Best Security and Access Practices for Online Communities

Feb 23, 2016

What keeps community managers up at night? Security and access issues are at the top of the list. Due to the nature of the Internet, it is practically impossible to guarantee that users’ personal information and content is 100% secure and safe from unauthorized access, loss, or misuse. But there is a lot you can do to make a security breach extremely unlikely. So to promote peace of mind for CMs everywhere, I’ve put together this checklist of security best practices for communities. You may not be able to prevent World Wide Web Armageddon, but with these tips, you can rest soundly at night knowing that you have done everything possible to protect your data and keep your community online, no matter what.

SSL Encryption 

SSL stands for “Secure Sockets Layer” and it’s the standard security technology for establishing an encrypted link between a web server and a browser. This link ensures that all data passed between the web server and browsers remain private and integral. SSL is an industry standard used by millions of websites in the protection of their online transactions with their customers. Using forum software that features this technology is an important first line of defense against hackers. More info about SSL.

Cloud Hosting

In standard hosting your data is accessed from one physical server. If it goes down, so does your data. By contrast, cloud hosting pulls data from a “virtual server,” which is really just a massive network of physical servers. This is quickly becoming the new standard for everything from personal mobile devices and home networks, all the way up to Amazon’s $16 billion marketplace. With cloud hosting your data is accessible anywhere there’s an internet connection and a computer browser, and it's much more reliable, with none of the downtime associated with physical hosting. Cloud hosting is also more secure, with many data centers boasting 24/7 security systems. What’s more, your data is likely chopped up, encrypted and distributed to hundreds of different computers, then put back together for you when you go to open it. And this all takes place in a blink of the eye. Everything you've ever wanted to know about cloud hosting.


Many communities are wide open to encourage growth in a fan base or increase marketing share in a product, for example. However there are many situations that require a secure members-only site where you can control who logs in, what they view and how they participate. Examples of private communities include internal company employee groups, employee discussion forums, beta product user feedback, membership organizations such as non-profits, clubs or churches, and tuition-based virtual classrooms. Look for the Privacy settings tab to set your community's access, whether public or private.

For public access you will want to drive prospective members to your community through a strategic marketing plan where you post invitations on web sites, social media, TV and print ads and other ways. If you opt for a private community you may invite users, ordinarily via email, although other methods (engraved snail-mail invitation?) are also possible. Or you can give access to your entire organization by its email domain. Only users with email addresses in domains that you approve will be able to log in or sign up.

Supported Browsers

This is one area where preference and choice matter. Particularly if yours is a community of disparate users, you’ll want to find a forum platform that supports a wide variety of browsers, including Internet Explorer, Firefox, Safari, Chrome and Safari and Android mobile browsers. Whichever browser you favor, be sure to keep it updated to take advantage of the best encryption and privacy support. Check out this site to view the latest versions of the browsers.

Enabling Cookies

Cookies are small text files stored in your browser on your computer that websites use to recognize repeat visitors. In order to deliver personalized service, track user views and track logins, online forum platforms require browser cookies to be enabled. Be sure to ask your forum host whether they collect personal information or provide marketing information to third parties. To learn more about enabling and disabling cookies, check out these links: Chrome, Internet Explorer, Firefox, Safari.

SSO (Single Sign-On)

Single sign-on is an authentication process that permits a user to enter one name and password in order to access multiple applications. The process authenticates the user for all the applications they have been given rights to and eliminates further prompts when they switch applications during a particular session. This allows users of your website, for example, to log into your online community automatically, without needing to sign up and create another account. Implementation of SSO on your website requires technical development skills and your forum host can provide the information necessary for your technical staff to implement SSO on your website.


One of the simplest and most important ways to enhance the security of your online community is to strengthen the passwords you use to log in. A good password uses letters, numbers and also symbols. Another trick is to use random letters, numbers and symbols for password hints and reminders. To reduce the threat of hackers, and data theft, you can also encourage your staff and members to improve their security practices by requiring passwords that use letters, numbers and symbols. If your service allows it, consider offering two-factor authentication, particularly if your community deals with private and sensitive data. Remember that using the same password for multiple sites is a no-no. If all these rules about passwords seem overwhelming, consider using a password manager such as LastPass, KeePass or 1Password, which offer random password generation, auto password updates and secure add-ons.

What’s your biggest online community security headache and how have you solved it?

Posted By