PeepSo_1105_release_brute_force

New Release: PeepSo 1.10.5

Second release of July has just arrived. It’s packed with new features, improvements and fixes. Security was one of our primary concerns when it comes to this release. This one contains another feature sponsored by VIP PeepSo Member Dale, we couldn’t fit it in the previous release because of the time limits, but it’s finally delivered. For that we all should definitely give him thanks, be sure to check out the blog post written by Dale too.

? Upgrades ?

If your PeepSo is older than version 1.10.0contact us and we will handle your update ourselves.

IMPORTANT NOTE. We release all plugins at the same time. Sometimes, it can take some time for all available updates to show in the backend of your site. If some plugins’ updates don’t show, wait. Just Wait. Don’t upgrade just some of them. Drink some coffee and wait. Your site needs to catch up to show them all. If you feel like it’s taking too long, contact us. We’re here to help!

For a quick and hassle-free update:

  1. Make sure your site is backed up. Preferably test updates on a staging site.
  2. Go to the backend of your site > Dashboard > Updates
  3. Select all PeepSo plugins that need to be updated
  4. Click ‘Update Plugins’ (note: this will deactivate all of the add-on plugins), don’t worry, they’ll come back during Step 7!
  5. Update PeepSo Core
  6. Go to the backend > Plugins
  7. Reactivate all PeepSo plugins

The whole operation doesn’t take more than 3 minutes. Should you have any issues or questions, please do contact us.

Post on Activity Stream When Joining a Group

VIP PeepSo Member Dale sponsored this feature in this release as well as I mentioned in the intro to this blog post. What it actually does is it creates a post within your community announcing that someone joined a group. There’s a new pair of settings in the backend of your site > PeepSo > Configuration > Groups. A section for New members. The two settings are:

  • Action text (on group stream)
    For example “joined this group”. Leave empty for default. Applies to old posts too.
  • Action text (on other streams)
    For example “joined a group:”. Leave empty for default. Applies to old posts too.

When the option is enabled a post is created automatically on user’s stream when they join a group. These posts are deleted automatically when the user leaves or is removed/banned from the group too.

Brute Force Protection Settings

One day few weeks ago we got a support ticket and a tweet saying it’d be great, if there was some more security for PeepSo. What started as a simple idea for adding some brute force password cracking prevention turned out to be a full-blown feature. Not only it’s fully configurable as you get the following options in the backend > PeepSo > Configuration > Advanced > Security > Login security:

  • Minimum password length
    Applies only to new passwords.

The above was introduced as a setting after a user pointed out on our registration there’s just a simple 6 character password being required. We made this configurable with a new default minimum of at least 10 characters per password.

The minimum password length is a new feature and not really related directly to the brute force settings. Nevertheless, it is related to login security. It doesn’t matter whether the brute force protection is enabled or not, the minimum password length setting is self-contained.

Now to get to the actual brute force protection. When enabled you have the following settings at your disposal:

  • Block login after
    Maximum failed attempts allowed.
  • Block for
    hours:minutes – how long to block login attempts after the above limit is reached.
  • Email Notification
    Send an e-mail notification to the user, warning them about failed login attempts.
  • Enable additional block after
    Additional security when users block themselves repeatedly.
  • Additional block length
    How long to block login attempts when additional security is triggered.
  • Reset retries after
    How long it takes for the system to “forget” about a failed login attempt.

Those settings pretty much guarantee that nobody can get in using brute force. Of course, the settings only work for PeepSo login forms. Maybe one day we’ll find a way to secure all of your forms even 3rd party ones.

Getting Started Page

Every once in a while we need to get back to the basics. Meaning, try to see PeepSo from a perspective of someone who’s never used it. Even though PeepSo is super easy to install, even though it creates all the pages with shortcodes and pretty much sets your community up in an instant, it didn’t use to communicate well with the user in the beginning. After activation you were taken to the PeepSo Dashboard and… well, that’s it.

