AndyF

Tags are a powerful feature in IPS Community Suite 4 and we have seen clients using them in many ways to enhance content discovery on their site. Adding tags to an item is quite easy but modifying them after the fact requires you to edit the root content item. Not only is this tedious but it also then shows an edited-by line for that item even if all you did was change a tag.
To make this process more user friendly we now have the ability to quickly edit tags when viewing any content item. When you view an item that has tags enabled and you have permission to edit then you will see a link to edit tags.

Tag Quick Edit
That brings up an input box where you can manage your item tags without leaving the page to a full edit screen.

Tag Quick Edit Input
We have been testing the feature for a few weeks internally and it has already saved us time as we tag our discussions. But beyond that, and I think more important, is the fact that we find we are using tags more often. More use means more organization and filter possibilities of your content which is a great thing for busy, data-drive communities.
So we hope that not only will controlling your tags be faster an easier but you too find you use the tagging feature more often with this small but useful change.
 
This change will be in version 4.1.17 which is scheduled to be released in early December 2016.

IPS Community Suite 4.1.16 is nearing the end of development so I wanted to go over some of the new features in this upcoming release. Some are big and some are small but we always enjoy making any sort of enhancements to the Suite.
We expect 4.1.16 to go to public beta next week. If you are interested in using a public beta please check out our beta forum (clients only) with more info. We welcome as much testing as possible and our betas are considered safe to use on a live site. We do offer support for betas so, if you are technically minded, consider giving them a try.
Commerce: New Ticket Listing
We have redesigned the ticket listing view in Commerce to be much more user friendly and better use screen space. You can also now group by department which is great for organization.

 
Much like Activity Streams on the front end you can create custom views for tickets based on how you work.

The new My History view allows staff to quickly see their latest replies and actions along with some basic stats.

There are many other smaller improvement in Commerce in 4.1.16 as well. We think you will enjoy all the updates.
Security Questions
To enhance the security of your member accounts we now have a new security questions feature where you can allow your members to put in their own, personal security questions. The member will then be prompted to answer those questions for account actions you define.

Account Change Emails
Members will now receive confirmation emails when they change their email address...

and their password...

Topics per Page
You can now define the number of topics per page in forum view.

Remove all Followers
Moderators can now remove all followers from any item that allows follows. This is useful if you are archiving an old item or otherwise do not want people getting notified of new activity on an item.

Automatic Following
Your members can already choose to automatically follow content they start or reply to but now you can define this as the default behavior for all members. Your members can of course override this to their own preference.

Embed Failure Message
To answer the constant question "why didn't my media embed?" we now show you why. Regular members will just see a message indicating the Suite tried to embed but was not able to. Admins will get more information on what failed.

Suspended Member Page
When you banned/suspended a member previously they simply saw a generic permission denied message. We now show a more friendly page saying they were suspended and why.

The member can click to get the full information from the Warning System as well.

Contact Us
The contact us page now has configuration options to control where messages are sent. You can do email and even Commerce support departments now.

Announcements
Global announcements can now be restricted by member group.

And some technical stuff...
In addition to the new feature additions we have also fixed dozens of issues reported by clients. There was a particular focus on Commerce, Pages, and IPS Connect. Some other items of note:
Performance improvements in: profile view, sitemap generator, posting replies, and Activity Streams We now try to more reliably detect the AWS S3 endpoint for those using S3 file storage Tasks view will now show the last time a task ran More efficient license key checking to keep the keys from being checked too often which can slow your site down If group promotion based on date is enable the system will now auto-promote even if a member does not login If you move your site to a new URL you no longer have to update a constant if using the image proxy You can now press ctrl/cmd+enter in any editor window to submit the reply (yay!) In Commerce ticket view there are keyboard shortcuts to perform common actions (such as press 'r' to open reply box or 'n' for note) There is now logic to prevent double-posting when the initial post encounters an error on submit If your datastore (cache system) is not working properly the AdminCP will now show you a warning telling you that it needs attention.    

In line with our aim to make incremental improvements in each release, I wanted to go over a few of the small but useful changes to the personal messenger that you'll find in our next release, 4.1.13.
 
Read/unread filtering
The first improvement is that you can now filter the message list by read and unread, making it a little easier to browse through just the messages you're interested in.
 
Search improvements
Next up, the messenger search has been improved in a couple of ways; first, you can now also search the names of both the recipients and the senders, and second, we've added a menu so you can specify which fields in particular you want to search by.
 
Easier moving
Finally, we've added a popular request - the ability to use the mass-move tool inside the messenger. You can now check multiple messages, and the usual mass-action toolbar will appear that will allow you either move them to another folder, or, has been the case in the past, delete them.
 
