, but surveys regularly show that people choose passwords that are too easy to guess or brute force. Your password is naturally the most basic protection of your AdminCP there is, so making sure you're using a good password is essential.
We recommend using a password manager application, such as 1password or LastPass. These applications generate strong, random passwords for each site you use, and store them so that you don't have to remember them.
Even if you don't use a password manager, make sure the passwords you use for your community are unique and never used for other sites too.
Recommendation: Reset your password regularly and ensure you do not use the same password elsewhere.

6. Stay up to date
It's a fact of software development that from time to time, new security issues are reported and promptly fixed.
But if you're running several versions behind, once security issues are made public through responsible disclosure, malicious users can exploit those weaknesses in your community.
When we release new updates - especially if they're marked as a security release in our release notes - be sure to update promptly.
Invision Community allows you to update to the latest version via the AdminCP. You no longer need to download a thing!
Recommendation: Update to the latest version whenever possible. Remember, with Invision Community's theme and hook systems, upgrades to minor point releases should be very straight forward.
7. Restrict your AdminCP to an IP range where possible
If your organization has a static IP or requires staff members to use a VPN, you can add an additional layer of security to your community by prohibiting access to the AdminCP unless the user's IP matches your whitelist.
This is a server-level feature, so consult your IT team or host to find out how to set it up in your particular environment.
Recommendation: Consider IP restriction as an additional security layer when you are not able or willing to use 2FA.
8. Properly secure your PHP installation
Many of PHP's built-in functions can leave a server vulnerable to high-impact exploits, and yet many of these functions aren't needed by the vast majority of PHP applications you might run. We, therefore, recommend that you explicitly disable these functions using PHP's disable_functions configuration setting. Here's our recommended configuration, although you or your host may need to tweak the list depending on your exact needs:
disable_functions = escapeshellarg,escapeshellcmd,exec,ini_alter,parse_ini_file,passthru,pcntl_exec,popen,proc_close,proc_get_status,proc_nice,proc_open,proc_terminate,show_source,shell_exec,symlink,system Another critical PHP configuration setting you need to check is that open_basedir is enabled. Especially if you're hosted on a server that also hosts other websites (known as shared hosting), if another account on the server is comprised and open_basedir is disabled, the attacker can potentially gain access to your files too.
Naturally, Cloud customers needn't worry about this, we've already ensured our cloud infrastructure is impervious to this kind of attack.
Recommendation: Review your PHP version and settings, or choose one of our cloud plans where we take care of this for you.
So there we go - a brief overview of 8 common-sense ways you can better protect your community and its users.
As software developers, we're constantly working to improve the behind-the-scenes security of our software. As an administrator, there's also a number of steps you should take to keep your community safe on the web.
If you have any tips related to security, be sure to share them in the comments!