This is why we introduced a Getting Started page. After enabling PeepSo you’ll be invited to check it out. It contains all the necessary information all fit into three screens:

  • First Screen – Welcome to PeepSo!
    Contains information on the created pages, shortcodes and navigation.
  • Second Screen – Customize
    Contains a few selected configuration settings to get started on making the community yours from the start.
  • Third Screen – Next Steps
    Contains information about available widgets (for PeepSo, not counting Photos or Videos widgets for now), a hint to hook up WordPress menus and a set of links to your community, configuration and dashboard.

Each screen also contains information on where to look for documentation, support, our own community, developer resources as well as info to get the PeepSo Ultimate Bundle and subscribe to our newsletter. If you already have the bundle key added, you won’t see it there. Same goes for the newsletter.

You’ll also notice that on the second screen where you’re customizing options there’s no ‘save’ button. It’s our little playground for introducing a whole new ajaxified backend. But that will come in later releases.

Login Widget

Since we introduced the brute force protection, adding a login widget to get you covered anywhere on your site also feels quite natural here. It does exactly what the name suggests. It’s a… widget… for… well, you guessed it. Logging users in. It also comes with 2 settings in the backend for either vertical or horizontal layout so you can place it in any position and it’ll blend nicely with your theme and content.

Other Improvements and Fixes

This release also comes with a bunch of other improvements and fixes. Some of them are of the under-the-hood type but as important or at times even more important than sparkly new stuff that you can see. We did improve PeepSo forms further, updated the upgrade instructions when there’s a new version available so there’s no confusion what to do and how to do it. Chat has a long-polling interval set to maximum when browser is in the background so it doesn’t use up server resources unnecessarily therefore improving performance. Users can now like and comment on Read-Only (announcement) Groups. With LearnDash integration we made sure users should not get VIP icons after finishing courses that don’t have a VIP icon assigned. We made sure AutoFriends works with latest WooCommerce Social Login too. You can see the full changelog here.

Brought to you by PeepSo Team Eric Tracz
I'm a Digital Nomad currently living in Kuala Lumpur. Co-Founder and CEO of PeepSo.com. First time WordCamp Speaker at WordCamp Kuala Lumpur 2017, WordCamp Singapore 2019 and hoping to speak more soon. I started my journey with open source nearly a decade ago as a simple support guy. Joomla! was my first encounter with the world of Open Source. After that period of my life got phased out I fell in love with WordPress and never left. I have been both lucky and at the same time I worked my ass off to get to where I am right now. Free time, if I have any, is usually spent with my fiancé and / or travel around South-East Asia. Even when I'm supposed to be on a little vacation, not a day goes by when I don't check up on PeepSo. So far visited or lived in: Indonesia, Malaysia, Singapore, Vietnam, Cambodia, Laos, Thailand, China, Japan, Maldives, Sri Lanka, Myanmar, Norway, Germany, Scotland, England and more...

Reactions & comments

Join Our Community!

Join us to discuss PeepSo's features, connect with the development team and give suggestions.

Comments

@peepso_user_2999(Jesse Evans)
You guys just keep rocking it
@peepso_user_10386(Josh )
Now that there is a "Getting Started Page" for admins, are there plans to add one for users to inform them how to use the site/stream?
@peepso_user_10386(Josh )
The frontend "Getting Started" could show as a modal with 3 easy steps that the admin could change for their community. The modal would be completely independent of the template. If we wanted to avoid a popbox, we could show it in the same position as the stream (above) which would make the template choice not really relevant to it's display. Think of it as another row (DIV object) that loads above the stream for fresh users.

As for why: We have sites tailored for specific audiences. For example if our site relies heavily on advanced search, tab structures, or a more complex editor (WordPress 5 has Gutenberg) the users could either use guidance or at least direction on how to easily post with links to site tutorials, forum rules, posting guidelines, and how they can manage their goals with Peepso for future planning (on the members end). My WordPress site will be more than just a fun experience to find interesting people/quality information, it will help people attain their goals/plans. I'm sure I'm not the only one.
1 year ago 1 year ago
@peepso_user_7(Eric Tracz)
@peepso_user_10386(Josh) maybe we’ll revisit that idea some time in the future.
1 year ago 1 year ago