While these are each small improvements by themselves, we hope the incremental changes in each release add up to a more pleasant experience for users. 

We are releasing a patch for IP.Board 3.4.x and IP.Nexus 1.5.x to address two potential security issues brought to our attention.

It has been brought to our attention that an open redirect exists within IP.Nexus which might allow a user to redirect other users to a remote site of their choosing through IP.Nexus. Additionally, an issue has been brought to our attention where-by sensitive user data may be exposed in certain circumstances.


To apply the patch
Simply download the attached zip and upload the files to your server. This single zip file includes the patch files for both IP.Board as well as IP.Nexus.
 
patch-34x-05252016.zip
 
If you are an IPS Community in the Cloud client running IP.Board 3.4 or above, no further action is necessary as we have already automatically patched your account. If you are using a version older than IP.Board 3.4, you should contact support to upgrade.

If you install or upgrade to IP.Board 3.4.9 after the date and time of this post, no further action is necessary as we have already updated the main download zips.

Last week we introduced you to a couple of key new improvements in IPS Community Suite 4.1.12, the new post preview and enhanced activity streams and search. However, this is a packed release, so I wanted to quickly review what else you can expect to find when it is released this week.
Mentions
4.0 introduced mentions, and since then a frequently-requested feature is the ability to ignore notifications triggered by particular members. In 4.1.12, we enhanced the Ignore Users functionality to also allow you to block mention notifications. They will still be able to mention you in posts, but you will no longer be notified about it.

Ratings
As of 4.1.12, ratings will now display half-stars in order to be more accurate. Users will still rate whole stars out of 5 (or 10 if configured so), but the aggregated ratings displayed alongside content will be more fine-grained.
Custom date formatting
We have used built-in, automatic locale formats for dates since 4.0, but it became increasingly clear that this did not offer the flexibility that some community administrators desired. As a result, 4.1.12 re-introduces the ability to provide custom formats for dates.
Bug fixes
Amongst the handful of new features, there's over 400 other bug fixes and improvements that contribute towards the overall stability of the IPS Community Suite, as we start working towards the next major release, IPS Community Suite 4.2 which will be available later this year. Further fixes for stability in the 4.1 line will come before 4.2 is available.
 
Please check our release notes to read more about other smaller changes and fixes in 4.1.12.

We are currently beta testing our next release, 4.1.12, which contains hundreds of bug fixes, dozens of improvements, as well as a handful of new features. In this post, I want to cover some improvements we've made to two key areas: activity streams and search.
Activity Streams
The first improvement we made is to change how the expanded/condensed toggles are displayed to improve their clarity. From studying the feedback from administrators and users, we discovered that many people did not realize the view could be changed. To improve this, the toggles now explicitly say 'Condensed' and 'Expanded', making it much clearer how the view can be toggled to your own preference.

More clearly marked expand and condense options for Activity Streams
Next, a common point of feedback about Activity Streams is that clicking a result and then hitting the Back button in the browser means you are put back at the first batch of results, losing your place in the stream. In 4.1.12 we improved this so that clicking Back will load the last batch of results you were viewing, enabling you to continue browsing from whence you left off.
Finally, in the Content Types menu we added an Apply button. We discovered that users were not always sure how to save the selection of content types they had made (which automatically happened when that menu was closed). To alleviate this, the new Apply button will save the selection and close the menu, updating the stream results in real-time as expected. You can still simply click out of the menu to apply changes as well.

The new Apply button in the Content Types menu
Search
While overall improvements to search (specifically the algorithms to match and return the results) are a matter of ongoing research and refinement which we will improve in the 4.2 series and beyond, 4.1.12 sees one small improvement to the options available to users. While you have always been able to search within a particular forum, category etc. while browsing that area, you were not able to retroactively filter into particular areas after performing a more general search. IPS Community Suite 4.1.12 adds this ability to the interface, allowing you to get more specific results from a particular area of the community.
Version 4.1.12 is currently in beta testing and should be released in the next two weeks.

