Matt

Security should never be an afterthought. Don't wait until an attack has compromised your site before you take action.
All too often, site owners consider increasing their security only when it's too late, and their community has already been compromised.
Taking some time now to check and improve the security of your community and server will pay dividends.
In this blog, we run down 8 ways that you can protect your community with Invision Community. We go through the security features you may not know about to best practices all communities should be following.
1. Set up Two Factor Authentication
Invision Community supports Two Factor Authentication (2FA for short), and we highly recommend making use of this feature for your users, but especially for your administrative staff.
2FA is a system that requires both a user's password and a special code (displayed by a phone app) that changes every few seconds. The idea is simple: if a user's password is somehow compromised, a hacker still wouldn't be able to log in to the account without the current code number.
You may already be familiar with 2FA from other services you use. Apple's iCloud, Facebook and Google all offer it, as do thousands of banks and other security-conscious businesses.
Invision Community supports 2FA via the Google Authenticator app (available for iOS and Android) or the Authy service, which can send codes to users via text message or phone call. You can also fall back to security questions instead of codes.
You can configure which members groups can use 2FA, as well as requiring certain groups to use it. 
Recommendation: Require any staff with access to the Admin Control Panel or moderation functions to use 2FA. This will ensure that no damage will occur should their account passwords be discovered. Allow members to use 2FA at their discretion.
2. Configure password requirements
The password strength feature displays a strength meter to users as they type a new password. The meter shows them approximately how secure it is, as well as some tips for choosing a good password.
While you can leave this feature as a simple recommendation for users, it's also possible to require them to choose a password that reaches a certain strength on the meter. 
Recommendation: Require users to choose at least a 'Strong' password.

3. Be selective when adding administrators
Administrator permissions can be extremely damaging in the wrong hands, and granting administrator powers should only be done with great consideration. Giving access to the AdminCP is like handing someone the keys to your house. Before doing so, be sure you trust the person and that their role requires access to the AdminCP (for example, would moderator permissions be sufficient for the new staff member?).
Recommendation: Don't forget to remove administrator access promptly when necessary too, such as the member of staff leaving your organization. Always be aware of exactly who has administrator access at any given time, and review regularly. You can list all accounts that have Administrative access by clicking the Administrators button under staff on the Members tab.
4. Utilize Admin Restrictions
In many organizations, staff roles within the community reflect real-world roles - designers need access to templates, accounting needs access to billing, and so forth. 
Invision Community allows you to limit administrator access to particular areas of the AdminCP with the Admin Restrictions feature, and even limit what can is done within those areas.
This is a great approach for limiting risk to your data; by giving staff members access to only the areas they need to perform their duties, you reduce the potential impact should their account become compromised in future.
Recommendation: Review the restrictions your admins currently have. 
5. Choose good passwords
This seems like an obvious suggestion, but surveys regularly show that people choose passwords that are too easy to guess or brute force. Your password is naturally the most basic protection of your AdminCP there is, so making sure you're using a good password is essential.
We recommend using a password manager application, such as 1password or LastPass. These applications generate strong, random passwords for each site you use, and store them so that you don't have to remember them.
Even if you don't use a password manager, make sure the passwords you use for your community are unique and never used for other sites too.
Recommendation: Reset your password regularly and ensure you do not use the same password elsewhere.

6. Stay up to date
It's a fact of software development that from time to time, new security issues are reported and promptly fixed.
But if you're running several versions behind, once security issues are made public through responsible disclosure, malicious users can exploit those weaknesses in your community.
When we release new updates - especially if they're marked as a security release in our release notes - be sure to update promptly.
Invision Community allows you to update to the latest version via the AdminCP. You no longer need to download a thing!
Recommendation: Update to the latest version whenever possible. Remember, with Invision Community's theme and hook systems, upgrades to minor point releases should be very straight forward.
7. Restrict your AdminCP to an IP range where possible
If your organization has a static IP or requires staff members to use a VPN, you can add an additional layer of security to your community by prohibiting access to the AdminCP unless the user's IP matches your whitelist.
This is a server-level feature, so consult your IT team or host to find out how to set it up in your particular environment.
Recommendation: Consider IP restriction as an additional security layer when you are not able or willing to use 2FA.
8. Properly secure your PHP installation
Many of PHP's built-in functions can leave a server vulnerable to high-impact exploits, and yet many of these functions aren't needed by the vast majority of PHP applications you might run. We, therefore, recommend that you explicitly disable these functions using PHP's disable_functions configuration setting. Here's our recommended configuration, although you or your host may need to tweak the list depending on your exact needs:
disable_functions = escapeshellarg,escapeshellcmd,exec,ini_alter,parse_ini_file,passthru,pcntl_exec,popen,proc_close,proc_get_status,proc_nice,proc_open,proc_terminate,show_source,shell_exec,symlink,system Another critical PHP configuration setting you need to check is that open_basedir is enabled. Especially if you're hosted on a server that also hosts other websites (known as shared hosting), if another account on the server is comprised and open_basedir is disabled, the attacker can potentially gain access to your files too.
Naturally, Cloud customers needn't worry about this, we've already ensured our cloud infrastructure is impervious to this kind of attack.
Recommendation: Review your PHP version and settings, or choose one of our cloud plans where we take care of this for you.
So there we go - a brief overview of 8 common-sense ways you can better protect your community and its users.
As software developers, we're constantly working to improve the behind-the-scenes security of our software. As an administrator, there's also a number of steps you should take to keep your community safe on the web.
If you have any tips related to security, be sure to share them in the comments!
 

Almost every single day, we receive feedback on our popular clubs feature. Some of the requests are big in scope, and some a little smaller.
Following on from our previous blog entry for Club Pages, we’re pleased to announce a collection of smaller, but no less useful improvements.
Improved Map Display

The Clubs location map better shows where local clubs are
A small but useful change to the clubs map means the view is now centered and zoomed around available clubs. Previously the map would show a world view even if all of the clubs were located in a concentrated geographical area.
Member Tab
A commitment to privacy always influences our development decisions, and this is true in clubs as well as other areas. It is now possible to set who can view the club member list on a per club basis. Clubs can be set to show the member list to everyone, only to club members or only to club leaders and moderators.

You can now decide who can see your club
Club Widgets
A common request for clubs is that widgets should be able to display content from within clubs. With 4.5, this is now possible and allows you to better bring attention to your club content from anywhere in your community.

Content widgets can now show club specific content
Some people wanted to control where widgets would show more finely. This wasn’t previously possible, but now it is. When adding widgets to a page, you can now set whether you want it to appear everywhere, everywhere except clubs, or only in clubs.
Join Requests
Club leaders can invite members who they believe will enjoy their content to join. Likewise, members can request to join a club that is not open for all to join instantly.
For a site with a lot of clubs, this could mean that you are invited to many clubs or find that your pending request goes unnoticed.

Your member can quickly manage their pending invites
Members can now cancel pending requests themselves quickly and easily from the Club homepage.
Clubs are becoming an increasingly popular part of Invision Community and really helps foster a sense of involvement.
We are always interested and surprised by the variety of ways this feature is being used. Let us know how you’re using clubs in the comments and keep the great suggestions coming!

Almost every single day, we receive feedback on our popular clubs feature. Some of the requests are big in scope, and some a little smaller.
Following on from our previous blog entry for Club Pages, we’re pleased to announce a collection of smaller, but no less useful improvements.
Improved Map Display

The Clubs location map better shows where local clubs are
A small but useful change to the clubs map means the view is now centered and zoomed around available clubs. Previously the map would show a world view even if all of the clubs were located in a concentrated geographical area.
Member Tab
A commitment to privacy always influences our development decisions, and this is true in clubs as well as other areas. It is now possible to set who can view the club member list on a per club basis. Clubs can be set to show the member list to everyone, only to club members or only to club leaders and moderators.

You can now decide who can see your club
Club Widgets
A common request for clubs is that widgets should be able to display content from within clubs. With 4.5, this is now possible and allows you to better bring attention to your club content from anywhere in your community.

Content widgets can now show club specific content
Some people wanted to control where widgets would show more finely. This wasn’t previously possible, but now it is. When adding widgets to a page, you can now set whether you want it to appear everywhere, everywhere except clubs, or only in clubs.
Join Requests
Club leaders can invite members who they believe will enjoy their content to join. Likewise, members can request to join a club that is not open for all to join instantly.
For a site with a lot of clubs, this could mean that you are invited to many clubs or find that your pending request goes unnoticed.

Your member can quickly manage their pending invites
Members can now cancel pending requests themselves quickly and easily from the Club homepage.
Clubs are becoming an increasingly popular part of Invision Community and really helps foster a sense of involvement.
We are always interested and surprised by the variety of ways this feature is being used. Let us know how you’re using clubs in the comments and keep the great suggestions coming!

You'd be forgiven for thinking that RSS feeds belong in some bygone era of the web where Netscape was king and getting online meant listening to your modem scream at your phone line.
There's certainly a lot of newer web technologies to share data, but the venerable RSS feed still has a place.
Invision Community has supported RSS feed importing and exporting for a very long time now; however, it has been restricted to just Forums and Blogs.
Importing an RSS feed is a simple way to populate content on your community. It's even a great way to share content to and from your site without creating blocks or writing custom code.
Invision Community 4.5 now centralizes RSS feed importing, so it is available for Forums, Blogs and Pages.

You can now choose to import an RSS feed to any Pages database. Better yet, there is now full support for image enclosures.
RSS feeds have a special tag to note that the feed entry has an attached image. Lots of RSS feeds use this, such as the NASA Image Of The Day feed. Until now, this image has just been silently discarded.

Now, it is imported as an attachment (so it can be moved around in the post or Pages entry). If the Pages database you are importing to has record images enabled, you can optionally import the enclosure as a record image which some template sets can use as a header image, just as our blog here does.

But what about exporting enclosures?
Happily, Invision Community 4.5 can now export the main content image of an item as an enclosure. This certainly makes the Gallery RSS feed export a lot more useful!

While these updates are not revolutionary, they certainly make RSS feed importing and exporting much more useful. We've been asked to support RSS feed importing into Pages for quite a while now.
What do you think of these changes? What will you import into your Pages databases?

Almost every single day, we receive feedback on our popular clubs feature. Some of the requests are big in scope, and some a little smaller.
Following on from our previous blog entry for Club Pages, we’re pleased to announce a collection of smaller, but no less useful improvements.
Improved Map Display

The Clubs location map better shows where local clubs are
A small but useful change to the clubs map means the view is now centered and zoomed around available clubs. Previously the map would show a world view even if all of the clubs were located in a concentrated geographical area.
Member Tab
A commitment to privacy always influences our development decisions, and this is true in clubs as well as other areas. It is now possible to set who can view the club member list on a per club basis. Clubs can be set to show the member list to everyone, only to club members or only to club leaders and moderators.

You can now decide who can see your club
Club Widgets
A common request for clubs is that widgets should be able to display content from within clubs. With 4.5, this is now possible and allows you to better bring attention to your club content from anywhere in your community.

Content widgets can now show club specific content
Some people wanted to control where widgets would show more finely. This wasn’t previously possible, but now it is. When adding widgets to a page, you can now set whether you want it to appear everywhere, everywhere except clubs, or only in clubs.
Join Requests
Club leaders can invite members who they believe will enjoy their content to join. Likewise, members can request to join a club that is not open for all to join instantly.
For a site with a lot of clubs, this could mean that you are invited to many clubs or find that your pending request goes unnoticed.

Your member can quickly manage their pending invites
Members can now cancel pending requests themselves quickly and easily from the Club homepage.
Clubs are becoming an increasingly popular part of Invision Community and really helps foster a sense of involvement.
We are always interested and surprised by the variety of ways this feature is being used. Let us know how you’re using clubs in the comments and keep the great suggestions coming!

Almost every single day, we receive feedback on our popular clubs feature. Some of the requests are big in scope, and some a little smaller.
Following on from our previous blog entry for Club Pages, we’re pleased to announce a collection of smaller, but no less useful improvements.
Improved Map Display

The Clubs location map better shows where local clubs are
A small but useful change to the clubs map means the view is now centered and zoomed around available clubs. Previously the map would show a world view even if all of the clubs were located in a concentrated geographical area.
Member Tab
A commitment to privacy always influences our development decisions, and this is true in clubs as well as other areas. It is now possible to set who can view the club member list on a per club basis. Clubs can be set to show the member list to everyone, only to club members or only to club leaders and moderators.

You can now decide who can see your club
Club Widgets
A common request for clubs is that widgets should be able to display content from within clubs. With 4.5, this is now possible and allows you to better bring attention to your club content from anywhere in your community.

Content widgets can now show club specific content
Some people wanted to control where widgets would show more finely. This wasn’t previously possible, but now it is. When adding widgets to a page, you can now set whether you want it to appear everywhere, everywhere except clubs, or only in clubs.
Join Requests
Club leaders can invite members who they believe will enjoy their content to join. Likewise, members can request to join a club that is not open for all to join instantly.
For a site with a lot of clubs, this could mean that you are invited to many clubs or find that your pending request goes unnoticed.

Your member can quickly manage their pending invites
Members can now cancel pending requests themselves quickly and easily from the Club homepage.
Clubs are becoming an increasingly popular part of Invision Community and really helps foster a sense of involvement.
We are always interested and surprised by the variety of ways this feature is being used. Let us know how you’re using clubs in the comments and keep the great suggestions coming!

You'd be forgiven for thinking that RSS feeds belong in some bygone era of the web where Netscape was king and getting online meant listening to your modem scream at your phone line.
There's certainly a lot of newer web technologies to share data, but the venerable RSS feed still has a place.
Invision Community has supported RSS feed importing and exporting for a very long time now; however, it has been restricted to just Forums and Blogs.
Importing an RSS feed is a simple way to populate content on your community. It's even a great way to share content to and from your site without creating blocks or writing custom code.
Invision Community 4.5 now centralizes RSS feed importing, so it is available for Forums, Blogs and Pages.

You can now choose to import an RSS feed to any Pages database. Better yet, there is now full support for image enclosures.
RSS feeds have a special tag to note that the feed entry has an attached image. Lots of RSS feeds use this, such as the NASA Image Of The Day feed. Until now, this image has just been silently discarded.

Now, it is imported as an attachment (so it can be moved around in the post or Pages entry). If the Pages database you are importing to has record images enabled, you can optionally import the enclosure as a record image which some template sets can use as a header image, just as our blog here does.

But what about exporting enclosures?
Happily, Invision Community 4.5 can now export the main content image of an item as an enclosure. This certainly makes the Gallery RSS feed export a lot more useful!

While these updates are not revolutionary, they certainly make RSS feed importing and exporting much more useful. We've been asked to support RSS feed importing into Pages for quite a while now.
What do you think of these changes? What will you import into your Pages databases?

Security should never be an afterthought. Don't wait until an attack has compromised your site before you take action.
All too often, site owners consider increasing their security only when it's too late, and their community has already been compromised.
Taking some time now to check and improve the security of your community and server will pay dividends.
In this blog, we run down 8 ways that you can protect your community with Invision Community. We go through the security features you may not know about to best practices all communities should be following.
1. Set up Two Factor Authentication
Invision Community supports Two Factor Authentication (2FA for short), and we highly recommend making use of this feature for your users, but especially for your administrative staff.
2FA is a system that requires both a user's password and a special code (displayed by a phone app) that changes every few seconds. The idea is simple: if a user's password is somehow compromised, a hacker still wouldn't be able to log in to the account without the current code number.
You may already be familiar with 2FA from other services you use. Apple's iCloud, Facebook and Google all offer it, as do thousands of banks and other security-conscious businesses.
Invision Community supports 2FA via the Google Authenticator app (available for iOS and Android) or the Authy service, which can send codes to users via text message or phone call. You can also fall back to security questions instead of codes.
You can configure which members groups can use 2FA, as well as requiring certain groups to use it. 
Recommendation: Require any staff with access to the Admin Control Panel or moderation functions to use 2FA. This will ensure that no damage will occur should their account passwords be discovered. Allow members to use 2FA at their discretion.
2. Configure password requirements
The password strength feature displays a strength meter to users as they type a new password. The meter shows them approximately how secure it is, as well as some tips for choosing a good password.
While you can leave this feature as a simple recommendation for users, it's also possible to require them to choose a password that reaches a certain strength on the meter. 
Recommendation: Require users to choose at least a 'Strong' password.

3. Be selective when adding administrators
Administrator permissions can be extremely damaging in the wrong hands, and granting administrator powers should only be done with great consideration. Giving access to the AdminCP is like handing someone the keys to your house. Before doing so, be sure you trust the person and that their role requires access to the AdminCP (for example, would moderator permissions be sufficient for the new staff member?).
Recommendation: Don't forget to remove administrator access promptly when necessary too, such as the member of staff leaving your organization. Always be aware of exactly who has administrator access at any given time, and review regularly. You can list all accounts that have Administrative access by clicking the Administrators button under staff on the Members tab.
4. Utilize Admin Restrictions
In many organizations, staff roles within the community reflect real-world roles - designers need access to templates, accounting needs access to billing, and so forth. 
Invision Community allows you to limit administrator access to particular areas of the AdminCP with the Admin Restrictions feature, and even limit what can is done within those areas.
This is a great approach for limiting risk to your data; by giving staff members access to only the areas they need to perform their duties, you reduce the potential impact should their account become compromised in future.
Recommendation: Review the restrictions your admins currently have. 
5. Choose good passwords
This seems like an obvious suggestion, but surveys regularly show that people choose passwords that are too easy to guess or brute force. Your password is naturally the most basic protection of your AdminCP there is, so making sure you're using a good password is essential.
We recommend using a password manager application, such as 1password or LastPass. These applications generate strong, random passwords for each site you use, and store them so that you don't have to remember them.
Even if you don't use a password manager, make sure the passwords you use for your community are unique and never used for other sites too.
Recommendation: Reset your password regularly and ensure you do not use the same password elsewhere.

