Over the past few months, we have focused on improving the overall security offerings within Hoop.la. Hoop.la is already a highly secure platform, but we wanted to offer an even higher level of assurance and compliance for the ultra-security conscious customer. This has included a new Premium Security add-on that offers many new, advanced security features such as total data encryption of all data at-rest, anti-virus/anti-malware, DoS/DDoS mitigation, IP Reputation Management, Intrusion Detection, HIPAA compliance, and much more.
In light of that, we have taken a look at other ways to further improve the security of the platform. With the new Hoop.la release today, we have further strengthened Hoop.la's position from a PCI compliance perspective. PCI DSS is a security model crafted for vendors who collect, transmit, and process credit card and payment information. Hoop.la's servers have historically collected credit card information directly from users for the FeePod premium membership service.
Hoop.la has always treated credit card data in highest regard, complying with PCI requirements for encryption of credit card information in transit and security of servers receiving and processing credit card details. Hoop.la has never stored any credit card data internally for FeePod purposes, but nevertheless has always needed to abide by higher security standards in order to comply with PCI rules due to credit card details flowing through Hoop.la's servers.
Now, credit card details are no longer transmitted to Hoop.la servers whatsoever. Instead, all credit card details will be transmitted directly to our third-party payment processor, Recurly, thus bypassing Hoop.la's servers entirely. The fewer hands that payment information passes through, the more secure the data is. This change relieves us of some environmental and software complications required for PCI compliance, which frees us up to put more focus into growing and expanding the best online community platform in the universe.
The beauty of this change is that it will be completely unnoticeable to your users. The FeePod user interfaces have not changed whatsoever, so users can continue to order premium memberships and update billing information as they always have.
This release also includes a few other improvements:
- Hoop.la Database Notification improvements. Previously, Hoop.la had a single notification setting to control notifications across all databases. This was a bit inconsistent in that databases are otherwise completely independent of each other. We've now streamlined the database notification settings so that instead of one global setting, you control notifications for each individual database separately.
- Two-factor authentication filters in Manage Members. With the recent Two-Factor Authentication Release, Hoop.la now formally supports two-factor authentication (2FA). We've further improved upon the 2FA support so that you can search for members on your site who either have enabled or not enabled 2FA on their accounts. There also will be a
2FAbadge that shows next to members in the Manage Members list who have enabled 2FA. This can help you get an accounting for who all is using (or is not using) 2FA on your community.
- New "Send Registration Confirmation Email" setting. There is a new option in Registration Settings that will allow you to suppress the registration confirmation email from being sent to newly registered members on your site. This option is only available if you do not have email verification required. Some communities prefer not to send out the initial registration email, and now they have a way to suppress it.
- "Moderate All Support Topics" permission is now "Manage All QuestionShark Content". For sites using QuestionShark, Support Reps generally need the ability to manage support topics, knowledge base articles, and documentation. In the previous model, it was unclear and slightly inconsistent how these permissions were assigned. In the new model, the Manage All QuestionShark Content permission applies to moderation and management of all support topics, knowledge base articles, and support documentation. Support Reps do not need to have the general Manage QuestionShark module permission any longer. Additionally, the Manage All QuestionShark Content permission is no longer limited purely to the Support Reps permission circle; it can be assigned to any permission circle now.
- Default "Support Rep" title removed. Previously on Hoop.la sites with QuestionShark enabled, all Super Admins and Support Reps would be given a default title of Support Rep. We've removed that legacy behavior to allow for a more streamlined and straight-forward approach to titles. This new approach leaves member titles and badges in the hands of administrators without inferring the Support Rep role, where it's not always appropriate.
- Removed "Powered By Hoop.la" from emails. We have removed the "Powered By Hoop.la" footer from all emails sent from Hoop.la. We found that many customers prefer to have these emails without formal Hoop.la branding, so we made the call to remove our Powered By from all emails sent from Hoop.la.
As with all Hoop.la software updates, there are a variety of other bug fixes and minor improvements included in this release, as well.