We are currently beta testing our next release, 4.1.12, which contains hundreds of bug fixes, dozens of improvements, as well as a handful of new features. I wanted to introduce one of those new features: post preview.
Long-time users of our software will know that a post preview function was a standard feature, but we took the decision to not include it in the initial IPS4 release. It had a couple of drawbacks:
it only applied to certain pages, such as topic view - other WYSIWYG editors simply didn't get a preview the workflow wasn't very good for modern web apps, requiring a round-trip to the server and a full page refresh When IPS4 was released, we felt that the built-in rendering of the editor was a sufficient preview of how the end result would appear. However, while analyzing ongoing customer and user feedback for IPS4 in its first year of release, we have seen that a preview still has a use. There are some circumstances when a true WYSIWYG experience is just not possible such as using more advanced formatting (like LaTeX) or when admins create certain custom editor plugins.
As a result, we rethought post preview. We wanted to ensure that all editors could be previewed, and that it didn't have a clunky workflow. In addition, since IPS4 uses a responsive theme, we wanted to give users the opportunity to preview how their post would look on different devices.
Here's the result, and what will be available in 4.1.12:

Post preview in IPS Community Suite 4.1.12
The preview is shown by clicking a new button on the toolbar (meaning it can be moved, removed, etc. just like the other default buttons). When the preview loads, the toolbar allows the user to resize it to different device sizes. If they are on desktop, they can also view it at tablet at phone sizes; on a tablet, it can also be viewed at phone size.
So now we not only show a true preview of what content will look like when posted, but we also allow you to preview how it will look on other devices. Of course that preview is just a best-guess since different devices have different window sizes but it does give you an idea.
We hope this reimagining of an old feature for a more modern web will please end-users and make posting content a more accurate process. Stay tuned for more updates on what's included in 4.1.12!
Version 4.1.12 is currently in beta testing and should be released in the next two weeks.

The adoption rate of IPS4 has far surpassed our initial expectations. In response to this as well as client feedback, we are refocusing more internal resources on supporting and solidifying the IPS4 platform. As such, we are revising our product cycle dates for IP.Board (3.4.x) as follows: 
March 1, 2016 - End of advanced technical support and development. Basic / limited technical support will continue. 
June 1, 2016 - End of all technical support. Only security updates will be provided. 
April 1, 2017 - Complete product End of Life (EOL) 
 

Occasionally you'll want to style a specific element on a specific page of your community - maybe you want to change how topic titles are shown inside a topic, or do something specific to the styles used in activity streams, without also altering other screens where the same elements are used.
Your first instinct might be to open the template editor and add some custom classnames so you can style them. This would certainly work, but the downside is your template is now customized, so any future IPS4 updates would leave the template out of date. Not ideal by any means.
Instead, you can use some helpful attributes that IPS4 adds to the body element, and then build a CSS selector around them. There's four attributes, and they always reference the current page the user is on:
data-pageApp - The application key (e.g. core, forums, cms etc.) data-pageModule - The current module with the application (e.g. pages) data-pageController - The current controller within the module (e.g. topic, page etc.) data-pageLocation - Either admin or front. So let's say we want to change how the .ipsPageHeader element looks within topic view. Our selector would look like this:
body[data-pageapp="forums"][data-pagemodule="forums"][data-pagecontroller="topic"] .ipsPageHeader { ...your styles } If you don't want to be that specific, you can just use the attributes you need. For example, if you want to change all .ipsPageHeader styles in the Forums app, you'd do:
body[data-pageapp="forums"] .ipsPageHeader { ...your styles } Tip: If you don't know the correct app/module/controller for the page you're on, you can find out by visiting the page and then viewing the page source. You'll see these attributes in the body tag near the top.
And as always, be sure you add your CSS to custom.css to keep your upgrades easy  
This theme tip is taken from our guides section.

For our self-hosted customers, we wanted to give you advanced notice that support for PHP 5.4 in the IPS Community Suite will be ending soon. IPS Community Suite 4.1.11 will be the last release to support this version of PHP.
PHP 5.4 was released in 2012 and reached 'end of life' in September 2015, and so we will be requiring at least PHP 5.5 from IPS Community Suite 4.1.12 onwards. We do recommend PHP 5.6 or greater as 5.5 is approaching end of life as well.
If you currently use PHP 5.4, please contact your host and ask them to upgrade to a supported version as soon as possible.
If you would rather not have to worry about server-level issues like this, consider switching to one of our Community in the Cloud plans. They include all of our suite apps and we take care of all of the server management for you, leaving you to focus on running your community. If you are currently self-hosting, we can transfer your community to a cloud plan for free, in most cases. Contact our sales team for more information.

Security should never be an afterthought for your community. All too often, site owners consider beefing up their security only when it's too late and their community has already been compromised. Taking some time now to check and improve the security of your community and server could pay dividends by eliminating the cost and hassle of falling victim to hacking in the first place.
Let's run down 7 ways that you can protect your community with the IPS Community Suite, from security features you may not know about to best practices all communities should be following.
 