6. Stay up to date
It's a fact of software development that from time to time, new security issues are reported and promptly fixed.
But if you're running several versions behind, once security issues are made public through responsible disclosure, malicious users can exploit those weaknesses in your community.
When we release new updates - especially if they're marked as a security release in our release notes - be sure to update promptly.
Invision Community allows you to update to the latest version via the AdminCP. You no longer need to download a thing!
Recommendation: Update to the latest version whenever possible. Remember, with Invision Community's theme and hook systems, upgrades to minor point releases should be very straight forward.
7. Restrict your AdminCP to an IP range where possible
If your organization has a static IP or requires staff members to use a VPN, you can add an additional layer of security to your community by prohibiting access to the AdminCP unless the user's IP matches your whitelist.
This is a server-level feature, so consult your IT team or host to find out how to set it up in your particular environment.
Recommendation: Consider IP restriction as an additional security layer when you are not able or willing to use 2FA.
8. Properly secure your PHP installation
Many of PHP's built-in functions can leave a server vulnerable to high-impact exploits, and yet many of these functions aren't needed by the vast majority of PHP applications you might run. We, therefore, recommend that you explicitly disable these functions using PHP's disable_functions configuration setting. Here's our recommended configuration, although you or your host may need to tweak the list depending on your exact needs:
disable_functions = escapeshellarg,escapeshellcmd,exec,ini_alter,parse_ini_file,passthru,pcntl_exec,popen,proc_close,proc_get_status,proc_nice,proc_open,proc_terminate,show_source,shell_exec,symlink,system Another critical PHP configuration setting you need to check is that open_basedir is enabled. Especially if you're hosted on a server that also hosts other websites (known as shared hosting), if another account on the server is comprised and open_basedir is disabled, the attacker can potentially gain access to your files too.
Naturally, Cloud customers needn't worry about this, we've already ensured our cloud infrastructure is impervious to this kind of attack.
Recommendation: Review your PHP version and settings, or choose one of our cloud plans where we take care of this for you.
So there we go - a brief overview of 8 common-sense ways you can better protect your community and its users.
As software developers, we're constantly working to improve the behind-the-scenes security of our software. As an administrator, there's also a number of steps you should take to keep your community safe on the web.
If you have any tips related to security, be sure to share them in the comments!
 

You'd be forgiven for thinking that RSS feeds belong in some bygone era of the web where Netscape was king and getting online meant listening to your modem scream at your phone line.
There's certainly a lot of newer web technologies to share data, but the venerable RSS feed still has a place.
Invision Community has supported RSS feed importing and exporting for a very long time now; however, it has been restricted to just Forums and Blogs.
Importing an RSS feed is a simple way to populate content on your community. It's even a great way to share content to and from your site without creating blocks or writing custom code.
Invision Community 4.5 now centralizes RSS feed importing, so it is available for Forums, Blogs and Pages.

You can now choose to import an RSS feed to any Pages database. Better yet, there is now full support for image enclosures.
RSS feeds have a special tag to note that the feed entry has an attached image. Lots of RSS feeds use this, such as the NASA Image Of The Day feed. Until now, this image has just been silently discarded.

Now, it is imported as an attachment (so it can be moved around in the post or Pages entry). If the Pages database you are importing to has record images enabled, you can optionally import the enclosure as a record image which some template sets can use as a header image, just as our blog here does.

But what about exporting enclosures?
Happily, Invision Community 4.5 can now export the main content image of an item as an enclosure. This certainly makes the Gallery RSS feed export a lot more useful!

While these updates are not revolutionary, they certainly make RSS feed importing and exporting much more useful. We've been asked to support RSS feed importing into Pages for quite a while now.
What do you think of these changes? What will you import into your Pages databases?

Almost every single day, we receive feedback on our popular clubs feature. Some of the requests are big in scope, and some a little smaller.
Following on from our previous blog entry for Club Pages, we’re pleased to announce a collection of smaller, but no less useful improvements.
Improved Map Display

The Clubs location map better shows where local clubs are
A small but useful change to the clubs map means the view is now centered and zoomed around available clubs. Previously the map would show a world view even if all of the clubs were located in a concentrated geographical area.
Member Tab
A commitment to privacy always influences our development decisions, and this is true in clubs as well as other areas. It is now possible to set who can view the club member list on a per club basis. Clubs can be set to show the member list to everyone, only to club members or only to club leaders and moderators.

You can now decide who can see your club
Club Widgets
A common request for clubs is that widgets should be able to display content from within clubs. With 4.5, this is now possible and allows you to better bring attention to your club content from anywhere in your community.

Content widgets can now show club specific content
Some people wanted to control where widgets would show more finely. This wasn’t previously possible, but now it is. When adding widgets to a page, you can now set whether you want it to appear everywhere, everywhere except clubs, or only in clubs.
Join Requests
Club leaders can invite members who they believe will enjoy their content to join. Likewise, members can request to join a club that is not open for all to join instantly.
For a site with a lot of clubs, this could mean that you are invited to many clubs or find that your pending request goes unnoticed.

Your member can quickly manage their pending invites
Members can now cancel pending requests themselves quickly and easily from the Club homepage.
Clubs are becoming an increasingly popular part of Invision Community and really helps foster a sense of involvement.
We are always interested and surprised by the variety of ways this feature is being used. Let us know how you’re using clubs in the comments and keep the great suggestions coming!

Almost every single day, we receive feedback on our popular clubs feature. Some of the requests are big in scope, and some a little smaller.
Following on from our previous blog entry for Club Pages, we’re pleased to announce a collection of smaller, but no less useful improvements.
Improved Map Display

The Clubs location map better shows where local clubs are
A small but useful change to the clubs map means the view is now centered and zoomed around available clubs. Previously the map would show a world view even if all of the clubs were located in a concentrated geographical area.
Member Tab
A commitment to privacy always influences our development decisions, and this is true in clubs as well as other areas. It is now possible to set who can view the club member list on a per club basis. Clubs can be set to show the member list to everyone, only to club members or only to club leaders and moderators.

You can now decide who can see your club
Club Widgets
A common request for clubs is that widgets should be able to display content from within clubs. With 4.5, this is now possible and allows you to better bring attention to your club content from anywhere in your community.

Content widgets can now show club specific content
Some people wanted to control where widgets would show more finely. This wasn’t previously possible, but now it is. When adding widgets to a page, you can now set whether you want it to appear everywhere, everywhere except clubs, or only in clubs.
Join Requests
Club leaders can invite members who they believe will enjoy their content to join. Likewise, members can request to join a club that is not open for all to join instantly.
For a site with a lot of clubs, this could mean that you are invited to many clubs or find that your pending request goes unnoticed.

Your member can quickly manage their pending invites
Members can now cancel pending requests themselves quickly and easily from the Club homepage.
Clubs are becoming an increasingly popular part of Invision Community and really helps foster a sense of involvement.
We are always interested and surprised by the variety of ways this feature is being used. Let us know how you’re using clubs in the comments and keep the great suggestions coming!

Almost every single day, we receive feedback on our popular clubs feature. Some of the requests are big in scope, and some a little smaller.
Following on from our previous blog entry for Club Pages, we’re pleased to announce a collection of smaller, but no less useful improvements.
Improved Map Display

The Clubs location map better shows where local clubs are
A small but useful change to the clubs map means the view is now centered and zoomed around available clubs. Previously the map would show a world view even if all of the clubs were located in a concentrated geographical area.
Member Tab
A commitment to privacy always influences our development decisions, and this is true in clubs as well as other areas. It is now possible to set who can view the club member list on a per club basis. Clubs can be set to show the member list to everyone, only to club members or only to club leaders and moderators.

You can now decide who can see your club
Club Widgets
A common request for clubs is that widgets should be able to display content from within clubs. With 4.5, this is now possible and allows you to better bring attention to your club content from anywhere in your community.

Content widgets can now show club specific content
Some people wanted to control where widgets would show more finely. This wasn’t previously possible, but now it is. When adding widgets to a page, you can now set whether you want it to appear everywhere, everywhere except clubs, or only in clubs.
Join Requests
Club leaders can invite members who they believe will enjoy their content to join. Likewise, members can request to join a club that is not open for all to join instantly.
For a site with a lot of clubs, this could mean that you are invited to many clubs or find that your pending request goes unnoticed.

Your member can quickly manage their pending invites
Members can now cancel pending requests themselves quickly and easily from the Club homepage.
Clubs are becoming an increasingly popular part of Invision Community and really helps foster a sense of involvement.
We are always interested and surprised by the variety of ways this feature is being used. Let us know how you’re using clubs in the comments and keep the great suggestions coming!

Almost every single day, we receive feedback on our popular clubs feature. Some of the requests are big in scope, and some a little smaller.
Following on from our previous blog entry for Club Pages, we’re pleased to announce a collection of smaller, but no less useful improvements.
Improved Map Display

The Clubs location map better shows where local clubs are
A small but useful change to the clubs map means the view is now centered and zoomed around available clubs. Previously the map would show a world view even if all of the clubs were located in a concentrated geographical area.
Member Tab
A commitment to privacy always influences our development decisions, and this is true in clubs as well as other areas. It is now possible to set who can view the club member list on a per club basis. Clubs can be set to show the member list to everyone, only to club members or only to club leaders and moderators.

You can now decide who can see your club
Club Widgets
A common request for clubs is that widgets should be able to display content from within clubs. With 4.5, this is now possible and allows you to better bring attention to your club content from anywhere in your community.

Content widgets can now show club specific content
Some people wanted to control where widgets would show more finely. This wasn’t previously possible, but now it is. When adding widgets to a page, you can now set whether you want it to appear everywhere, everywhere except clubs, or only in clubs.
Join Requests
Club leaders can invite members who they believe will enjoy their content to join. Likewise, members can request to join a club that is not open for all to join instantly.
For a site with a lot of clubs, this could mean that you are invited to many clubs or find that your pending request goes unnoticed.

Your member can quickly manage their pending invites
Members can now cancel pending requests themselves quickly and easily from the Club homepage.
Clubs are becoming an increasingly popular part of Invision Community and really helps foster a sense of involvement.
We are always interested and surprised by the variety of ways this feature is being used. Let us know how you’re using clubs in the comments and keep the great suggestions coming!

Almost every single day, we receive feedback on our popular clubs feature. Some of the requests are big in scope, and some a little smaller.
Following on from our previous blog entry for Club Pages, we’re pleased to announce a collection of smaller, but no less useful improvements.
Improved Map Display

The Clubs location map better shows where local clubs are
A small but useful change to the clubs map means the view is now centered and zoomed around available clubs. Previously the map would show a world view even if all of the clubs were located in a concentrated geographical area.
Member Tab
A commitment to privacy always influences our development decisions, and this is true in clubs as well as other areas. It is now possible to set who can view the club member list on a per club basis. Clubs can be set to show the member list to everyone, only to club members or only to club leaders and moderators.

You can now decide who can see your club
Club Widgets
A common request for clubs is that widgets should be able to display content from within clubs. With 4.5, this is now possible and allows you to better bring attention to your club content from anywhere in your community.

Content widgets can now show club specific content
Some people wanted to control where widgets would show more finely. This wasn’t previously possible, but now it is. When adding widgets to a page, you can now set whether you want it to appear everywhere, everywhere except clubs, or only in clubs.
Join Requests
Club leaders can invite members who they believe will enjoy their content to join. Likewise, members can request to join a club that is not open for all to join instantly.
For a site with a lot of clubs, this could mean that you are invited to many clubs or find that your pending request goes unnoticed.

Your member can quickly manage their pending invites
Members can now cancel pending requests themselves quickly and easily from the Club homepage.
Clubs are becoming an increasingly popular part of Invision Community and really helps foster a sense of involvement.
We are always interested and surprised by the variety of ways this feature is being used. Let us know how you’re using clubs in the comments and keep the great suggestions coming!

Almost every single day, we receive feedback on our popular clubs feature. Some of the requests are big in scope, and some a little smaller.
Following on from our previous blog entry for Club Pages, we’re pleased to announce a collection of smaller, but no less useful improvements.
Improved Map Display

The Clubs location map better shows where local clubs are
A small but useful change to the clubs map means the view is now centered and zoomed around available clubs. Previously the map would show a world view even if all of the clubs were located in a concentrated geographical area.
Member Tab
A commitment to privacy always influences our development decisions, and this is true in clubs as well as other areas. It is now possible to set who can view the club member list on a per club basis. Clubs can be set to show the member list to everyone, only to club members or only to club leaders and moderators.

You can now decide who can see your club
Club Widgets
A common request for clubs is that widgets should be able to display content from within clubs. With 4.5, this is now possible and allows you to better bring attention to your club content from anywhere in your community.

Content widgets can now show club specific content
Some people wanted to control where widgets would show more finely. This wasn’t previously possible, but now it is. When adding widgets to a page, you can now set whether you want it to appear everywhere, everywhere except clubs, or only in clubs.
Join Requests
Club leaders can invite members who they believe will enjoy their content to join. Likewise, members can request to join a club that is not open for all to join instantly.
For a site with a lot of clubs, this could mean that you are invited to many clubs or find that your pending request goes unnoticed.

Your member can quickly manage their pending invites
Members can now cancel pending requests themselves quickly and easily from the Club homepage.
Clubs are becoming an increasingly popular part of Invision Community and really helps foster a sense of involvement.
We are always interested and surprised by the variety of ways this feature is being used. Let us know how you’re using clubs in the comments and keep the great suggestions coming!

Almost every single day, we receive feedback on our popular clubs feature. Some of the requests are big in scope, and some a little smaller.
Following on from our previous blog entry for Club Pages, we’re pleased to announce a collection of smaller, but no less useful improvements.
Improved Map Display

The Clubs location map better shows where local clubs are
A small but useful change to the clubs map means the view is now centered and zoomed around available clubs. Previously the map would show a world view even if all of the clubs were located in a concentrated geographical area.
Member Tab
A commitment to privacy always influences our development decisions, and this is true in clubs as well as other areas. It is now possible to set who can view the club member list on a per club basis. Clubs can be set to show the member list to everyone, only to club members or only to club leaders and moderators.

You can now decide who can see your club
Club Widgets
A common request for clubs is that widgets should be able to display content from within clubs. With 4.5, this is now possible and allows you to better bring attention to your club content from anywhere in your community.

Content widgets can now show club specific content
Some people wanted to control where widgets would show more finely. This wasn’t previously possible, but now it is. When adding widgets to a page, you can now set whether you want it to appear everywhere, everywhere except clubs, or only in clubs.
Join Requests
Club leaders can invite members who they believe will enjoy their content to join. Likewise, members can request to join a club that is not open for all to join instantly.
For a site with a lot of clubs, this could mean that you are invited to many clubs or find that your pending request goes unnoticed.

Your member can quickly manage their pending invites
Members can now cancel pending requests themselves quickly and easily from the Club homepage.
Clubs are becoming an increasingly popular part of Invision Community and really helps foster a sense of involvement.
We are always interested and surprised by the variety of ways this feature is being used. Let us know how you’re using clubs in the comments and keep the great suggestions coming!

Almost every single day, we receive feedback on our popular clubs feature. Some of the requests are big in scope, and some a little smaller.
Following on from our previous blog entry for Club Pages, we’re pleased to announce a collection of smaller, but no less useful improvements.
Improved Map Display

The Clubs location map better shows where local clubs are
A small but useful change to the clubs map means the view is now centered and zoomed around available clubs. Previously the map would show a world view even if all of the clubs were located in a concentrated geographical area.
Member Tab
A commitment to privacy always influences our development decisions, and this is true in clubs as well as other areas. It is now possible to set who can view the club member list on a per club basis. Clubs can be set to show the member list to everyone, only to club members or only to club leaders and moderators.

You can now decide who can see your club
Club Widgets
A common request for clubs is that widgets should be able to display content from within clubs. With 4.5, this is now possible and allows you to better bring attention to your club content from anywhere in your community.

Content widgets can now show club specific content
Some people wanted to control where widgets would show more finely. This wasn’t previously possible, but now it is. When adding widgets to a page, you can now set whether you want it to appear everywhere, everywhere except clubs, or only in clubs.
Join Requests
Club leaders can invite members who they believe will enjoy their content to join. Likewise, members can request to join a club that is not open for all to join instantly.
For a site with a lot of clubs, this could mean that you are invited to many clubs or find that your pending request goes unnoticed.

Your member can quickly manage their pending invites
Members can now cancel pending requests themselves quickly and easily from the Club homepage.
Clubs are becoming an increasingly popular part of Invision Community and really helps foster a sense of involvement.
We are always interested and surprised by the variety of ways this feature is being used. Let us know how you’re using clubs in the comments and keep the great suggestions coming!

Almost every single day, we receive feedback on our popular clubs feature. Some of the requests are big in scope, and some a little smaller.
Following on from our previous blog entry for Club Pages, we’re pleased to announce a collection of smaller, but no less useful improvements.
Improved Map Display

The Clubs location map better shows where local clubs are
A small but useful change to the clubs map means the view is now centered and zoomed around available clubs. Previously the map would show a world view even if all of the clubs were located in a concentrated geographical area.
Member Tab
A commitment to privacy always influences our development decisions, and this is true in clubs as well as other areas. It is now possible to set who can view the club member list on a per club basis. Clubs can be set to show the member list to everyone, only to club members or only to club leaders and moderators.

You can now decide who can see your club
Club Widgets
A common request for clubs is that widgets should be able to display content from within clubs. With 4.5, this is now possible and allows you to better bring attention to your club content from anywhere in your community.

Content widgets can now show club specific content
Some people wanted to control where widgets would show more finely. This wasn’t previously possible, but now it is. When adding widgets to a page, you can now set whether you want it to appear everywhere, everywhere except clubs, or only in clubs.
Join Requests
Club leaders can invite members who they believe will enjoy their content to join. Likewise, members can request to join a club that is not open for all to join instantly.
For a site with a lot of clubs, this could mean that you are invited to many clubs or find that your pending request goes unnoticed.

Your member can quickly manage their pending invites
Members can now cancel pending requests themselves quickly and easily from the Club homepage.
Clubs are becoming an increasingly popular part of Invision Community and really helps foster a sense of involvement.
We are always interested and surprised by the variety of ways this feature is being used. Let us know how you’re using clubs in the comments and keep the great suggestions coming!

Almost every single day, we receive feedback on our popular clubs feature. Some of the requests are big in scope, and some a little smaller.
Following on from our previous blog entry for Club Pages, we’re pleased to announce a collection of smaller, but no less useful improvements.
Improved Map Display

The Clubs location map better shows where local clubs are
A small but useful change to the clubs map means the view is now centered and zoomed around available clubs. Previously the map would show a world view even if all of the clubs were located in a concentrated geographical area.
Member Tab
A commitment to privacy always influences our development decisions, and this is true in clubs as well as other areas. It is now possible to set who can view the club member list on a per club basis. Clubs can be set to show the member list to everyone, only to club members or only to club leaders and moderators.

You can now decide who can see your club
Club Widgets
A common request for clubs is that widgets should be able to display content from within clubs. With 4.5, this is now possible and allows you to better bring attention to your club content from anywhere in your community.