1. Be selective when adding administrators
Administrator permissions can be extremely damaging in the wrong hands, and granting administrator powers should only be done with great consideration. Granting access to the AdminCP is like handing someone the keys to your house, so before doing so, be sure you really trust the person and that their role requires access to the AdminCP (for example, would moderator permissions be sufficient for the new staff member?).
Don't forget to remove administrator access promptly when necessary too, such as the member of staff leaving your organization. Always be aware of exactly who has administrator access at any given time, and review regularly. You can list all accounts that have AdminCP access by clicking the List Administrators button on the System -> Security page.
2. Utilize Admin Restrictions
In many organizations, staff roles within the community reflect real-world roles - designers need access to templates, accounting needs access to billing, and so forth. IPS4 allows you to limit administrator access to very specific areas of the AdminCP with the Admin Restrictions feature, and even limit what can be done within those areas. This is a great approach for limiting risk to your data; by giving staff members access to only the areas they need to perform their duties, you reduce the potential impact should their account become compromised in future.
3. Choose good passwords
This seems like an obvious suggestion, but surveys regularly show that people choose passwords that are simply too easy to guess or brute force. Your password is naturally the most basic protection of your AdminCP there is, so making sure you're using a good password is essential.
We recommend using a password manager application such as 1password or LastPass. These applications generate strong, random passwords for each site you use, and store them so that you don't have to remember them.
Even if you don't use a password manager, make sure the passwords you use for your community are unique and never used for others sites too.
4. Stay up to date
It's a fact of software development that from time to time new security issues are reported and promptly fixed. But if you're running several versions behind, once security issues are made public through responsible disclosure, malicious users can exploit those weaknesses in your community.
When we release new updates - especially if they're marked as a security release in our release notes - be sure to update as promptly as you can so you receive the latest fixes. Your AdminCP will also let you know when a new version is ready for download.
5. Use .htaccess protection for your AdminCP
In addition to IPS4's own AdminCP login page, you can set up browser-level authentication, giving you a double layer of protection. This is done via a special .htaccess file which instructs the server to prompt for authentication before access to the page is granted. IPS4 can automatically generate this file for you - simply go to System -> Security in your AdminCP, and enable the "Add a secondary admin password" rule.
And it should go without saying, but to be clear: don't use the same username or password for both your .htaccess login and your admin account, or the measure is redundant!
6. Restrict your AdminCP to an IP range where possible
If your organization has a static IP or requires staff members to use a VPN, you can add an additional layer of security to your community by prohibiting access to the AdminCP unless the user's IP matches your whitelist. This is a server-level feature, so consult your IT team or host to find out how to set it up in your particular environment. If you're a Community in the Cloud customer, contact our support team if you'd like to set up this protection for your account.
7. Properly secure your PHP installation
Many of PHP's built-in functions can leave a server vulnerable to high-impact exploits, and yet many of these functions aren't needed by the vast majority of PHP applications you might run. We therefore recommend that you explicitly disable these functions using PHP's disable_functions configuration setting. Here's our recommended configuration, although you or your host may need to tweak the list depending on your exact needs:
disable_functions = escapeshellarg,escapeshellcmd,exec,ini_alter,parse_ini_file,passthru,pcntl_exec,popen,proc_close,proc_get_status,proc_nice,proc_open,proc_terminate,show_source,shell_exec,symlink,system Another critical PHP configuration setting you need to check is that open_basedir is enabled, especially if you're hosted on a server that also hosts other websites (known as shared hosting). If another account on the server is comprised and open_basedir is disabled, the attacker can potentially gain access to your files too.
Naturally, Community in the Cloud customers needn't worry about either of these steps - we've already handled it for you!
 
So there we go - a brief overview of 7 common-sense ways you can better protect your community and its users. As software developers, we're constantly working to improve the behind-the-scenes security of our software, but as an administrator, there's also a number of steps you should take to keep your community safe on the web.
If you have any tips related to security, be sure to share them in the comments!

When you use custom templates for a Pages database, you'll often need custom CSS to go along with it to provide the styling. There's two main ways of doing this:
CSS files within Pages
Pages allows you to create CSS files, and then associate them with particular custom pages of your community (you create these in the AdminCP, under Pages > Templates > CSS). So simply create your CSS file, and associate it to the page that your database is displayed on.
The benefit of this method is it applies to all themes, so it's great if you want your database to look the same on all themes. Of course, this is also the drawback - you can't easily use it for per-theme customization.
Targeting the database classname in theme CSS
Alternatively, you can target the database classname in your normal theme CSS files. When a database is inserted into a page, IPS4 helpfully adds a classname to the body element, which makes it really simple to style that page in particular. If your database key is myDatabase, then the classname added to the body element would be cCmsDatabase_myDatabase. Use this in your selectors and you can style everything exactly how you need:
.cCmsDatabase_myDatabase .ipsButton_important { /* Style important buttons differently in this database, for example */ } Combine both methods!
Of course, you can use both approaches when it makes sense. Create a CSS file within Pages for the basic structural styling that will apply regardless of which theme the user uses, and then in each theme target the database classname to customize it for that particular theme - perfect for the colors, font family and so on.