Content widgets can now show club specific content
Some people wanted to control where widgets would show more finely. This wasn’t previously possible, but now it is. When adding widgets to a page, you can now set whether you want it to appear everywhere, everywhere except clubs, or only in clubs.
Join Requests
Club leaders can invite members who they believe will enjoy their content to join. Likewise, members can request to join a club that is not open for all to join instantly.
For a site with a lot of clubs, this could mean that you are invited to many clubs or find that your pending request goes unnoticed.

Your member can quickly manage their pending invites
Members can now cancel pending requests themselves quickly and easily from the Club homepage.
Clubs are becoming an increasingly popular part of Invision Community and really helps foster a sense of involvement.
We are always interested and surprised by the variety of ways this feature is being used. Let us know how you’re using clubs in the comments and keep the great suggestions coming!

Almost every single day, we receive feedback on our popular clubs feature. Some of the requests are big in scope, and some a little smaller.
Following on from our previous blog entry for Club Pages, we’re pleased to announce a collection of smaller, but no less useful improvements.
Improved Map Display

The Clubs location map better shows where local clubs are
A small but useful change to the clubs map means the view is now centered and zoomed around available clubs. Previously the map would show a world view even if all of the clubs were located in a concentrated geographical area.
Member Tab
A commitment to privacy always influences our development decisions, and this is true in clubs as well as other areas. It is now possible to set who can view the club member list on a per club basis. Clubs can be set to show the member list to everyone, only to club members or only to club leaders and moderators.

You can now decide who can see your club
Club Widgets
A common request for clubs is that widgets should be able to display content from within clubs. With 4.5, this is now possible and allows you to better bring attention to your club content from anywhere in your community.

Content widgets can now show club specific content
Some people wanted to control where widgets would show more finely. This wasn’t previously possible, but now it is. When adding widgets to a page, you can now set whether you want it to appear everywhere, everywhere except clubs, or only in clubs.
Join Requests
Club leaders can invite members who they believe will enjoy their content to join. Likewise, members can request to join a club that is not open for all to join instantly.
For a site with a lot of clubs, this could mean that you are invited to many clubs or find that your pending request goes unnoticed.

Your member can quickly manage their pending invites
Members can now cancel pending requests themselves quickly and easily from the Club homepage.
Clubs are becoming an increasingly popular part of Invision Community and really helps foster a sense of involvement.
We are always interested and surprised by the variety of ways this feature is being used. Let us know how you’re using clubs in the comments and keep the great suggestions coming!

Almost every single day, we receive feedback on our popular clubs feature. Some of the requests are big in scope, and some a little smaller.
Following on from our previous blog entry for Club Pages, we’re pleased to announce a collection of smaller, but no less useful improvements.
Improved Map Display

The Clubs location map better shows where local clubs are
A small but useful change to the clubs map means the view is now centered and zoomed around available clubs. Previously the map would show a world view even if all of the clubs were located in a concentrated geographical area.
Member Tab
A commitment to privacy always influences our development decisions, and this is true in clubs as well as other areas. It is now possible to set who can view the club member list on a per club basis. Clubs can be set to show the member list to everyone, only to club members or only to club leaders and moderators.

You can now decide who can see your club
Club Widgets
A common request for clubs is that widgets should be able to display content from within clubs. With 4.5, this is now possible and allows you to better bring attention to your club content from anywhere in your community.

Content widgets can now show club specific content
Some people wanted to control where widgets would show more finely. This wasn’t previously possible, but now it is. When adding widgets to a page, you can now set whether you want it to appear everywhere, everywhere except clubs, or only in clubs.
Join Requests
Club leaders can invite members who they believe will enjoy their content to join. Likewise, members can request to join a club that is not open for all to join instantly.
For a site with a lot of clubs, this could mean that you are invited to many clubs or find that your pending request goes unnoticed.

Your member can quickly manage their pending invites
Members can now cancel pending requests themselves quickly and easily from the Club homepage.
Clubs are becoming an increasingly popular part of Invision Community and really helps foster a sense of involvement.
We are always interested and surprised by the variety of ways this feature is being used. Let us know how you’re using clubs in the comments and keep the great suggestions coming!

Almost every single day, we receive feedback on our popular clubs feature. Some of the requests are big in scope, and some a little smaller.
Following on from our previous blog entry for Club Pages, we’re pleased to announce a collection of smaller, but no less useful improvements.
Improved Map Display

The Clubs location map better shows where local clubs are
A small but useful change to the clubs map means the view is now centered and zoomed around available clubs. Previously the map would show a world view even if all of the clubs were located in a concentrated geographical area.
Member Tab
A commitment to privacy always influences our development decisions, and this is true in clubs as well as other areas. It is now possible to set who can view the club member list on a per club basis. Clubs can be set to show the member list to everyone, only to club members or only to club leaders and moderators.

You can now decide who can see your club
Club Widgets
A common request for clubs is that widgets should be able to display content from within clubs. With 4.5, this is now possible and allows you to better bring attention to your club content from anywhere in your community.

Content widgets can now show club specific content
Some people wanted to control where widgets would show more finely. This wasn’t previously possible, but now it is. When adding widgets to a page, you can now set whether you want it to appear everywhere, everywhere except clubs, or only in clubs.
Join Requests
Club leaders can invite members who they believe will enjoy their content to join. Likewise, members can request to join a club that is not open for all to join instantly.
For a site with a lot of clubs, this could mean that you are invited to many clubs or find that your pending request goes unnoticed.

Your member can quickly manage their pending invites
Members can now cancel pending requests themselves quickly and easily from the Club homepage.
Clubs are becoming an increasingly popular part of Invision Community and really helps foster a sense of involvement.
We are always interested and surprised by the variety of ways this feature is being used. Let us know how you’re using clubs in the comments and keep the great suggestions coming!

Almost every single day, we receive feedback on our popular clubs feature. Some of the requests are big in scope, and some a little smaller.
Following on from our previous blog entry for Club Pages, we’re pleased to announce a collection of smaller, but no less useful improvements.
Improved Map Display

The Clubs location map better shows where local clubs are
A small but useful change to the clubs map means the view is now centered and zoomed around available clubs. Previously the map would show a world view even if all of the clubs were located in a concentrated geographical area.
Member Tab
A commitment to privacy always influences our development decisions, and this is true in clubs as well as other areas. It is now possible to set who can view the club member list on a per club basis. Clubs can be set to show the member list to everyone, only to club members or only to club leaders and moderators.

You can now decide who can see your club
Club Widgets
A common request for clubs is that widgets should be able to display content from within clubs. With 4.5, this is now possible and allows you to better bring attention to your club content from anywhere in your community.

Content widgets can now show club specific content
Some people wanted to control where widgets would show more finely. This wasn’t previously possible, but now it is. When adding widgets to a page, you can now set whether you want it to appear everywhere, everywhere except clubs, or only in clubs.
Join Requests
Club leaders can invite members who they believe will enjoy their content to join. Likewise, members can request to join a club that is not open for all to join instantly.
For a site with a lot of clubs, this could mean that you are invited to many clubs or find that your pending request goes unnoticed.

Your member can quickly manage their pending invites
Members can now cancel pending requests themselves quickly and easily from the Club homepage.
Clubs are becoming an increasingly popular part of Invision Community and really helps foster a sense of involvement.
We are always interested and surprised by the variety of ways this feature is being used. Let us know how you’re using clubs in the comments and keep the great suggestions coming!

You'd be forgiven for thinking that RSS feeds belong in some bygone era of the web where Netscape was king and getting online meant listening to your modem scream at your phone line.
There's certainly a lot of newer web technologies to share data, but the venerable RSS feed still has a place.
Invision Community has supported RSS feed importing and exporting for a very long time now; however, it has been restricted to just Forums and Blogs.
Importing an RSS feed is a simple way to populate content on your community. It's even a great way to share content to and from your site without creating blocks or writing custom code.
Invision Community 4.5 now centralizes RSS feed importing, so it is available for Forums, Blogs and Pages.

You can now choose to import an RSS feed to any Pages database. Better yet, there is now full support for image enclosures.
RSS feeds have a special tag to note that the feed entry has an attached image. Lots of RSS feeds use this, such as the NASA Image Of The Day feed. Until now, this image has just been silently discarded.

Now, it is imported as an attachment (so it can be moved around in the post or Pages entry). If the Pages database you are importing to has record images enabled, you can optionally import the enclosure as a record image which some template sets can use as a header image, just as our blog here does.

But what about exporting enclosures?
Happily, Invision Community 4.5 can now export the main content image of an item as an enclosure. This certainly makes the Gallery RSS feed export a lot more useful!

While these updates are not revolutionary, they certainly make RSS feed importing and exporting much more useful. We've been asked to support RSS feed importing into Pages for quite a while now.
What do you think of these changes? What will you import into your Pages databases?

You'd be forgiven for thinking that RSS feeds belong in some bygone era of the web where Netscape was king and getting online meant listening to your modem scream at your phone line.
There's certainly a lot of newer web technologies to share data, but the venerable RSS feed still has a place.
Invision Community has supported RSS feed importing and exporting for a very long time now; however, it has been restricted to just Forums and Blogs.
Importing an RSS feed is a simple way to populate content on your community. It's even a great way to share content to and from your site without creating blocks or writing custom code.
Invision Community 4.5 now centralizes RSS feed importing, so it is available for Forums, Blogs and Pages.

You can now choose to import an RSS feed to any Pages database. Better yet, there is now full support for image enclosures.
RSS feeds have a special tag to note that the feed entry has an attached image. Lots of RSS feeds use this, such as the NASA Image Of The Day feed. Until now, this image has just been silently discarded.

Now, it is imported as an attachment (so it can be moved around in the post or Pages entry). If the Pages database you are importing to has record images enabled, you can optionally import the enclosure as a record image which some template sets can use as a header image, just as our blog here does.

But what about exporting enclosures?
Happily, Invision Community 4.5 can now export the main content image of an item as an enclosure. This certainly makes the Gallery RSS feed export a lot more useful!

While these updates are not revolutionary, they certainly make RSS feed importing and exporting much more useful. We've been asked to support RSS feed importing into Pages for quite a while now.
What do you think of these changes? What will you import into your Pages databases?

You'd be forgiven for thinking that RSS feeds belong in some bygone era of the web where Netscape was king and getting online meant listening to your modem scream at your phone line.
There's certainly a lot of newer web technologies to share data, but the venerable RSS feed still has a place.
Invision Community has supported RSS feed importing and exporting for a very long time now; however, it has been restricted to just Forums and Blogs.
Importing an RSS feed is a simple way to populate content on your community. It's even a great way to share content to and from your site without creating blocks or writing custom code.
Invision Community 4.5 now centralizes RSS feed importing, so it is available for Forums, Blogs and Pages.

You can now choose to import an RSS feed to any Pages database. Better yet, there is now full support for image enclosures.
RSS feeds have a special tag to note that the feed entry has an attached image. Lots of RSS feeds use this, such as the NASA Image Of The Day feed. Until now, this image has just been silently discarded.

Now, it is imported as an attachment (so it can be moved around in the post or Pages entry). If the Pages database you are importing to has record images enabled, you can optionally import the enclosure as a record image which some template sets can use as a header image, just as our blog here does.

But what about exporting enclosures?
Happily, Invision Community 4.5 can now export the main content image of an item as an enclosure. This certainly makes the Gallery RSS feed export a lot more useful!

While these updates are not revolutionary, they certainly make RSS feed importing and exporting much more useful. We've been asked to support RSS feed importing into Pages for quite a while now.
What do you think of these changes? What will you import into your Pages databases?

You'd be forgiven for thinking that RSS feeds belong in some bygone era of the web where Netscape was king and getting online meant listening to your modem scream at your phone line.
There's certainly a lot of newer web technologies to share data, but the venerable RSS feed still has a place.
Invision Community has supported RSS feed importing and exporting for a very long time now; however, it has been restricted to just Forums and Blogs.
Importing an RSS feed is a simple way to populate content on your community. It's even a great way to share content to and from your site without creating blocks or writing custom code.
Invision Community 4.5 now centralizes RSS feed importing, so it is available for Forums, Blogs and Pages.

You can now choose to import an RSS feed to any Pages database. Better yet, there is now full support for image enclosures.
RSS feeds have a special tag to note that the feed entry has an attached image. Lots of RSS feeds use this, such as the NASA Image Of The Day feed. Until now, this image has just been silently discarded.

Now, it is imported as an attachment (so it can be moved around in the post or Pages entry). If the Pages database you are importing to has record images enabled, you can optionally import the enclosure as a record image which some template sets can use as a header image, just as our blog here does.

But what about exporting enclosures?
Happily, Invision Community 4.5 can now export the main content image of an item as an enclosure. This certainly makes the Gallery RSS feed export a lot more useful!

While these updates are not revolutionary, they certainly make RSS feed importing and exporting much more useful. We've been asked to support RSS feed importing into Pages for quite a while now.
What do you think of these changes? What will you import into your Pages databases?

You'd be forgiven for thinking that RSS feeds belong in some bygone era of the web where Netscape was king and getting online meant listening to your modem scream at your phone line.
There's certainly a lot of newer web technologies to share data, but the venerable RSS feed still has a place.
Invision Community has supported RSS feed importing and exporting for a very long time now; however, it has been restricted to just Forums and Blogs.
Importing an RSS feed is a simple way to populate content on your community. It's even a great way to share content to and from your site without creating blocks or writing custom code.
Invision Community 4.5 now centralizes RSS feed importing, so it is available for Forums, Blogs and Pages.

You can now choose to import an RSS feed to any Pages database. Better yet, there is now full support for image enclosures.
RSS feeds have a special tag to note that the feed entry has an attached image. Lots of RSS feeds use this, such as the NASA Image Of The Day feed. Until now, this image has just been silently discarded.

Now, it is imported as an attachment (so it can be moved around in the post or Pages entry). If the Pages database you are importing to has record images enabled, you can optionally import the enclosure as a record image which some template sets can use as a header image, just as our blog here does.

But what about exporting enclosures?
Happily, Invision Community 4.5 can now export the main content image of an item as an enclosure. This certainly makes the Gallery RSS feed export a lot more useful!

While these updates are not revolutionary, they certainly make RSS feed importing and exporting much more useful. We've been asked to support RSS feed importing into Pages for quite a while now.
What do you think of these changes? What will you import into your Pages databases?

You'd be forgiven for thinking that RSS feeds belong in some bygone era of the web where Netscape was king and getting online meant listening to your modem scream at your phone line.
There's certainly a lot of newer web technologies to share data, but the venerable RSS feed still has a place.
Invision Community has supported RSS feed importing and exporting for a very long time now; however, it has been restricted to just Forums and Blogs.
Importing an RSS feed is a simple way to populate content on your community. It's even a great way to share content to and from your site without creating blocks or writing custom code.
Invision Community 4.5 now centralizes RSS feed importing, so it is available for Forums, Blogs and Pages.

You can now choose to import an RSS feed to any Pages database. Better yet, there is now full support for image enclosures.
RSS feeds have a special tag to note that the feed entry has an attached image. Lots of RSS feeds use this, such as the NASA Image Of The Day feed. Until now, this image has just been silently discarded.

Now, it is imported as an attachment (so it can be moved around in the post or Pages entry). If the Pages database you are importing to has record images enabled, you can optionally import the enclosure as a record image which some template sets can use as a header image, just as our blog here does.

But what about exporting enclosures?
Happily, Invision Community 4.5 can now export the main content image of an item as an enclosure. This certainly makes the Gallery RSS feed export a lot more useful!

While these updates are not revolutionary, they certainly make RSS feed importing and exporting much more useful. We've been asked to support RSS feed importing into Pages for quite a while now.
What do you think of these changes? What will you import into your Pages databases?

You'd be forgiven for thinking that RSS feeds belong in some bygone era of the web where Netscape was king and getting online meant listening to your modem scream at your phone line.
There's certainly a lot of newer web technologies to share data, but the venerable RSS feed still has a place.
Invision Community has supported RSS feed importing and exporting for a very long time now; however, it has been restricted to just Forums and Blogs.
Importing an RSS feed is a simple way to populate content on your community. It's even a great way to share content to and from your site without creating blocks or writing custom code.
Invision Community 4.5 now centralizes RSS feed importing, so it is available for Forums, Blogs and Pages.

You can now choose to import an RSS feed to any Pages database. Better yet, there is now full support for image enclosures.
RSS feeds have a special tag to note that the feed entry has an attached image. Lots of RSS feeds use this, such as the NASA Image Of The Day feed. Until now, this image has just been silently discarded.

Now, it is imported as an attachment (so it can be moved around in the post or Pages entry). If the Pages database you are importing to has record images enabled, you can optionally import the enclosure as a record image which some template sets can use as a header image, just as our blog here does.

But what about exporting enclosures?
Happily, Invision Community 4.5 can now export the main content image of an item as an enclosure. This certainly makes the Gallery RSS feed export a lot more useful!

While these updates are not revolutionary, they certainly make RSS feed importing and exporting much more useful. We've been asked to support RSS feed importing into Pages for quite a while now.
What do you think of these changes? What will you import into your Pages databases?

You'd be forgiven for thinking that RSS feeds belong in some bygone era of the web where Netscape was king and getting online meant listening to your modem scream at your phone line.
There's certainly a lot of newer web technologies to share data, but the venerable RSS feed still has a place.
Invision Community has supported RSS feed importing and exporting for a very long time now; however, it has been restricted to just Forums and Blogs.
Importing an RSS feed is a simple way to populate content on your community. It's even a great way to share content to and from your site without creating blocks or writing custom code.
Invision Community 4.5 now centralizes RSS feed importing, so it is available for Forums, Blogs and Pages.

You can now choose to import an RSS feed to any Pages database. Better yet, there is now full support for image enclosures.
RSS feeds have a special tag to note that the feed entry has an attached image. Lots of RSS feeds use this, such as the NASA Image Of The Day feed. Until now, this image has just been silently discarded.

Now, it is imported as an attachment (so it can be moved around in the post or Pages entry). If the Pages database you are importing to has record images enabled, you can optionally import the enclosure as a record image which some template sets can use as a header image, just as our blog here does.

But what about exporting enclosures?
Happily, Invision Community 4.5 can now export the main content image of an item as an enclosure. This certainly makes the Gallery RSS feed export a lot more useful!

While these updates are not revolutionary, they certainly make RSS feed importing and exporting much more useful. We've been asked to support RSS feed importing into Pages for quite a while now.
What do you think of these changes? What will you import into your Pages databases?

You'd be forgiven for thinking that RSS feeds belong in some bygone era of the web where Netscape was king and getting online meant listening to your modem scream at your phone line.
There's certainly a lot of newer web technologies to share data, but the venerable RSS feed still has a place.
Invision Community has supported RSS feed importing and exporting for a very long time now; however, it has been restricted to just Forums and Blogs.
Importing an RSS feed is a simple way to populate content on your community. It's even a great way to share content to and from your site without creating blocks or writing custom code.
Invision Community 4.5 now centralizes RSS feed importing, so it is available for Forums, Blogs and Pages.

You can now choose to import an RSS feed to any Pages database. Better yet, there is now full support for image enclosures.
RSS feeds have a special tag to note that the feed entry has an attached image. Lots of RSS feeds use this, such as the NASA Image Of The Day feed. Until now, this image has just been silently discarded.

Now, it is imported as an attachment (so it can be moved around in the post or Pages entry). If the Pages database you are importing to has record images enabled, you can optionally import the enclosure as a record image which some template sets can use as a header image, just as our blog here does.

But what about exporting enclosures?
Happily, Invision Community 4.5 can now export the main content image of an item as an enclosure. This certainly makes the Gallery RSS feed export a lot more useful!

While these updates are not revolutionary, they certainly make RSS feed importing and exporting much more useful. We've been asked to support RSS feed importing into Pages for quite a while now.
What do you think of these changes? What will you import into your Pages databases?

You'd be forgiven for thinking that RSS feeds belong in some bygone era of the web where Netscape was king and getting online meant listening to your modem scream at your phone line.
There's certainly a lot of newer web technologies to share data, but the venerable RSS feed still has a place.
Invision Community has supported RSS feed importing and exporting for a very long time now; however, it has been restricted to just Forums and Blogs.
Importing an RSS feed is a simple way to populate content on your community. It's even a great way to share content to and from your site without creating blocks or writing custom code.
Invision Community 4.5 now centralizes RSS feed importing, so it is available for Forums, Blogs and Pages.

You can now choose to import an RSS feed to any Pages database. Better yet, there is now full support for image enclosures.
RSS feeds have a special tag to note that the feed entry has an attached image. Lots of RSS feeds use this, such as the NASA Image Of The Day feed. Until now, this image has just been silently discarded.

Now, it is imported as an attachment (so it can be moved around in the post or Pages entry). If the Pages database you are importing to has record images enabled, you can optionally import the enclosure as a record image which some template sets can use as a header image, just as our blog here does.

But what about exporting enclosures?
Happily, Invision Community 4.5 can now export the main content image of an item as an enclosure. This certainly makes the Gallery RSS feed export a lot more useful!

While these updates are not revolutionary, they certainly make RSS feed importing and exporting much more useful. We've been asked to support RSS feed importing into Pages for quite a while now.
What do you think of these changes? What will you import into your Pages databases?

You'd be forgiven for thinking that RSS feeds belong in some bygone era of the web where Netscape was king and getting online meant listening to your modem scream at your phone line.
There's certainly a lot of newer web technologies to share data, but the venerable RSS feed still has a place.
Invision Community has supported RSS feed importing and exporting for a very long time now; however, it has been restricted to just Forums and Blogs.
Importing an RSS feed is a simple way to populate content on your community. It's even a great way to share content to and from your site without creating blocks or writing custom code.
Invision Community 4.5 now centralizes RSS feed importing, so it is available for Forums, Blogs and Pages.

You can now choose to import an RSS feed to any Pages database. Better yet, there is now full support for image enclosures.
RSS feeds have a special tag to note that the feed entry has an attached image. Lots of RSS feeds use this, such as the NASA Image Of The Day feed. Until now, this image has just been silently discarded.

Now, it is imported as an attachment (so it can be moved around in the post or Pages entry). If the Pages database you are importing to has record images enabled, you can optionally import the enclosure as a record image which some template sets can use as a header image, just as our blog here does.

But what about exporting enclosures?
Happily, Invision Community 4.5 can now export the main content image of an item as an enclosure. This certainly makes the Gallery RSS feed export a lot more useful!

While these updates are not revolutionary, they certainly make RSS feed importing and exporting much more useful. We've been asked to support RSS feed importing into Pages for quite a while now.
What do you think of these changes? What will you import into your Pages databases?

You'd be forgiven for thinking that RSS feeds belong in some bygone era of the web where Netscape was king and getting online meant listening to your modem scream at your phone line.
There's certainly a lot of newer web technologies to share data, but the venerable RSS feed still has a place.
Invision Community has supported RSS feed importing and exporting for a very long time now; however, it has been restricted to just Forums and Blogs.
Importing an RSS feed is a simple way to populate content on your community. It's even a great way to share content to and from your site without creating blocks or writing custom code.
Invision Community 4.5 now centralizes RSS feed importing, so it is available for Forums, Blogs and Pages.

You can now choose to import an RSS feed to any Pages database. Better yet, there is now full support for image enclosures.
RSS feeds have a special tag to note that the feed entry has an attached image. Lots of RSS feeds use this, such as the NASA Image Of The Day feed. Until now, this image has just been silently discarded.

Now, it is imported as an attachment (so it can be moved around in the post or Pages entry). If the Pages database you are importing to has record images enabled, you can optionally import the enclosure as a record image which some template sets can use as a header image, just as our blog here does.

But what about exporting enclosures?
Happily, Invision Community 4.5 can now export the main content image of an item as an enclosure. This certainly makes the Gallery RSS feed export a lot more useful!

While these updates are not revolutionary, they certainly make RSS feed importing and exporting much more useful. We've been asked to support RSS feed importing into Pages for quite a while now.
What do you think of these changes? What will you import into your Pages databases?

You'd be forgiven for thinking that RSS feeds belong in some bygone era of the web where Netscape was king and getting online meant listening to your modem scream at your phone line.
There's certainly a lot of newer web technologies to share data, but the venerable RSS feed still has a place.
Invision Community has supported RSS feed importing and exporting for a very long time now; however, it has been restricted to just Forums and Blogs.
Importing an RSS feed is a simple way to populate content on your community. It's even a great way to share content to and from your site without creating blocks or writing custom code.
Invision Community 4.5 now centralizes RSS feed importing, so it is available for Forums, Blogs and Pages.

You can now choose to import an RSS feed to any Pages database. Better yet, there is now full support for image enclosures.
RSS feeds have a special tag to note that the feed entry has an attached image. Lots of RSS feeds use this, such as the NASA Image Of The Day feed. Until now, this image has just been silently discarded.

Now, it is imported as an attachment (so it can be moved around in the post or Pages entry). If the Pages database you are importing to has record images enabled, you can optionally import the enclosure as a record image which some template sets can use as a header image, just as our blog here does.

But what about exporting enclosures?
Happily, Invision Community 4.5 can now export the main content image of an item as an enclosure. This certainly makes the Gallery RSS feed export a lot more useful!

While these updates are not revolutionary, they certainly make RSS feed importing and exporting much more useful. We've been asked to support RSS feed importing into Pages for quite a while now.
What do you think of these changes? What will you import into your Pages databases?

You'd be forgiven for thinking that RSS feeds belong in some bygone era of the web where Netscape was king and getting online meant listening to your modem scream at your phone line.
There's certainly a lot of newer web technologies to share data, but the venerable RSS feed still has a place.
Invision Community has supported RSS feed importing and exporting for a very long time now; however, it has been restricted to just Forums and Blogs.
Importing an RSS feed is a simple way to populate content on your community. It's even a great way to share content to and from your site without creating blocks or writing custom code.
Invision Community 4.5 now centralizes RSS feed importing, so it is available for Forums, Blogs and Pages.

You can now choose to import an RSS feed to any Pages database. Better yet, there is now full support for image enclosures.
RSS feeds have a special tag to note that the feed entry has an attached image. Lots of RSS feeds use this, such as the NASA Image Of The Day feed. Until now, this image has just been silently discarded.

Now, it is imported as an attachment (so it can be moved around in the post or Pages entry). If the Pages database you are importing to has record images enabled, you can optionally import the enclosure as a record image which some template sets can use as a header image, just as our blog here does.

But what about exporting enclosures?
Happily, Invision Community 4.5 can now export the main content image of an item as an enclosure. This certainly makes the Gallery RSS feed export a lot more useful!

While these updates are not revolutionary, they certainly make RSS feed importing and exporting much more useful. We've been asked to support RSS feed importing into Pages for quite a while now.
What do you think of these changes? What will you import into your Pages databases?

You'd be forgiven for thinking that RSS feeds belong in some bygone era of the web where Netscape was king and getting online meant listening to your modem scream at your phone line.
There's certainly a lot of newer web technologies to share data, but the venerable RSS feed still has a place.
Invision Community has supported RSS feed importing and exporting for a very long time now; however, it has been restricted to just Forums and Blogs.
Importing an RSS feed is a simple way to populate content on your community. It's even a great way to share content to and from your site without creating blocks or writing custom code.
Invision Community 4.5 now centralizes RSS feed importing, so it is available for Forums, Blogs and Pages.

You can now choose to import an RSS feed to any Pages database. Better yet, there is now full support for image enclosures.
RSS feeds have a special tag to note that the feed entry has an attached image. Lots of RSS feeds use this, such as the NASA Image Of The Day feed. Until now, this image has just been silently discarded.

Now, it is imported as an attachment (so it can be moved around in the post or Pages entry). If the Pages database you are importing to has record images enabled, you can optionally import the enclosure as a record image which some template sets can use as a header image, just as our blog here does.

But what about exporting enclosures?
Happily, Invision Community 4.5 can now export the main content image of an item as an enclosure. This certainly makes the Gallery RSS feed export a lot more useful!

While these updates are not revolutionary, they certainly make RSS feed importing and exporting much more useful. We've been asked to support RSS feed importing into Pages for quite a while now.
What do you think of these changes? What will you import into your Pages databases?

You'd be forgiven for thinking that RSS feeds belong in some bygone era of the web where Netscape was king and getting online meant listening to your modem scream at your phone line.
There's certainly a lot of newer web technologies to share data, but the venerable RSS feed still has a place.
Invision Community has supported RSS feed importing and exporting for a very long time now; however, it has been restricted to just Forums and Blogs.
Importing an RSS feed is a simple way to populate content on your community. It's even a great way to share content to and from your site without creating blocks or writing custom code.
Invision Community 4.5 now centralizes RSS feed importing, so it is available for Forums, Blogs and Pages.

You can now choose to import an RSS feed to any Pages database. Better yet, there is now full support for image enclosures.
RSS feeds have a special tag to note that the feed entry has an attached image. Lots of RSS feeds use this, such as the NASA Image Of The Day feed. Until now, this image has just been silently discarded.

Now, it is imported as an attachment (so it can be moved around in the post or Pages entry). If the Pages database you are importing to has record images enabled, you can optionally import the enclosure as a record image which some template sets can use as a header image, just as our blog here does.

But what about exporting enclosures?
Happily, Invision Community 4.5 can now export the main content image of an item as an enclosure. This certainly makes the Gallery RSS feed export a lot more useful!

While these updates are not revolutionary, they certainly make RSS feed importing and exporting much more useful. We've been asked to support RSS feed importing into Pages for quite a while now.
What do you think of these changes? What will you import into your Pages databases?

Security should never be an afterthought. Don't wait until an attack has compromised your site before you take action.
All too often, site owners consider increasing their security only when it's too late, and their community has already been compromised.
Taking some time now to check and improve the security of your community and server will pay dividends.
In this blog, we run down 8 ways that you can protect your community with Invision Community. We go through the security features you may not know about to best practices all communities should be following.
1. Set up Two Factor Authentication
Invision Community supports Two Factor Authentication (2FA for short), and we highly recommend making use of this feature for your users, but especially for your administrative staff.
2FA is a system that requires both a user's password and a special code (displayed by a phone app) that changes every few seconds. The idea is simple: if a user's password is somehow compromised, a hacker still wouldn't be able to log in to the account without the current code number.
You may already be familiar with 2FA from other services you use. Apple's iCloud, Facebook and Google all offer it, as do thousands of banks and other security-conscious businesses.
Invision Community supports 2FA via the Google Authenticator app (available for iOS and Android) or the Authy service, which can send codes to users via text message or phone call. You can also fall back to security questions instead of codes.
You can configure which members groups can use 2FA, as well as requiring certain groups to use it. 
Recommendation: Require any staff with access to the Admin Control Panel or moderation functions to use 2FA. This will ensure that no damage will occur should their account passwords be discovered. Allow members to use 2FA at their discretion.
2. Configure password requirements
The password strength feature displays a strength meter to users as they type a new password. The meter shows them approximately how secure it is, as well as some tips for choosing a good password.
While you can leave this feature as a simple recommendation for users, it's also possible to require them to choose a password that reaches a certain strength on the meter. 
Recommendation: Require users to choose at least a 'Strong' password.

3. Be selective when adding administrators
Administrator permissions can be extremely damaging in the wrong hands, and granting administrator powers should only be done with great consideration. Giving access to the AdminCP is like handing someone the keys to your house. Before doing so, be sure you trust the person and that their role requires access to the AdminCP (for example, would moderator permissions be sufficient for the new staff member?).
Recommendation: Don't forget to remove administrator access promptly when necessary too, such as the member of staff leaving your organization. Always be aware of exactly who has administrator access at any given time, and review regularly. You can list all accounts that have Administrative access by clicking the Administrators button under staff on the Members tab.
4. Utilize Admin Restrictions
In many organizations, staff roles within the community reflect real-world roles - designers need access to templates, accounting needs access to billing, and so forth. 
Invision Community allows you to limit administrator access to particular areas of the AdminCP with the Admin Restrictions feature, and even limit what can is done within those areas.
This is a great approach for limiting risk to your data; by giving staff members access to only the areas they need to perform their duties, you reduce the potential impact should their account become compromised in future.
Recommendation: Review the restrictions your admins currently have. 
5. Choose good passwords
This seems like an obvious suggestion, but surveys regularly show that people choose passwords that are too easy to guess or brute force. Your password is naturally the most basic protection of your AdminCP there is, so making sure you're using a good password is essential.
We recommend using a password manager application, such as 1password or LastPass. These applications generate strong, random passwords for each site you use, and store them so that you don't have to remember them.
Even if you don't use a password manager, make sure the passwords you use for your community are unique and never used for other sites too.
Recommendation: Reset your password regularly and ensure you do not use the same password elsewhere.

6. Stay up to date
It's a fact of software development that from time to time, new security issues are reported and promptly fixed.
But if you're running several versions behind, once security issues are made public through responsible disclosure, malicious users can exploit those weaknesses in your community.
When we release new updates - especially if they're marked as a security release in our release notes - be sure to update promptly.
Invision Community allows you to update to the latest version via the AdminCP. You no longer need to download a thing!
Recommendation: Update to the latest version whenever possible. Remember, with Invision Community's theme and hook systems, upgrades to minor point releases should be very straight forward.
7. Restrict your AdminCP to an IP range where possible
If your organization has a static IP or requires staff members to use a VPN, you can add an additional layer of security to your community by prohibiting access to the AdminCP unless the user's IP matches your whitelist.
This is a server-level feature, so consult your IT team or host to find out how to set it up in your particular environment.
Recommendation: Consider IP restriction as an additional security layer when you are not able or willing to use 2FA.
8. Properly secure your PHP installation
Many of PHP's built-in functions can leave a server vulnerable to high-impact exploits, and yet many of these functions aren't needed by the vast majority of PHP applications you might run. We, therefore, recommend that you explicitly disable these functions using PHP's disable_functions configuration setting. Here's our recommended configuration, although you or your host may need to tweak the list depending on your exact needs:
disable_functions = escapeshellarg,escapeshellcmd,exec,ini_alter,parse_ini_file,passthru,pcntl_exec,popen,proc_close,proc_get_status,proc_nice,proc_open,proc_terminate,show_source,shell_exec,symlink,system Another critical PHP configuration setting you need to check is that open_basedir is enabled. Especially if you're hosted on a server that also hosts other websites (known as shared hosting), if another account on the server is comprised and open_basedir is disabled, the attacker can potentially gain access to your files too.
Naturally, Cloud customers needn't worry about this, we've already ensured our cloud infrastructure is impervious to this kind of attack.
Recommendation: Review your PHP version and settings, or choose one of our cloud plans where we take care of this for you.
So there we go - a brief overview of 8 common-sense ways you can better protect your community and its users.
As software developers, we're constantly working to improve the behind-the-scenes security of our software. As an administrator, there's also a number of steps you should take to keep your community safe on the web.
If you have any tips related to security, be sure to share them in the comments!
 

Collecting, curating and organising ideas and feedback is a critical part of managing a community for a product.
Even though here at Invision Community, we have a relaxed approach to ideation, we do read and review ideas and feature requests that come into us via our support community and via emails and tickets and organise them off-site.


If you wanted to add more rigour to your ideation process, then Invision Community has built-in tools that you can use.
This video covers setting up a "Question & Answer" forum, which forms the basis for your ideation section along with using the built-in translation tools to tweak the interface language.
The complete process takes around five minutes and is the perfect way to collect and organise community ideas.
Once you have it set up, your community members can post their ideas and fellow community members can upvote their favourite suggestions, leave comments on ideas and even upvote and downvote replies inside the idea.
Let me know what you thought, and if you have any further questions below!

Security should never be an afterthought. Don't wait until an attack has compromised your site before you take action.
All too often, site owners consider increasing their security only when it's too late, and their community has already been compromised.
Taking some time now to check and improve the security of your community and server will pay dividends.
In this blog, we run down 8 ways that you can protect your community with Invision Community. We go through the security features you may not know about to best practices all communities should be following.
1. Set up Two Factor Authentication
Invision Community supports Two Factor Authentication (2FA for short), and we highly recommend making use of this feature for your users, but especially for your administrative staff.
2FA is a system that requires both a user's password and a special code (displayed by a phone app) that changes every few seconds. The idea is simple: if a user's password is somehow compromised, a hacker still wouldn't be able to log in to the account without the current code number.
You may already be familiar with 2FA from other services you use. Apple's iCloud, Facebook and Google all offer it, as do thousands of banks and other security-conscious businesses.
Invision Community supports 2FA via the Google Authenticator app (available for iOS and Android) or the Authy service, which can send codes to users via text message or phone call. You can also fall back to security questions instead of codes.
You can configure which members groups can use 2FA, as well as requiring certain groups to use it. 
Recommendation: Require any staff with access to the Admin Control Panel or moderation functions to use 2FA. This will ensure that no damage will occur should their account passwords be discovered. Allow members to use 2FA at their discretion.
2. Configure password requirements
The password strength feature displays a strength meter to users as they type a new password. The meter shows them approximately how secure it is, as well as some tips for choosing a good password.
While you can leave this feature as a simple recommendation for users, it's also possible to require them to choose a password that reaches a certain strength on the meter. 
Recommendation: Require users to choose at least a 'Strong' password.