Activity Streams were first introduced in version 4.1 and have been very well received by people who enjoy all the flexibility they create in filtering and sorting content in a community for easy discovery of what is being posted.
As with any new feature, we received a lot of feedback and have had time to take that in and make improvements to mature the Activity Streams with key changes in 4.1.9 being interface, performance, and bug fixes in the system.
One recurring theme we heard were people saying "the new Activity Streams cannot do..." when actually they could do it but the options were not obvious. We used to have the options in a large drop down box that users could edit and then save to update their Stream. This meant that options were not clearly visible and therefore people did not even know all the powerful settings available to them. So in 4.1.9 we have moved those options into a new dynamic filter bar.

With the new filter bar you see all your options available right there. We also changed the interface so Streams instantly update when you make a change. You no longer have to click save and update, wait for interface to collapse, and so on. Now your changes instantly update your Stream.
When you do change your Stream settings a save button appears prompting you to save your new selection. You can choose to save if you like the new options or not if it is just a temporary change you made. If you edit filters on a stream you do not own then it will prompt you to save your options as a new stream.
 
We hope you enjoy this more dynamic approach to Activity Streams.

Many of the regular visitors to our community won't have failed to notice the new look we launched last week. Now that the dust has settled, I thought it was a good time to explain why we've made the change.
Streamlined access to everything we offer
Ever since IPS was founded in 2002, our community has been distinct from our website. The community is also where we kept all kinds of resources, from guides to the Marketplace. For those customers who know us well and enjoy hanging out in our community (and we have many who have been with us since that day in 2002!), this is no problem. Unfortunately, the downside is many new and potential customers didn't see everything we have to offer: all the wonderful addons our contributors offer, additional support resources, plentiful advice from other community administrators, and more.
In addition, we've always used the default theme that our software ships with, but with our self-service demo system now being the primary way new customers get to try out our software, this has become less important.
So, we took the decision to move some parts of the community to the website for more exposure and easier discovery by new visitors. We made some tweaks to our navigation so that finding these areas is easier than before. And, of course, we've brought the website header over to the community, giving it a fresher look and more consistent navigation, wherever you happen to be on our website.
Of course, all of our website is built in IPS4, as you would expect. Whereas before our website existed on a separate installation, as part of the update we merged our community and website together. This means you can sign in from anywhere, see your notifications and so on.
This is just the first step we've taken on improving what we offer and how we offer it. We have many plans in progress. You may have seen the theme tip we posted this week, which is the first in a series of regular tips we'll be sharing to help you get the most out of the IPS Community Suite. We'll also be highlighting some of the incredible work our customers do, whether it's a unique use of our software, or something in our Marketplace that adds a great feature.
Stay tuned!

We have updated a few of our embed options in version 4.1.9. Our goal was to make the embeds more user friendly and give admins more control over embed in general.
When you paste in a link from common services like YouTube, Twitter, and so on the system tries to embed a nice box instead of just a link. For example, if I pasted in this link:
https://twitter.com/invisionps/status/708019275521363968 It would create this box:
New in version 4.1.9 you can now optionally choose to revert the automatic embed back to a simple text link.
So in the above example, when I pasted in my Twitter link, I saw a bar come up giving me the option to revert back to a link. This is useful when you do not want a formatted embed box but instead simply want to reference something and get the visitor to click the link. It is also useful when you want to reference something as part of a single sentence and not have a break in the flow that an embedded content box creates.
There is also a new AdminCP setting to completely disable embeds across your entire Suite. Some clients have communities where they like to keep things down to just simple, plain text. You could always disable formatting option button in the editor and now you can also disable automated embeds.
As a reminder, the following formats are supported with our embed system. Simply paste a link to any of these services and you will get a nice, rich embed experience that really encourages engagement on your community.
College Humor Facebook Flickr Gfycat Google+ Hulu Instagram SoundCloud Spotify Ted Twitter Vimeo Vine YouTube You can also embed links to anything inside of the IPS Community Suite. So you could paste a link to another forum topic in the comment on a Gallery image and it will show a preview of that topic rather than a simple link.
We are always open to suggestions so feel free to post in our feedback forum. Thank you!