3. Be selective when adding administrators
Administrator permissions can be extremely damaging in the wrong hands, and granting administrator powers should only be done with great consideration. Giving access to the AdminCP is like handing someone the keys to your house. Before doing so, be sure you trust the person and that their role requires access to the AdminCP (for example, would moderator permissions be sufficient for the new staff member?).
Recommendation: Don't forget to remove administrator access promptly when necessary too, such as the member of staff leaving your organization. Always be aware of exactly who has administrator access at any given time, and review regularly. You can list all accounts that have Administrative access by clicking the Administrators button under staff on the Members tab.
4. Utilize Admin Restrictions
In many organizations, staff roles within the community reflect real-world roles - designers need access to templates, accounting needs access to billing, and so forth. 
Invision Community allows you to limit administrator access to particular areas of the AdminCP with the Admin Restrictions feature, and even limit what can is done within those areas.
This is a great approach for limiting risk to your data; by giving staff members access to only the areas they need to perform their duties, you reduce the potential impact should their account become compromised in future.
Recommendation: Review the restrictions your admins currently have. 
5. Choose good passwords
This seems like an obvious suggestion, but surveys regularly show that people choose passwords that are too easy to guess or brute force. Your password is naturally the most basic protection of your AdminCP there is, so making sure you're using a good password is essential.
We recommend using a password manager application, such as 1password or LastPass. These applications generate strong, random passwords for each site you use, and store them so that you don't have to remember them.
Even if you don't use a password manager, make sure the passwords you use for your community are unique and never used for other sites too.
Recommendation: Reset your password regularly and ensure you do not use the same password elsewhere.

6. Stay up to date
It's a fact of software development that from time to time, new security issues are reported and promptly fixed.
But if you're running several versions behind, once security issues are made public through responsible disclosure, malicious users can exploit those weaknesses in your community.
When we release new updates - especially if they're marked as a security release in our release notes - be sure to update promptly.
Invision Community allows you to update to the latest version via the AdminCP. You no longer need to download a thing!
Recommendation: Update to the latest version whenever possible. Remember, with Invision Community's theme and hook systems, upgrades to minor point releases should be very straight forward.
7. Restrict your AdminCP to an IP range where possible
If your organization has a static IP or requires staff members to use a VPN, you can add an additional layer of security to your community by prohibiting access to the AdminCP unless the user's IP matches your whitelist.
This is a server-level feature, so consult your IT team or host to find out how to set it up in your particular environment.
Recommendation: Consider IP restriction as an additional security layer when you are not able or willing to use 2FA.
8. Properly secure your PHP installation
Many of PHP's built-in functions can leave a server vulnerable to high-impact exploits, and yet many of these functions aren't needed by the vast majority of PHP applications you might run. We, therefore, recommend that you explicitly disable these functions using PHP's disable_functions configuration setting. Here's our recommended configuration, although you or your host may need to tweak the list depending on your exact needs:
disable_functions = escapeshellarg,escapeshellcmd,exec,ini_alter,parse_ini_file,passthru,pcntl_exec,popen,proc_close,proc_get_status,proc_nice,proc_open,proc_terminate,show_source,shell_exec,symlink,system Another critical PHP configuration setting you need to check is that open_basedir is enabled. Especially if you're hosted on a server that also hosts other websites (known as shared hosting), if another account on the server is comprised and open_basedir is disabled, the attacker can potentially gain access to your files too.
Naturally, Cloud customers needn't worry about this, we've already ensured our cloud infrastructure is impervious to this kind of attack.
Recommendation: Review your PHP version and settings, or choose one of our cloud plans where we take care of this for you.
So there we go - a brief overview of 8 common-sense ways you can better protect your community and its users.
As software developers, we're constantly working to improve the behind-the-scenes security of our software. As an administrator, there's also a number of steps you should take to keep your community safe on the web.
If you have any tips related to security, be sure to share them in the comments!
 

Security should never be an afterthought. Don't wait until an attack has compromised your site before you take action.
All too often, site owners consider increasing their security only when it's too late, and their community has already been compromised.
Taking some time now to check and improve the security of your community and server will pay dividends.
In this blog, we run down 8 ways that you can protect your community with Invision Community. We go through the security features you may not know about to best practices all communities should be following.
1. Set up Two Factor Authentication
Invision Community supports Two Factor Authentication (2FA for short), and we highly recommend making use of this feature for your users, but especially for your administrative staff.
2FA is a system that requires both a user's password and a special code (displayed by a phone app) that changes every few seconds. The idea is simple: if a user's password is somehow compromised, a hacker still wouldn't be able to log in to the account without the current code number.
You may already be familiar with 2FA from other services you use. Apple's iCloud, Facebook and Google all offer it, as do thousands of banks and other security-conscious businesses.
Invision Community supports 2FA via the Google Authenticator app (available for iOS and Android) or the Authy service, which can send codes to users via text message or phone call. You can also fall back to security questions instead of codes.
You can configure which members groups can use 2FA, as well as requiring certain groups to use it. 
Recommendation: Require any staff with access to the Admin Control Panel or moderation functions to use 2FA. This will ensure that no damage will occur should their account passwords be discovered. Allow members to use 2FA at their discretion.
2. Configure password requirements
The password strength feature displays a strength meter to users as they type a new password. The meter shows them approximately how secure it is, as well as some tips for choosing a good password.
While you can leave this feature as a simple recommendation for users, it's also possible to require them to choose a password that reaches a certain strength on the meter. 
Recommendation: Require users to choose at least a 'Strong' password.

3. Be selective when adding administrators
Administrator permissions can be extremely damaging in the wrong hands, and granting administrator powers should only be done with great consideration. Giving access to the AdminCP is like handing someone the keys to your house. Before doing so, be sure you trust the person and that their role requires access to the AdminCP (for example, would moderator permissions be sufficient for the new staff member?).
Recommendation: Don't forget to remove administrator access promptly when necessary too, such as the member of staff leaving your organization. Always be aware of exactly who has administrator access at any given time, and review regularly. You can list all accounts that have Administrative access by clicking the Administrators button under staff on the Members tab.
4. Utilize Admin Restrictions
In many organizations, staff roles within the community reflect real-world roles - designers need access to templates, accounting needs access to billing, and so forth. 
Invision Community allows you to limit administrator access to particular areas of the AdminCP with the Admin Restrictions feature, and even limit what can is done within those areas.
This is a great approach for limiting risk to your data; by giving staff members access to only the areas they need to perform their duties, you reduce the potential impact should their account become compromised in future.
Recommendation: Review the restrictions your admins currently have. 
5. Choose good passwords
This seems like an obvious suggestion, but surveys regularly show that people choose passwords that are too easy to guess or brute force. Your password is naturally the most basic protection of your AdminCP there is, so making sure you're using a good password is essential.
We recommend using a password manager application, such as 1password or LastPass. These applications generate strong, random passwords for each site you use, and store them so that you don't have to remember them.
Even if you don't use a password manager, make sure the passwords you use for your community are unique and never used for other sites too.
Recommendation: Reset your password regularly and ensure you do not use the same password elsewhere.

6. Stay up to date
It's a fact of software development that from time to time, new security issues are reported and promptly fixed.
But if you're running several versions behind, once security issues are made public through responsible disclosure, malicious users can exploit those weaknesses in your community.
When we release new updates - especially if they're marked as a security release in our release notes - be sure to update promptly.
Invision Community allows you to update to the latest version via the AdminCP. You no longer need to download a thing!
Recommendation: Update to the latest version whenever possible. Remember, with Invision Community's theme and hook systems, upgrades to minor point releases should be very straight forward.
7. Restrict your AdminCP to an IP range where possible
If your organization has a static IP or requires staff members to use a VPN, you can add an additional layer of security to your community by prohibiting access to the AdminCP unless the user's IP matches your whitelist.
This is a server-level feature, so consult your IT team or host to find out how to set it up in your particular environment.
Recommendation: Consider IP restriction as an additional security layer when you are not able or willing to use 2FA.
8. Properly secure your PHP installation
Many of PHP's built-in functions can leave a server vulnerable to high-impact exploits, and yet many of these functions aren't needed by the vast majority of PHP applications you might run. We, therefore, recommend that you explicitly disable these functions using PHP's disable_functions configuration setting. Here's our recommended configuration, although you or your host may need to tweak the list depending on your exact needs:
disable_functions = escapeshellarg,escapeshellcmd,exec,ini_alter,parse_ini_file,passthru,pcntl_exec,popen,proc_close,proc_get_status,proc_nice,proc_open,proc_terminate,show_source,shell_exec,symlink,system Another critical PHP configuration setting you need to check is that open_basedir is enabled. Especially if you're hosted on a server that also hosts other websites (known as shared hosting), if another account on the server is comprised and open_basedir is disabled, the attacker can potentially gain access to your files too.
Naturally, Cloud customers needn't worry about this, we've already ensured our cloud infrastructure is impervious to this kind of attack.
Recommendation: Review your PHP version and settings, or choose one of our cloud plans where we take care of this for you.
So there we go - a brief overview of 8 common-sense ways you can better protect your community and its users.
As software developers, we're constantly working to improve the behind-the-scenes security of our software. As an administrator, there's also a number of steps you should take to keep your community safe on the web.
If you have any tips related to security, be sure to share them in the comments!
 

Collecting, curating and organising ideas and feedback is a critical part of managing a community for a product.
Even though here at Invision Community, we have a relaxed approach to ideation, we do read and review ideas and feature requests that come into us via our support community and via emails and tickets and organise them off-site.


If you wanted to add more rigour to your ideation process, then Invision Community has built-in tools that you can use.
This video covers setting up a "Question & Answer" forum, which forms the basis for your ideation section along with using the built-in translation tools to tweak the interface language.
The complete process takes around five minutes and is the perfect way to collect and organise community ideas.
Once you have it set up, your community members can post their ideas and fellow community members can upvote their favourite suggestions, leave comments on ideas and even upvote and downvote replies inside the idea.
Let me know what you thought, and if you have any further questions below!

Security should never be an afterthought. Don't wait until an attack has compromised your site before you take action.
All too often, site owners consider increasing their security only when it's too late, and their community has already been compromised.
Taking some time now to check and improve the security of your community and server will pay dividends.
In this blog, we run down 8 ways that you can protect your community with Invision Community. We go through the security features you may not know about to best practices all communities should be following.
1. Set up Two Factor Authentication
Invision Community supports Two Factor Authentication (2FA for short), and we highly recommend making use of this feature for your users, but especially for your administrative staff.
2FA is a system that requires both a user's password and a special code (displayed by a phone app) that changes every few seconds. The idea is simple: if a user's password is somehow compromised, a hacker still wouldn't be able to log in to the account without the current code number.
You may already be familiar with 2FA from other services you use. Apple's iCloud, Facebook and Google all offer it, as do thousands of banks and other security-conscious businesses.
Invision Community supports 2FA via the Google Authenticator app (available for iOS and Android) or the Authy service, which can send codes to users via text message or phone call. You can also fall back to security questions instead of codes.
You can configure which members groups can use 2FA, as well as requiring certain groups to use it. 
Recommendation: Require any staff with access to the Admin Control Panel or moderation functions to use 2FA. This will ensure that no damage will occur should their account passwords be discovered. Allow members to use 2FA at their discretion.
2. Configure password requirements
The password strength feature displays a strength meter to users as they type a new password. The meter shows them approximately how secure it is, as well as some tips for choosing a good password.
While you can leave this feature as a simple recommendation for users, it's also possible to require them to choose a password that reaches a certain strength on the meter. 
Recommendation: Require users to choose at least a 'Strong' password.

3. Be selective when adding administrators
Administrator permissions can be extremely damaging in the wrong hands, and granting administrator powers should only be done with great consideration. Giving access to the AdminCP is like handing someone the keys to your house. Before doing so, be sure you trust the person and that their role requires access to the AdminCP (for example, would moderator permissions be sufficient for the new staff member?).
Recommendation: Don't forget to remove administrator access promptly when necessary too, such as the member of staff leaving your organization. Always be aware of exactly who has administrator access at any given time, and review regularly. You can list all accounts that have Administrative access by clicking the Administrators button under staff on the Members tab.
4. Utilize Admin Restrictions
In many organizations, staff roles within the community reflect real-world roles - designers need access to templates, accounting needs access to billing, and so forth. 
Invision Community allows you to limit administrator access to particular areas of the AdminCP with the Admin Restrictions feature, and even limit what can is done within those areas.
This is a great approach for limiting risk to your data; by giving staff members access to only the areas they need to perform their duties, you reduce the potential impact should their account become compromised in future.
Recommendation: Review the restrictions your admins currently have. 
5. Choose good passwords
This seems like an obvious suggestion, but surveys regularly show that people choose passwords that are too easy to guess or brute force. Your password is naturally the most basic protection of your AdminCP there is, so making sure you're using a good password is essential.
We recommend using a password manager application, such as 1password or LastPass. These applications generate strong, random passwords for each site you use, and store them so that you don't have to remember them.
Even if you don't use a password manager, make sure the passwords you use for your community are unique and never used for other sites too.
Recommendation: Reset your password regularly and ensure you do not use the same password elsewhere.

6. Stay up to date
It's a fact of software development that from time to time, new security issues are reported and promptly fixed.
But if you're running several versions behind, once security issues are made public through responsible disclosure, malicious users can exploit those weaknesses in your community.
When we release new updates - especially if they're marked as a security release in our release notes - be sure to update promptly.
Invision Community allows you to update to the latest version via the AdminCP. You no longer need to download a thing!
Recommendation: Update to the latest version whenever possible. Remember, with Invision Community's theme and hook systems, upgrades to minor point releases should be very straight forward.
7. Restrict your AdminCP to an IP range where possible
If your organization has a static IP or requires staff members to use a VPN, you can add an additional layer of security to your community by prohibiting access to the AdminCP unless the user's IP matches your whitelist.
This is a server-level feature, so consult your IT team or host to find out how to set it up in your particular environment.
Recommendation: Consider IP restriction as an additional security layer when you are not able or willing to use 2FA.
8. Properly secure your PHP installation
Many of PHP's built-in functions can leave a server vulnerable to high-impact exploits, and yet many of these functions aren't needed by the vast majority of PHP applications you might run. We, therefore, recommend that you explicitly disable these functions using PHP's disable_functions configuration setting. Here's our recommended configuration, although you or your host may need to tweak the list depending on your exact needs:
disable_functions = escapeshellarg,escapeshellcmd,exec,ini_alter,parse_ini_file,passthru,pcntl_exec,popen,proc_close,proc_get_status,proc_nice,proc_open,proc_terminate,show_source,shell_exec,symlink,system Another critical PHP configuration setting you need to check is that open_basedir is enabled. Especially if you're hosted on a server that also hosts other websites (known as shared hosting), if another account on the server is comprised and open_basedir is disabled, the attacker can potentially gain access to your files too.
Naturally, Cloud customers needn't worry about this, we've already ensured our cloud infrastructure is impervious to this kind of attack.
Recommendation: Review your PHP version and settings, or choose one of our cloud plans where we take care of this for you.
So there we go - a brief overview of 8 common-sense ways you can better protect your community and its users.
As software developers, we're constantly working to improve the behind-the-scenes security of our software. As an administrator, there's also a number of steps you should take to keep your community safe on the web.
If you have any tips related to security, be sure to share them in the comments!
 

Security should never be an afterthought. Don't wait until an attack has compromised your site before you take action.
All too often, site owners consider increasing their security only when it's too late, and their community has already been compromised.
Taking some time now to check and improve the security of your community and server will pay dividends.
In this blog, we run down 8 ways that you can protect your community with Invision Community. We go through the security features you may not know about to best practices all communities should be following.
1. Set up Two Factor Authentication
Invision Community supports Two Factor Authentication (2FA for short), and we highly recommend making use of this feature for your users, but especially for your administrative staff.
2FA is a system that requires both a user's password and a special code (displayed by a phone app) that changes every few seconds. The idea is simple: if a user's password is somehow compromised, a hacker still wouldn't be able to log in to the account without the current code number.
You may already be familiar with 2FA from other services you use. Apple's iCloud, Facebook and Google all offer it, as do thousands of banks and other security-conscious businesses.
Invision Community supports 2FA via the Google Authenticator app (available for iOS and Android) or the Authy service, which can send codes to users via text message or phone call. You can also fall back to security questions instead of codes.
You can configure which members groups can use 2FA, as well as requiring certain groups to use it. 
Recommendation: Require any staff with access to the Admin Control Panel or moderation functions to use 2FA. This will ensure that no damage will occur should their account passwords be discovered. Allow members to use 2FA at their discretion.
2. Configure password requirements
The password strength feature displays a strength meter to users as they type a new password. The meter shows them approximately how secure it is, as well as some tips for choosing a good password.
While you can leave this feature as a simple recommendation for users, it's also possible to require them to choose a password that reaches a certain strength on the meter. 
Recommendation: Require users to choose at least a 'Strong' password.

3. Be selective when adding administrators
Administrator permissions can be extremely damaging in the wrong hands, and granting administrator powers should only be done with great consideration. Giving access to the AdminCP is like handing someone the keys to your house. Before doing so, be sure you trust the person and that their role requires access to the AdminCP (for example, would moderator permissions be sufficient for the new staff member?).
Recommendation: Don't forget to remove administrator access promptly when necessary too, such as the member of staff leaving your organization. Always be aware of exactly who has administrator access at any given time, and review regularly. You can list all accounts that have Administrative access by clicking the Administrators button under staff on the Members tab.
4. Utilize Admin Restrictions
In many organizations, staff roles within the community reflect real-world roles - designers need access to templates, accounting needs access to billing, and so forth. 
Invision Community allows you to limit administrator access to particular areas of the AdminCP with the Admin Restrictions feature, and even limit what can is done within those areas.
This is a great approach for limiting risk to your data; by giving staff members access to only the areas they need to perform their duties, you reduce the potential impact should their account become compromised in future.
Recommendation: Review the restrictions your admins currently have. 
5. Choose good passwords
This seems like an obvious suggestion, but surveys regularly show that people choose passwords that are too easy to guess or brute force. Your password is naturally the most basic protection of your AdminCP there is, so making sure you're using a good password is essential.
We recommend using a password manager application, such as 1password or LastPass. These applications generate strong, random passwords for each site you use, and store them so that you don't have to remember them.
Even if you don't use a password manager, make sure the passwords you use for your community are unique and never used for other sites too.
Recommendation: Reset your password regularly and ensure you do not use the same password elsewhere.

6. Stay up to date
It's a fact of software development that from time to time, new security issues are reported and promptly fixed.
But if you're running several versions behind, once security issues are made public through responsible disclosure, malicious users can exploit those weaknesses in your community.
When we release new updates - especially if they're marked as a security release in our release notes - be sure to update promptly.
Invision Community allows you to update to the latest version via the AdminCP. You no longer need to download a thing!
Recommendation: Update to the latest version whenever possible. Remember, with Invision Community's theme and hook systems, upgrades to minor point releases should be very straight forward.
7. Restrict your AdminCP to an IP range where possible
If your organization has a static IP or requires staff members to use a VPN, you can add an additional layer of security to your community by prohibiting access to the AdminCP unless the user's IP matches your whitelist.
This is a server-level feature, so consult your IT team or host to find out how to set it up in your particular environment.
Recommendation: Consider IP restriction as an additional security layer when you are not able or willing to use 2FA.
8. Properly secure your PHP installation
Many of PHP's built-in functions can leave a server vulnerable to high-impact exploits, and yet many of these functions aren't needed by the vast majority of PHP applications you might run. We, therefore, recommend that you explicitly disable these functions using PHP's disable_functions configuration setting. Here's our recommended configuration, although you or your host may need to tweak the list depending on your exact needs:
disable_functions = escapeshellarg,escapeshellcmd,exec,ini_alter,parse_ini_file,passthru,pcntl_exec,popen,proc_close,proc_get_status,proc_nice,proc_open,proc_terminate,show_source,shell_exec,symlink,system Another critical PHP configuration setting you need to check is that open_basedir is enabled. Especially if you're hosted on a server that also hosts other websites (known as shared hosting), if another account on the server is comprised and open_basedir is disabled, the attacker can potentially gain access to your files too.
Naturally, Cloud customers needn't worry about this, we've already ensured our cloud infrastructure is impervious to this kind of attack.
Recommendation: Review your PHP version and settings, or choose one of our cloud plans where we take care of this for you.
So there we go - a brief overview of 8 common-sense ways you can better protect your community and its users.
As software developers, we're constantly working to improve the behind-the-scenes security of our software. As an administrator, there's also a number of steps you should take to keep your community safe on the web.
If you have any tips related to security, be sure to share them in the comments!
 

Security should never be an afterthought. Don't wait until an attack has compromised your site before you take action.
All too often, site owners consider increasing their security only when it's too late, and their community has already been compromised.
Taking some time now to check and improve the security of your community and server will pay dividends.
In this blog, we run down 8 ways that you can protect your community with Invision Community. We go through the security features you may not know about to best practices all communities should be following.
1. Set up Two Factor Authentication
Invision Community supports Two Factor Authentication (2FA for short), and we highly recommend making use of this feature for your users, but especially for your administrative staff.
2FA is a system that requires both a user's password and a special code (displayed by a phone app) that changes every few seconds. The idea is simple: if a user's password is somehow compromised, a hacker still wouldn't be able to log in to the account without the current code number.
You may already be familiar with 2FA from other services you use. Apple's iCloud, Facebook and Google all offer it, as do thousands of banks and other security-conscious businesses.
Invision Community supports 2FA via the Google Authenticator app (available for iOS and Android) or the Authy service, which can send codes to users via text message or phone call. You can also fall back to security questions instead of codes.
You can configure which members groups can use 2FA, as well as requiring certain groups to use it. 
Recommendation: Require any staff with access to the Admin Control Panel or moderation functions to use 2FA. This will ensure that no damage will occur should their account passwords be discovered. Allow members to use 2FA at their discretion.
2. Configure password requirements
The password strength feature displays a strength meter to users as they type a new password. The meter shows them approximately how secure it is, as well as some tips for choosing a good password.
While you can leave this feature as a simple recommendation for users, it's also possible to require them to choose a password that reaches a certain strength on the meter. 
Recommendation: Require users to choose at least a 'Strong' password.

3. Be selective when adding administrators
Administrator permissions can be extremely damaging in the wrong hands, and granting administrator powers should only be done with great consideration. Giving access to the AdminCP is like handing someone the keys to your house. Before doing so, be sure you trust the person and that their role requires access to the AdminCP (for example, would moderator permissions be sufficient for the new staff member?).
Recommendation: Don't forget to remove administrator access promptly when necessary too, such as the member of staff leaving your organization. Always be aware of exactly who has administrator access at any given time, and review regularly. You can list all accounts that have Administrative access by clicking the Administrators button under staff on the Members tab.
4. Utilize Admin Restrictions
In many organizations, staff roles within the community reflect real-world roles - designers need access to templates, accounting needs access to billing, and so forth. 
Invision Community allows you to limit administrator access to particular areas of the AdminCP with the Admin Restrictions feature, and even limit what can is done within those areas.
This is a great approach for limiting risk to your data; by giving staff members access to only the areas they need to perform their duties, you reduce the potential impact should their account become compromised in future.
Recommendation: Review the restrictions your admins currently have. 
5. Choose good passwords
This seems like an obvious suggestion, but surveys regularly show that people choose passwords that are too easy to guess or brute force. Your password is naturally the most basic protection of your AdminCP there is, so making sure you're using a good password is essential.
We recommend using a password manager application, such as 1password or LastPass. These applications generate strong, random passwords for each site you use, and store them so that you don't have to remember them.
Even if you don't use a password manager, make sure the passwords you use for your community are unique and never used for other sites too.
Recommendation: Reset your password regularly and ensure you do not use the same password elsewhere.

6. Stay up to date
It's a fact of software development that from time to time, new security issues are reported and promptly fixed.
But if you're running several versions behind, once security issues are made public through responsible disclosure, malicious users can exploit those weaknesses in your community.
When we release new updates - especially if they're marked as a security release in our release notes - be sure to update promptly.
Invision Community allows you to update to the latest version via the AdminCP. You no longer need to download a thing!
Recommendation: Update to the latest version whenever possible. Remember, with Invision Community's theme and hook systems, upgrades to minor point releases should be very straight forward.
7. Restrict your AdminCP to an IP range where possible
If your organization has a static IP or requires staff members to use a VPN, you can add an additional layer of security to your community by prohibiting access to the AdminCP unless the user's IP matches your whitelist.
This is a server-level feature, so consult your IT team or host to find out how to set it up in your particular environment.
Recommendation: Consider IP restriction as an additional security layer when you are not able or willing to use 2FA.
8. Properly secure your PHP installation
Many of PHP's built-in functions can leave a server vulnerable to high-impact exploits, and yet many of these functions aren't needed by the vast majority of PHP applications you might run. We, therefore, recommend that you explicitly disable these functions using PHP's disable_functions configuration setting. Here's our recommended configuration, although you or your host may need to tweak the list depending on your exact needs:
disable_functions = escapeshellarg,escapeshellcmd,exec,ini_alter,parse_ini_file,passthru,pcntl_exec,popen,proc_close,proc_get_status,proc_nice,proc_open,proc_terminate,show_source,shell_exec,symlink,system Another critical PHP configuration setting you need to check is that open_basedir is enabled. Especially if you're hosted on a server that also hosts other websites (known as shared hosting), if another account on the server is comprised and open_basedir is disabled, the attacker can potentially gain access to your files too.
Naturally, Cloud customers needn't worry about this, we've already ensured our cloud infrastructure is impervious to this kind of attack.
Recommendation: Review your PHP version and settings, or choose one of our cloud plans where we take care of this for you.
So there we go - a brief overview of 8 common-sense ways you can better protect your community and its users.
As software developers, we're constantly working to improve the behind-the-scenes security of our software. As an administrator, there's also a number of steps you should take to keep your community safe on the web.
If you have any tips related to security, be sure to share them in the comments!
 

Security should never be an afterthought. Don't wait until an attack has compromised your site before you take action.
All too often, site owners consider increasing their security only when it's too late, and their community has already been compromised.
Taking some time now to check and improve the security of your community and server will pay dividends.
In this blog, we run down 8 ways that you can protect your community with Invision Community. We go through the security features you may not know about to best practices all communities should be following.
1. Set up Two Factor Authentication
Invision Community supports Two Factor Authentication (2FA for short), and we highly recommend making use of this feature for your users, but especially for your administrative staff.
2FA is a system that requires both a user's password and a special code (displayed by a phone app) that changes every few seconds. The idea is simple: if a user's password is somehow compromised, a hacker still wouldn't be able to log in to the account without the current code number.
You may already be familiar with 2FA from other services you use. Apple's iCloud, Facebook and Google all offer it, as do thousands of banks and other security-conscious businesses.
Invision Community supports 2FA via the Google Authenticator app (available for iOS and Android) or the Authy service, which can send codes to users via text message or phone call. You can also fall back to security questions instead of codes.
You can configure which members groups can use 2FA, as well as requiring certain groups to use it. 
Recommendation: Require any staff with access to the Admin Control Panel or moderation functions to use 2FA. This will ensure that no damage will occur should their account passwords be discovered. Allow members to use 2FA at their discretion.
2. Configure password requirements
The password strength feature displays a strength meter to users as they type a new password. The meter shows them approximately how secure it is, as well as some tips for choosing a good password.
While you can leave this feature as a simple recommendation for users, it's also possible to require them to choose a password that reaches a certain strength on the meter. 
Recommendation: Require users to choose at least a 'Strong' password.

3. Be selective when adding administrators
Administrator permissions can be extremely damaging in the wrong hands, and granting administrator powers should only be done with great consideration. Giving access to the AdminCP is like handing someone the keys to your house. Before doing so, be sure you trust the person and that their role requires access to the AdminCP (for example, would moderator permissions be sufficient for the new staff member?).
Recommendation: Don't forget to remove administrator access promptly when necessary too, such as the member of staff leaving your organization. Always be aware of exactly who has administrator access at any given time, and review regularly. You can list all accounts that have Administrative access by clicking the Administrators button under staff on the Members tab.
4. Utilize Admin Restrictions
In many organizations, staff roles within the community reflect real-world roles - designers need access to templates, accounting needs access to billing, and so forth. 
Invision Community allows you to limit administrator access to particular areas of the AdminCP with the Admin Restrictions feature, and even limit what can is done within those areas.
This is a great approach for limiting risk to your data; by giving staff members access to only the areas they need to perform their duties, you reduce the potential impact should their account become compromised in future.
Recommendation: Review the restrictions your admins currently have. 
5. Choose good passwords
This seems like an obvious suggestion, but surveys regularly show that people choose passwords that are too easy to guess or brute force. Your password is naturally the most basic protection of your AdminCP there is, so making sure you're using a good password is essential.
We recommend using a password manager application, such as 1password or LastPass. These applications generate strong, random passwords for each site you use, and store them so that you don't have to remember them.
Even if you don't use a password manager, make sure the passwords you use for your community are unique and never used for other sites too.
Recommendation: Reset your password regularly and ensure you do not use the same password elsewhere.

6. Stay up to date
It's a fact of software development that from time to time, new security issues are reported and promptly fixed.
But if you're running several versions behind, once security issues are made public through responsible disclosure, malicious users can exploit those weaknesses in your community.
When we release new updates - especially if they're marked as a security release in our release notes - be sure to update promptly.
Invision Community allows you to update to the latest version via the AdminCP. You no longer need to download a thing!
Recommendation: Update to the latest version whenever possible. Remember, with Invision Community's theme and hook systems, upgrades to minor point releases should be very straight forward.
7. Restrict your AdminCP to an IP range where possible
If your organization has a static IP or requires staff members to use a VPN, you can add an additional layer of security to your community by prohibiting access to the AdminCP unless the user's IP matches your whitelist.
This is a server-level feature, so consult your IT team or host to find out how to set it up in your particular environment.
Recommendation: Consider IP restriction as an additional security layer when you are not able or willing to use 2FA.
8. Properly secure your PHP installation
Many of PHP's built-in functions can leave a server vulnerable to high-impact exploits, and yet many of these functions aren't needed by the vast majority of PHP applications you might run. We, therefore, recommend that you explicitly disable these functions using PHP's disable_functions configuration setting. Here's our recommended configuration, although you or your host may need to tweak the list depending on your exact needs:
disable_functions = escapeshellarg,escapeshellcmd,exec,ini_alter,parse_ini_file,passthru,pcntl_exec,popen,proc_close,proc_get_status,proc_nice,proc_open,proc_terminate,show_source,shell_exec,symlink,system Another critical PHP configuration setting you need to check is that open_basedir is enabled. Especially if you're hosted on a server that also hosts other websites (known as shared hosting), if another account on the server is comprised and open_basedir is disabled, the attacker can potentially gain access to your files too.
Naturally, Cloud customers needn't worry about this, we've already ensured our cloud infrastructure is impervious to this kind of attack.
Recommendation: Review your PHP version and settings, or choose one of our cloud plans where we take care of this for you.
So there we go - a brief overview of 8 common-sense ways you can better protect your community and its users.
As software developers, we're constantly working to improve the behind-the-scenes security of our software. As an administrator, there's also a number of steps you should take to keep your community safe on the web.
If you have any tips related to security, be sure to share them in the comments!
 

Security should never be an afterthought. Don't wait until an attack has compromised your site before you take action.
All too often, site owners consider increasing their security only when it's too late, and their community has already been compromised.
Taking some time now to check and improve the security of your community and server will pay dividends.
In this blog, we run down 8 ways that you can protect your community with Invision Community. We go through the security features you may not know about to best practices all communities should be following.
1. Set up Two Factor Authentication
Invision Community supports Two Factor Authentication (2FA for short), and we highly recommend making use of this feature for your users, but especially for your administrative staff.
2FA is a system that requires both a user's password and a special code (displayed by a phone app) that changes every few seconds. The idea is simple: if a user's password is somehow compromised, a hacker still wouldn't be able to log in to the account without the current code number.
You may already be familiar with 2FA from other services you use. Apple's iCloud, Facebook and Google all offer it, as do thousands of banks and other security-conscious businesses.
Invision Community supports 2FA via the Google Authenticator app (available for iOS and Android) or the Authy service, which can send codes to users via text message or phone call. You can also fall back to security questions instead of codes.
You can configure which members groups can use 2FA, as well as requiring certain groups to use it. 
Recommendation: Require any staff with access to the Admin Control Panel or moderation functions to use 2FA. This will ensure that no damage will occur should their account passwords be discovered. Allow members to use 2FA at their discretion.
2. Configure password requirements
The password strength feature displays a strength meter to users as they type a new password. The meter shows them approximately how secure it is, as well as some tips for choosing a good password.
While you can leave this feature as a simple recommendation for users, it's also possible to require them to choose a password that reaches a certain strength on the meter. 
Recommendation: Require users to choose at least a 'Strong' password.

3. Be selective when adding administrators
Administrator permissions can be extremely damaging in the wrong hands, and granting administrator powers should only be done with great consideration. Giving access to the AdminCP is like handing someone the keys to your house. Before doing so, be sure you trust the person and that their role requires access to the AdminCP (for example, would moderator permissions be sufficient for the new staff member?).
Recommendation: Don't forget to remove administrator access promptly when necessary too, such as the member of staff leaving your organization. Always be aware of exactly who has administrator access at any given time, and review regularly. You can list all accounts that have Administrative access by clicking the Administrators button under staff on the Members tab.
4. Utilize Admin Restrictions
In many organizations, staff roles within the community reflect real-world roles - designers need access to templates, accounting needs access to billing, and so forth. 
Invision Community allows you to limit administrator access to particular areas of the AdminCP with the Admin Restrictions feature, and even limit what can is done within those areas.
This is a great approach for limiting risk to your data; by giving staff members access to only the areas they need to perform their duties, you reduce the potential impact should their account become compromised in future.
Recommendation: Review the restrictions your admins currently have. 
5. Choose good passwords
This seems like an obvious suggestion, but surveys regularly show that people choose passwords that are too easy to guess or brute force. Your password is naturally the most basic protection of your AdminCP there is, so making sure you're using a good password is essential.
We recommend using a password manager application, such as 1password or LastPass. These applications generate strong, random passwords for each site you use, and store them so that you don't have to remember them.
Even if you don't use a password manager, make sure the passwords you use for your community are unique and never used for other sites too.
Recommendation: Reset your password regularly and ensure you do not use the same password elsewhere.

6. Stay up to date
It's a fact of software development that from time to time, new security issues are reported and promptly fixed.
But if you're running several versions behind, once security issues are made public through responsible disclosure, malicious users can exploit those weaknesses in your community.
When we release new updates - especially if they're marked as a security release in our release notes - be sure to update promptly.
Invision Community allows you to update to the latest version via the AdminCP. You no longer need to download a thing!
Recommendation: Update to the latest version whenever possible. Remember, with Invision Community's theme and hook systems, upgrades to minor point releases should be very straight forward.
7. Restrict your AdminCP to an IP range where possible
If your organization has a static IP or requires staff members to use a VPN, you can add an additional layer of security to your community by prohibiting access to the AdminCP unless the user's IP matches your whitelist.
This is a server-level feature, so consult your IT team or host to find out how to set it up in your particular environment.
Recommendation: Consider IP restriction as an additional security layer when you are not able or willing to use 2FA.
8. Properly secure your PHP installation
Many of PHP's built-in functions can leave a server vulnerable to high-impact exploits, and yet many of these functions aren't needed by the vast majority of PHP applications you might run. We, therefore, recommend that you explicitly disable these functions using PHP's disable_functions configuration setting. Here's our recommended configuration, although you or your host may need to tweak the list depending on your exact needs:
disable_functions = escapeshellarg,escapeshellcmd,exec,ini_alter,parse_ini_file,passthru,pcntl_exec,popen,proc_close,proc_get_status,proc_nice,proc_open,proc_terminate,show_source,shell_exec,symlink,system Another critical PHP configuration setting you need to check is that open_basedir is enabled. Especially if you're hosted on a server that also hosts other websites (known as shared hosting), if another account on the server is comprised and open_basedir is disabled, the attacker can potentially gain access to your files too.
Naturally, Cloud customers needn't worry about this, we've already ensured our cloud infrastructure is impervious to this kind of attack.
Recommendation: Review your PHP version and settings, or choose one of our cloud plans where we take care of this for you.
So there we go - a brief overview of 8 common-sense ways you can better protect your community and its users.
As software developers, we're constantly working to improve the behind-the-scenes security of our software. As an administrator, there's also a number of steps you should take to keep your community safe on the web.
If you have any tips related to security, be sure to share them in the comments!
 

Security should never be an afterthought. Don't wait until an attack has compromised your site before you take action.
All too often, site owners consider increasing their security only when it's too late, and their community has already been compromised.
Taking some time now to check and improve the security of your community and server will pay dividends.
In this blog, we run down 8 ways that you can protect your community with Invision Community. We go through the security features you may not know about to best practices all communities should be following.
1. Set up Two Factor Authentication
Invision Community supports Two Factor Authentication (2FA for short), and we highly recommend making use of this feature for your users, but especially for your administrative staff.
2FA is a system that requires both a user's password and a special code (displayed by a phone app) that changes every few seconds. The idea is simple: if a user's password is somehow compromised, a hacker still wouldn't be able to log in to the account without the current code number.
You may already be familiar with 2FA from other services you use. Apple's iCloud, Facebook and Google all offer it, as do thousands of banks and other security-conscious businesses.
Invision Community supports 2FA via the Google Authenticator app (available for iOS and Android) or the Authy service, which can send codes to users via text message or phone call. You can also fall back to security questions instead of codes.
You can configure which members groups can use 2FA, as well as requiring certain groups to use it. 
Recommendation: Require any staff with access to the Admin Control Panel or moderation functions to use 2FA. This will ensure that no damage will occur should their account passwords be discovered. Allow members to use 2FA at their discretion.
2. Configure password requirements
The password strength feature displays a strength meter to users as they type a new password. The meter shows them approximately how secure it is, as well as some tips for choosing a good password.
While you can leave this feature as a simple recommendation for users, it's also possible to require them to choose a password that reaches a certain strength on the meter. 
Recommendation: Require users to choose at least a 'Strong' password.

3. Be selective when adding administrators
Administrator permissions can be extremely damaging in the wrong hands, and granting administrator powers should only be done with great consideration. Giving access to the AdminCP is like handing someone the keys to your house. Before doing so, be sure you trust the person and that their role requires access to the AdminCP (for example, would moderator permissions be sufficient for the new staff member?).
Recommendation: Don't forget to remove administrator access promptly when necessary too, such as the member of staff leaving your organization. Always be aware of exactly who has administrator access at any given time, and review regularly. You can list all accounts that have Administrative access by clicking the Administrators button under staff on the Members tab.
4. Utilize Admin Restrictions
In many organizations, staff roles within the community reflect real-world roles - designers need access to templates, accounting needs access to billing, and so forth. 
Invision Community allows you to limit administrator access to particular areas of the AdminCP with the Admin Restrictions feature, and even limit what can is done within those areas.
This is a great approach for limiting risk to your data; by giving staff members access to only the areas they need to perform their duties, you reduce the potential impact should their account become compromised in future.
Recommendation: Review the restrictions your admins currently have. 
5. Choose good passwords
This seems like an obvious suggestion, but surveys regularly show that people choose passwords that are too easy to guess or brute force. Your password is naturally the most basic protection of your AdminCP there is, so making sure you're using a good password is essential.
We recommend using a password manager application, such as 1password or LastPass. These applications generate strong, random passwords for each site you use, and store them so that you don't have to remember them.
Even if you don't use a password manager, make sure the passwords you use for your community are unique and never used for other sites too.
Recommendation: Reset your password regularly and ensure you do not use the same password elsewhere.

6. Stay up to date
It's a fact of software development that from time to time, new security issues are reported and promptly fixed.
But if you're running several versions behind, once security issues are made public through responsible disclosure, malicious users can exploit those weaknesses in your community.
When we release new updates - especially if they're marked as a security release in our release notes - be sure to update promptly.
Invision Community allows you to update to the latest version via the AdminCP. You no longer need to download a thing!
Recommendation: Update to the latest version whenever possible. Remember, with Invision Community's theme and hook systems, upgrades to minor point releases should be very straight forward.
7. Restrict your AdminCP to an IP range where possible
If your organization has a static IP or requires staff members to use a VPN, you can add an additional layer of security to your community by prohibiting access to the AdminCP unless the user's IP matches your whitelist.
This is a server-level feature, so consult your IT team or host to find out how to set it up in your particular environment.
Recommendation: Consider IP restriction as an additional security layer when you are not able or willing to use 2FA.
8. Properly secure your PHP installation
Many of PHP's built-in functions can leave a server vulnerable to high-impact exploits, and yet many of these functions aren't needed by the vast majority of PHP applications you might run. We, therefore, recommend that you explicitly disable these functions using PHP's disable_functions configuration setting. Here's our recommended configuration, although you or your host may need to tweak the list depending on your exact needs:
disable_functions = escapeshellarg,escapeshellcmd,exec,ini_alter,parse_ini_file,passthru,pcntl_exec,popen,proc_close,proc_get_status,proc_nice,proc_open,proc_terminate,show_source,shell_exec,symlink,system Another critical PHP configuration setting you need to check is that open_basedir is enabled. Especially if you're hosted on a server that also hosts other websites (known as shared hosting), if another account on the server is comprised and open_basedir is disabled, the attacker can potentially gain access to your files too.
Naturally, Cloud customers needn't worry about this, we've already ensured our cloud infrastructure is impervious to this kind of attack.
Recommendation: Review your PHP version and settings, or choose one of our cloud plans where we take care of this for you.
So there we go - a brief overview of 8 common-sense ways you can better protect your community and its users.
As software developers, we're constantly working to improve the behind-the-scenes security of our software. As an administrator, there's also a number of steps you should take to keep your community safe on the web.
If you have any tips related to security, be sure to share them in the comments!
 

Security should never be an afterthought. Don't wait until an attack has compromised your site before you take action.
All too often, site owners consider increasing their security only when it's too late, and their community has already been compromised.
Taking some time now to check and improve the security of your community and server will pay dividends.
In this blog, we run down 8 ways that you can protect your community with Invision Community. We go through the security features you may not know about to best practices all communities should be following.
1. Set up Two Factor Authentication
Invision Community supports Two Factor Authentication (2FA for short), and we highly recommend making use of this feature for your users, but especially for your administrative staff.
2FA is a system that requires both a user's password and a special code (displayed by a phone app) that changes every few seconds. The idea is simple: if a user's password is somehow compromised, a hacker still wouldn't be able to log in to the account without the current code number.
You may already be familiar with 2FA from other services you use. Apple's iCloud, Facebook and Google all offer it, as do thousands of banks and other security-conscious businesses.
Invision Community supports 2FA via the Google Authenticator app (available for iOS and Android) or the Authy service, which can send codes to users via text message or phone call. You can also fall back to security questions instead of codes.
You can configure which members groups can use 2FA, as well as requiring certain groups to use it. 
Recommendation: Require any staff with access to the Admin Control Panel or moderation functions to use 2FA. This will ensure that no damage will occur should their account passwords be discovered. Allow members to use 2FA at their discretion.
2. Configure password requirements
The password strength feature displays a strength meter to users as they type a new password. The meter shows them approximately how secure it is, as well as some tips for choosing a good password.
While you can leave this feature as a simple recommendation for users, it's also possible to require them to choose a password that reaches a certain strength on the meter. 
Recommendation: Require users to choose at least a 'Strong' password.

3. Be selective when adding administrators
Administrator permissions can be extremely damaging in the wrong hands, and granting administrator powers should only be done with great consideration. Giving access to the AdminCP is like handing someone the keys to your house. Before doing so, be sure you trust the person and that their role requires access to the AdminCP (for example, would moderator permissions be sufficient for the new staff member?).
Recommendation: Don't forget to remove administrator access promptly when necessary too, such as the member of staff leaving your organization. Always be aware of exactly who has administrator access at any given time, and review regularly. You can list all accounts that have Administrative access by clicking the Administrators button under staff on the Members tab.
4. Utilize Admin Restrictions
In many organizations, staff roles within the community reflect real-world roles - designers need access to templates, accounting needs access to billing, and so forth. 
Invision Community allows you to limit administrator access to particular areas of the AdminCP with the Admin Restrictions feature, and even limit what can is done within those areas.
This is a great approach for limiting risk to your data; by giving staff members access to only the areas they need to perform their duties, you reduce the potential impact should their account become compromised in future.
Recommendation: Review the restrictions your admins currently have. 
5. Choose good passwords
This seems like an obvious suggestion, but surveys regularly show that people choose passwords that are too easy to guess or brute force. Your password is naturally the most basic protection of your AdminCP there is, so making sure you're using a good password is essential.
We recommend using a password manager application, such as 1password or LastPass. These applications generate strong, random passwords for each site you use, and store them so that you don't have to remember them.
Even if you don't use a password manager, make sure the passwords you use for your community are unique and never used for other sites too.
Recommendation: Reset your password regularly and ensure you do not use the same password elsewhere.

6. Stay up to date
It's a fact of software development that from time to time, new security issues are reported and promptly fixed.
But if you're running several versions behind, once security issues are made public through responsible disclosure, malicious users can exploit those weaknesses in your community.
When we release new updates - especially if they're marked as a security release in our release notes - be sure to update promptly.
Invision Community allows you to update to the latest version via the AdminCP. You no longer need to download a thing!
Recommendation: Update to the latest version whenever possible. Remember, with Invision Community's theme and hook systems, upgrades to minor point releases should be very straight forward.
7. Restrict your AdminCP to an IP range where possible
If your organization has a static IP or requires staff members to use a VPN, you can add an additional layer of security to your community by prohibiting access to the AdminCP unless the user's IP matches your whitelist.
This is a server-level feature, so consult your IT team or host to find out how to set it up in your particular environment.
Recommendation: Consider IP restriction as an additional security layer when you are not able or willing to use 2FA.
8. Properly secure your PHP installation
Many of PHP's built-in functions can leave a server vulnerable to high-impact exploits, and yet many of these functions aren't needed by the vast majority of PHP applications you might run. We, therefore, recommend that you explicitly disable these functions using PHP's disable_functions configuration setting. Here's our recommended configuration, although you or your host may need to tweak the list depending on your exact needs:
disable_functions = escapeshellarg,escapeshellcmd,exec,ini_alter,parse_ini_file,passthru,pcntl_exec,popen,proc_close,proc_get_status,proc_nice,proc_open,proc_terminate,show_source,shell_exec,symlink,system Another critical PHP configuration setting you need to check is that open_basedir is enabled. Especially if you're hosted on a server that also hosts other websites (known as shared hosting), if another account on the server is comprised and open_basedir is disabled, the attacker can potentially gain access to your files too.
Naturally, Cloud customers needn't worry about this, we've already ensured our cloud infrastructure is impervious to this kind of attack.
Recommendation: Review your PHP version and settings, or choose one of our cloud plans where we take care of this for you.
So there we go - a brief overview of 8 common-sense ways you can better protect your community and its users.
As software developers, we're constantly working to improve the behind-the-scenes security of our software. As an administrator, there's also a number of steps you should take to keep your community safe on the web.
If you have any tips related to security, be sure to share them in the comments!
 

Security should never be an afterthought. Don't wait until an attack has compromised your site before you take action.
All too often, site owners consider increasing their security only when it's too late, and their community has already been compromised.
Taking some time now to check and improve the security of your community and server will pay dividends.
In this blog, we run down 8 ways that you can protect your community with Invision Community. We go through the security features you may not know about to best practices all communities should be following.
1. Set up Two Factor Authentication
Invision Community supports Two Factor Authentication (2FA for short), and we highly recommend making use of this feature for your users, but especially for your administrative staff.
2FA is a system that requires both a user's password and a special code (displayed by a phone app) that changes every few seconds. The idea is simple: if a user's password is somehow compromised, a hacker still wouldn't be able to log in to the account without the current code number.
You may already be familiar with 2FA from other services you use. Apple's iCloud, Facebook and Google all offer it, as do thousands of banks and other security-conscious businesses.
Invision Community supports 2FA via the Google Authenticator app (available for iOS and Android) or the Authy service, which can send codes to users via text message or phone call. You can also fall back to security questions instead of codes.
You can configure which members groups can use 2FA, as well as requiring certain groups to use it. 
Recommendation: Require any staff with access to the Admin Control Panel or moderation functions to use 2FA. This will ensure that no damage will occur should their account passwords be discovered. Allow members to use 2FA at their discretion.
2. Configure password requirements
The password strength feature displays a strength meter to users as they type a new password. The meter shows them approximately how secure it is, as well as some tips for choosing a good password.
While you can leave this feature as a simple recommendation for users, it's also possible to require them to choose a password that reaches a certain strength on the meter. 
Recommendation: Require users to choose at least a 'Strong' password.

3. Be selective when adding administrators
Administrator permissions can be extremely damaging in the wrong hands, and granting administrator powers should only be done with great consideration. Giving access to the AdminCP is like handing someone the keys to your house. Before doing so, be sure you trust the person and that their role requires access to the AdminCP (for example, would moderator permissions be sufficient for the new staff member?).
Recommendation: Don't forget to remove administrator access promptly when necessary too, such as the member of staff leaving your organization. Always be aware of exactly who has administrator access at any given time, and review regularly. You can list all accounts that have Administrative access by clicking the Administrators button under staff on the Members tab.
4. Utilize Admin Restrictions
In many organizations, staff roles within the community reflect real-world roles - designers need access to templates, accounting needs access to billing, and so forth. 
Invision Community allows you to limit administrator access to particular areas of the AdminCP with the Admin Restrictions feature, and even limit what can is done within those areas.
This is a great approach for limiting risk to your data; by giving staff members access to only the areas they need to perform their duties, you reduce the potential impact should their account become compromised in future.
Recommendation: Review the restrictions your admins currently have. 
5. Choose good passwords
This seems like an obvious suggestion, but surveys regularly show that people choose passwords that are too easy to guess or brute force. Your password is naturally the most basic protection of your AdminCP there is, so making sure you're using a good password is essential.
We recommend using a password manager application, such as 1password or LastPass. These applications generate strong, random passwords for each site you use, and store them so that you don't have to remember them.
Even if you don't use a password manager, make sure the passwords you use for your community are unique and never used for other sites too.
Recommendation: Reset your password regularly and ensure you do not use the same password elsewhere.

6. Stay up to date
It's a fact of software development that from time to time, new security issues are reported and promptly fixed.
But if you're running several versions behind, once security issues are made public through responsible disclosure, malicious users can exploit those weaknesses in your community.
When we release new updates - especially if they're marked as a security release in our release notes - be sure to update promptly.
Invision Community allows you to update to the latest version via the AdminCP. You no longer need to download a thing!
Recommendation: Update to the latest version whenever possible. Remember, with Invision Community's theme and hook systems, upgrades to minor point releases should be very straight forward.
7. Restrict your AdminCP to an IP range where possible
If your organization has a static IP or requires staff members to use a VPN, you can add an additional layer of security to your community by prohibiting access to the AdminCP unless the user's IP matches your whitelist.
This is a server-level feature, so consult your IT team or host to find out how to set it up in your particular environment.
Recommendation: Consider IP restriction as an additional security layer when you are not able or willing to use 2FA.
8. Properly secure your PHP installation
Many of PHP's built-in functions can leave a server vulnerable to high-impact exploits, and yet many of these functions aren't needed by the vast majority of PHP applications you might run. We, therefore, recommend that you explicitly disable these functions using PHP's disable_functions configuration setting. Here's our recommended configuration, although you or your host may need to tweak the list depending on your exact needs:
disable_functions = escapeshellarg,escapeshellcmd,exec,ini_alter,parse_ini_file,passthru,pcntl_exec,popen,proc_close,proc_get_status,proc_nice,proc_open,proc_terminate,show_source,shell_exec,symlink,system Another critical PHP configuration setting you need to check is that open_basedir is enabled. Especially if you're hosted on a server that also hosts other websites (known as shared hosting), if another account on the server is comprised and open_basedir is disabled, the attacker can potentially gain access to your files too.
Naturally, Cloud customers needn't worry about this, we've already ensured our cloud infrastructure is impervious to this kind of attack.
Recommendation: Review your PHP version and settings, or choose one of our cloud plans where we take care of this for you.
So there we go - a brief overview of 8 common-sense ways you can better protect your community and its users.
As software developers, we're constantly working to improve the behind-the-scenes security of our software. As an administrator, there's also a number of steps you should take to keep your community safe on the web.
If you have any tips related to security, be sure to share them in the comments!
 

Security should never be an afterthought. Don't wait until an attack has compromised your site before you take action.
All too often, site owners consider increasing their security only when it's too late, and their community has already been compromised.
Taking some time now to check and improve the security of your community and server will pay dividends.
In this blog, we run down 8 ways that you can protect your community with Invision Community. We go through the security features you may not know about to best practices all communities should be following.
1. Set up Two Factor Authentication
Invision Community supports Two Factor Authentication (2FA for short), and we highly recommend making use of this feature for your users, but especially for your administrative staff.
2FA is a system that requires both a user's password and a special code (displayed by a phone app) that changes every few seconds. The idea is simple: if a user's password is somehow compromised, a hacker still wouldn't be able to log in to the account without the current code number.
You may already be familiar with 2FA from other services you use. Apple's iCloud, Facebook and Google all offer it, as do thousands of banks and other security-conscious businesses.
Invision Community supports 2FA via the Google Authenticator app (available for iOS and Android) or the Authy service, which can send codes to users via text message or phone call. You can also fall back to security questions instead of codes.
You can configure which members groups can use 2FA, as well as requiring certain groups to use it. 
Recommendation: Require any staff with access to the Admin Control Panel or moderation functions to use 2FA. This will ensure that no damage will occur should their account passwords be discovered. Allow members to use 2FA at their discretion.
2. Configure password requirements
The password strength feature displays a strength meter to users as they type a new password. The meter shows them approximately how secure it is, as well as some tips for choosing a good password.
While you can leave this feature as a simple recommendation for users, it's also possible to require them to choose a password that reaches a certain strength on the meter. 
Recommendation: Require users to choose at least a 'Strong' password.

3. Be selective when adding administrators
Administrator permissions can be extremely damaging in the wrong hands, and granting administrator powers should only be done with great consideration. Giving access to the AdminCP is like handing someone the keys to your house. Before doing so, be sure you trust the person and that their role requires access to the AdminCP (for example, would moderator permissions be sufficient for the new staff member?).
Recommendation: Don't forget to remove administrator access promptly when necessary too, such as the member of staff leaving your organization. Always be aware of exactly who has administrator access at any given time, and review regularly. You can list all accounts that have Administrative access by clicking the Administrators button under staff on the Members tab.
4. Utilize Admin Restrictions
In many organizations, staff roles within the community reflect real-world roles - designers need access to templates, accounting needs access to billing, and so forth. 
Invision Community allows you to limit administrator access to particular areas of the AdminCP with the Admin Restrictions feature, and even limit what can is done within those areas.
This is a great approach for limiting risk to your data; by giving staff members access to only the areas they need to perform their duties, you reduce the potential impact should their account become compromised in future.
Recommendation: Review the restrictions your admins currently have. 
5. Choose good passwords
This seems like an obvious suggestion, but surveys regularly show that people choose passwords that are too easy to guess or brute force. Your password is naturally the most basic protection of your AdminCP there is, so making sure you're using a good password is essential.
We recommend using a password manager application, such as 1password or LastPass. These applications generate strong, random passwords for each site you use, and store them so that you don't have to remember them.
Even if you don't use a password manager, make sure the passwords you use for your community are unique and never used for other sites too.
Recommendation: Reset your password regularly and ensure you do not use the same password elsewhere.

6. Stay up to date
It's a fact of software development that from time to time, new security issues are reported and promptly fixed.
But if you're running several versions behind, once security issues are made public through responsible disclosure, malicious users can exploit those weaknesses in your community.
When we release new updates - especially if they're marked as a security release in our release notes - be sure to update promptly.
Invision Community allows you to update to the latest version via the AdminCP. You no longer need to download a thing!
Recommendation: Update to the latest version whenever possible. Remember, with Invision Community's theme and hook systems, upgrades to minor point releases should be very straight forward.
7. Restrict your AdminCP to an IP range where possible
If your organization has a static IP or requires staff members to use a VPN, you can add an additional layer of security to your community by prohibiting access to the AdminCP unless the user's IP matches your whitelist.
This is a server-level feature, so consult your IT team or host to find out how to set it up in your particular environment.
Recommendation: Consider IP restriction as an additional security layer when you are not able or willing to use 2FA.
8. Properly secure your PHP installation
Many of PHP's built-in functions can leave a server vulnerable to high-impact exploits, and yet many of these functions aren't needed by the vast majority of PHP applications you might run. We, therefore, recommend that you explicitly disable these functions using PHP's disable_functions configuration setting. Here's our recommended configuration, although you or your host may need to tweak the list depending on your exact needs:
disable_functions = escapeshellarg,escapeshellcmd,exec,ini_alter,parse_ini_file,passthru,pcntl_exec,popen,proc_close,proc_get_status,proc_nice,proc_open,proc_terminate,show_source,shell_exec,symlink,system Another critical PHP configuration setting you need to check is that open_basedir is enabled. Especially if you're hosted on a server that also hosts other websites (known as shared hosting), if another account on the server is comprised and open_basedir is disabled, the attacker can potentially gain access to your files too.
Naturally, Cloud customers needn't worry about this, we've already ensured our cloud infrastructure is impervious to this kind of attack.
Recommendation: Review your PHP version and settings, or choose one of our cloud plans where we take care of this for you.
So there we go - a brief overview of 8 common-sense ways you can better protect your community and its users.
As software developers, we're constantly working to improve the behind-the-scenes security of our software. As an administrator, there's also a number of steps you should take to keep your community safe on the web.
If you have any tips related to security, be sure to share them in the comments!
 

Security should never be an afterthought. Don't wait until an attack has compromised your site before you take action.
All too often, site owners consider increasing their security only when it's too late, and their community has already been compromised.
Taking some time now to check and improve the security of your community and server will pay dividends.
In this blog, we run down 8 ways that you can protect your community with Invision Community. We go through the security features you may not know about to best practices all communities should be following.
1. Set up Two Factor Authentication
Invision Community supports Two Factor Authentication (2FA for short), and we highly recommend making use of this feature for your users, but especially for your administrative staff.
2FA is a system that requires both a user's password and a special code (displayed by a phone app) that changes every few seconds. The idea is simple: if a user's password is somehow compromised, a hacker still wouldn't be able to log in to the account without the current code number.
You may already be familiar with 2FA from other services you use. Apple's iCloud, Facebook and Google all offer it, as do thousands of banks and other security-conscious businesses.
Invision Community supports 2FA via the Google Authenticator app (available for iOS and Android) or the Authy service, which can send codes to users via text message or phone call. You can also fall back to security questions instead of codes.
You can configure which members groups can use 2FA, as well as requiring certain groups to use it. 
Recommendation: Require any staff with access to the Admin Control Panel or moderation functions to use 2FA. This will ensure that no damage will occur should their account passwords be discovered. Allow members to use 2FA at their discretion.
2. Configure password requirements
The password strength feature displays a strength meter to users as they type a new password. The meter shows them approximately how secure it is, as well as some tips for choosing a good password.
While you can leave this feature as a simple recommendation for users, it's also possible to require them to choose a password that reaches a certain strength on the meter. 
Recommendation: Require users to choose at least a 'Strong' password.

3. Be selective when adding administrators
Administrator permissions can be extremely damaging in the wrong hands, and granting administrator powers should only be done with great consideration. Giving access to the AdminCP is like handing someone the keys to your house. Before doing so, be sure you trust the person and that their role requires access to the AdminCP (for example, would moderator permissions be sufficient for the new staff member?).
Recommendation: Don't forget to remove administrator access promptly when necessary too, such as the member of staff leaving your organization. Always be aware of exactly who has administrator access at any given time, and review regularly. You can list all accounts that have Administrative access by clicking the Administrators button under staff on the Members tab.
4. Utilize Admin Restrictions
In many organizations, staff roles within the community reflect real-world roles - designers need access to templates, accounting needs access to billing, and so forth. 
Invision Community allows you to limit administrator access to particular areas of the AdminCP with the Admin Restrictions feature, and even limit what can is done within those areas.
This is a great approach for limiting risk to your data; by giving staff members access to only the areas they need to perform their duties, you reduce the potential impact should their account become compromised in future.
Recommendation: Review the restrictions your admins currently have. 
5. Choose good passwords
This seems like an obvious suggestion, but surveys regularly show that people choose passwords that are too easy to guess or brute force. Your password is naturally the most basic protection of your AdminCP there is, so making sure you're using a good password is essential.
We recommend using a password manager application, such as 1password or LastPass. These applications generate strong, random passwords for each site you use, and store them so that you don't have to remember them.
Even if you don't use a password manager, make sure the passwords you use for your community are unique and never used for other sites too.
Recommendation: Reset your password regularly and ensure you do not use the same password elsewhere.

6. Stay up to date
It's a fact of software development that from time to time, new security issues are reported and promptly fixed.
But if you're running several versions behind, once security issues are made public through responsible disclosure, malicious users can exploit those weaknesses in your community.
When we release new updates - especially if they're marked as a security release in our release notes - be sure to update promptly.
Invision Community allows you to update to the latest version via the AdminCP. You no longer need to download a thing!
Recommendation: Update to the latest version whenever possible. Remember, with Invision Community's theme and hook systems, upgrades to minor point releases should be very straight forward.
7. Restrict your AdminCP to an IP range where possible
If your organization has a static IP or requires staff members to use a VPN, you can add an additional layer of security to your community by prohibiting access to the AdminCP unless the user's IP matches your whitelist.
This is a server-level feature, so consult your IT team or host to find out how to set it up in your particular environment.
Recommendation: Consider IP restriction as an additional security layer when you are not able or willing to use 2FA.
8. Properly secure your PHP installation
Many of PHP's built-in functions can leave a server vulnerable to high-impact exploits, and yet many of these functions aren't needed by the vast majority of PHP applications you might run. We, therefore, recommend that you explicitly disable these functions using PHP's disable_functions configuration setting. Here's our recommended configuration, although you or your host may need to tweak the list depending on your exact needs:
disable_functions = escapeshellarg,escapeshellcmd,exec,ini_alter,parse_ini_file,passthru,pcntl_exec,popen,proc_close,proc_get_status,proc_nice,proc_open,proc_terminate,show_source,shell_exec,symlink,system Another critical PHP configuration setting you need to check is that open_basedir is enabled. Especially if you're hosted on a server that also hosts other websites (known as shared hosting), if another account on the server is comprised and open_basedir is disabled, the attacker can potentially gain access to your files too.
Naturally, Cloud customers needn't worry about this, we've already ensured our cloud infrastructure is impervious to this kind of attack.
Recommendation: Review your PHP version and settings, or choose one of our cloud plans where we take care of this for you.
So there we go - a brief overview of 8 common-sense ways you can better protect your community and its users.
As software developers, we're constantly working to improve the behind-the-scenes security of our software. As an administrator, there's also a number of steps you should take to keep your community safe on the web.
If you have any tips related to security, be sure to share them in the comments!
 

Security should never be an afterthought. Don't wait until an attack has compromised your site before you take action.
All too often, site owners consider increasing their security only when it's too late, and their community has already been compromised.
Taking some time now to check and improve the security of your community and server will pay dividends.
In this blog, we run down 8 ways that you can protect your community with Invision Community. We go through the security features you may not know about to best practices all communities should be following.
1. Set up Two Factor Authentication
Invision Community supports Two Factor Authentication (2FA for short), and we highly recommend making use of this feature for your users, but especially for your administrative staff.
2FA is a system that requires both a user's password and a special code (displayed by a phone app) that changes every few seconds. The idea is simple: if a user's password is somehow compromised, a hacker still wouldn't be able to log in to the account without the current code number.
You may already be familiar with 2FA from other services you use. Apple's iCloud, Facebook and Google all offer it, as do thousands of banks and other security-conscious businesses.
Invision Community supports 2FA via the Google Authenticator app (available for iOS and Android) or the Authy service, which can send codes to users via text message or phone call. You can also fall back to security questions instead of codes.
You can configure which members groups can use 2FA, as well as requiring certain groups to use it. 
Recommendation: Require any staff with access to the Admin Control Panel or moderation functions to use 2FA. This will ensure that no damage will occur should their account passwords be discovered. Allow members to use 2FA at their discretion.
2. Configure password requirements
The password strength feature displays a strength meter to users as they type a new password. The meter shows them approximately how secure it is, as well as some tips for choosing a good password.
While you can leave this feature as a simple recommendation for users, it's also possible to require them to choose a password that reaches a certain strength on the meter. 
Recommendation: Require users to choose at least a 'Strong' password.

3. Be selective when adding administrators
Administrator permissions can be extremely damaging in the wrong hands, and granting administrator powers should only be done with great consideration. Giving access to the AdminCP is like handing someone the keys to your house. Before doing so, be sure you trust the person and that their role requires access to the AdminCP (for example, would moderator permissions be sufficient for the new staff member?).
Recommendation: Don't forget to remove administrator access promptly when necessary too, such as the member of staff leaving your organization. Always be aware of exactly who has administrator access at any given time, and review regularly. You can list all accounts that have Administrative access by clicking the Administrators button under staff on the Members tab.
4. Utilize Admin Restrictions
In many organizations, staff roles within the community reflect real-world roles - designers need access to templates, accounting needs access to billing, and so forth. 
Invision Community allows you to limit administrator access to particular areas of the AdminCP with the Admin Restrictions feature, and even limit what can is done within those areas.
This is a great approach for limiting risk to your data; by giving staff members access to only the areas they need to perform their duties, you reduce the potential impact should their account become compromised in future.
Recommendation: Review the restrictions your admins currently have. 
5. Choose good passwords
This seems like an obvious suggestion, but surveys regularly show that people choose passwords that are too easy to guess or brute force. Your password is naturally the most basic protection of your AdminCP there is, so making sure you're using a good password is essential.
We recommend using a password manager application, such as 1password or LastPass. These applications generate strong, random passwords for each site you use, and store them so that you don't have to remember them.
Even if you don't use a password manager, make sure the passwords you use for your community are unique and never used for other sites too.
Recommendation: Reset your password regularly and ensure you do not use the same password elsewhere.

6. Stay up to date
It's a fact of software development that from time to time, new security issues are reported and promptly fixed.
But if you're running several versions behind, once security issues are made public through responsible disclosure, malicious users can exploit those weaknesses in your community.
When we release new updates - especially if they're marked as a security release in our release notes - be sure to update promptly.
Invision Community allows you to update to the latest version via the AdminCP. You no longer need to download a thing!
Recommendation: Update to the latest version whenever possible. Remember, with Invision Community's theme and hook systems, upgrades to minor point releases should be very straight forward.
7. Restrict your AdminCP to an IP range where possible
If your organization has a static IP or requires staff members to use a VPN, you can add an additional layer of security to your community by prohibiting access to the AdminCP unless the user's IP matches your whitelist.
This is a server-level feature, so consult your IT team or host to find out how to set it up in your particular environment.
Recommendation: Consider IP restriction as an additional security layer when you are not able or willing to use 2FA.
8. Properly secure your PHP installation
Many of PHP's built-in functions can leave a server vulnerable to high-impact exploits, and yet many of these functions aren't needed by the vast majority of PHP applications you might run. We, therefore, recommend that you explicitly disable these functions using PHP's disable_functions configuration setting. Here's our recommended configuration, although you or your host may need to tweak the list depending on your exact needs:
disable_functions = escapeshellarg,escapeshellcmd,exec,ini_alter,parse_ini_file,passthru,pcntl_exec,popen,proc_close,proc_get_status,proc_nice,proc_open,proc_terminate,show_source,shell_exec,symlink,system Another critical PHP configuration setting you need to check is that open_basedir is enabled. Especially if you're hosted on a server that also hosts other websites (known as shared hosting), if another account on the server is comprised and open_basedir is disabled, the attacker can potentially gain access to your files too.
Naturally, Cloud customers needn't worry about this, we've already ensured our cloud infrastructure is impervious to this kind of attack.
Recommendation: Review your PHP version and settings, or choose one of our cloud plans where we take care of this for you.
So there we go - a brief overview of 8 common-sense ways you can better protect your community and its users.
As software developers, we're constantly working to improve the behind-the-scenes security of our software. As an administrator, there's also a number of steps you should take to keep your community safe on the web.
If you have any tips related to security, be sure to share them in the comments!
 

Collecting, curating and organising ideas and feedback is a critical part of managing a community for a product.
Even though here at Invision Community, we have a relaxed approach to ideation, we do read and review ideas and feature requests that come into us via our support community and via emails and tickets and organise them off-site.


If you wanted to add more rigour to your ideation process, then Invision Community has built-in tools that you can use.
This video covers setting up a "Question & Answer" forum, which forms the basis for your ideation section along with using the built-in translation tools to tweak the interface language.
The complete process takes around five minutes and is the perfect way to collect and organise community ideas.
Once you have it set up, your community members can post their ideas and fellow community members can upvote their favourite suggestions, leave comments on ideas and even upvote and downvote replies inside the idea.
Let me know what you thought, and if you have any further questions below!

Collecting, curating and organising ideas and feedback is a critical part of managing a community for a product.
Even though here at Invision Community, we have a relaxed approach to ideation, we do read and review ideas and feature requests that come into us via our support community and via emails and tickets and organise them off-site.


If you wanted to add more rigour to your ideation process, then Invision Community has built-in tools that you can use.
This video covers setting up a "Question & Answer" forum, which forms the basis for your ideation section along with using the built-in translation tools to tweak the interface language.
The complete process takes around five minutes and is the perfect way to collect and organise community ideas.
Once you have it set up, your community members can post their ideas and fellow community members can upvote their favourite suggestions, leave comments on ideas and even upvote and downvote replies inside the idea.
Let me know what you thought, and if you have any further questions below!

Collecting, curating and organising ideas and feedback is a critical part of managing a community for a product.
Even though here at Invision Community, we have a relaxed approach to ideation, we do read and review ideas and feature requests that come into us via our support community and via emails and tickets and organise them off-site.


If you wanted to add more rigour to your ideation process, then Invision Community has built-in tools that you can use.
This video covers setting up a "Question & Answer" forum, which forms the basis for your ideation section along with using the built-in translation tools to tweak the interface language.
The complete process takes around five minutes and is the perfect way to collect and organise community ideas.
Once you have it set up, your community members can post their ideas and fellow community members can upvote their favourite suggestions, leave comments on ideas and even upvote and downvote replies inside the idea.
Let me know what you thought, and if you have any further questions below!

Collecting, curating and organising ideas and feedback is a critical part of managing a community for a product.
Even though here at Invision Community, we have a relaxed approach to ideation, we do read and review ideas and feature requests that come into us via our support community and via emails and tickets and organise them off-site.


If you wanted to add more rigour to your ideation process, then Invision Community has built-in tools that you can use.
This video covers setting up a "Question & Answer" forum, which forms the basis for your ideation section along with using the built-in translation tools to tweak the interface language.
The complete process takes around five minutes and is the perfect way to collect and organise community ideas.
Once you have it set up, your community members can post their ideas and fellow community members can upvote their favourite suggestions, leave comments on ideas and even upvote and downvote replies inside the idea.
Let me know what you thought, and if you have any further questions below!

Collecting, curating and organising ideas and feedback is a critical part of managing a community for a product.
Even though here at Invision Community, we have a relaxed approach to ideation, we do read and review ideas and feature requests that come into us via our support community and via emails and tickets and organise them off-site.


If you wanted to add more rigour to your ideation process, then Invision Community has built-in tools that you can use.
This video covers setting up a "Question & Answer" forum, which forms the basis for your ideation section along with using the built-in translation tools to tweak the interface language.
The complete process takes around five minutes and is the perfect way to collect and organise community ideas.
Once you have it set up, your community members can post their ideas and fellow community members can upvote their favourite suggestions, leave comments on ideas and even upvote and downvote replies inside the idea.
Let me know what you thought, and if you have any further questions below!

Collecting, curating and organising ideas and feedback is a critical part of managing a community for a product.
Even though here at Invision Community, we have a relaxed approach to ideation, we do read and review ideas and feature requests that come into us via our support community and via emails and tickets and organise them off-site.


If you wanted to add more rigour to your ideation process, then Invision Community has built-in tools that you can use.
This video covers setting up a "Question & Answer" forum, which forms the basis for your ideation section along with using the built-in translation tools to tweak the interface language.
The complete process takes around five minutes and is the perfect way to collect and organise community ideas.
Once you have it set up, your community members can post their ideas and fellow community members can upvote their favourite suggestions, leave comments on ideas and even upvote and downvote replies inside the idea.
Let me know what you thought, and if you have any further questions below!

Collecting, curating and organising ideas and feedback is a critical part of managing a community for a product.
Even though here at Invision Community, we have a relaxed approach to ideation, we do read and review ideas and feature requests that come into us via our support community and via emails and tickets and organise them off-site.


If you wanted to add more rigour to your ideation process, then Invision Community has built-in tools that you can use.
This video covers setting up a "Question & Answer" forum, which forms the basis for your ideation section along with using the built-in translation tools to tweak the interface language.
The complete process takes around five minutes and is the perfect way to collect and organise community ideas.
Once you have it set up, your community members can post their ideas and fellow community members can upvote their favourite suggestions, leave comments on ideas and even upvote and downvote replies inside the idea.
Let me know what you thought, and if you have any further questions below!