Within a NodeBB forum, users are able to flag content for moderation. Users are able to specify why they believe a particular post should be flagged.

Once flagged, a post will appear within the Flagged Content control panel, which is accessible to Administrators and Moderators. Flagged Content can be opened for these users by clicking on their profile image, which typically appears in the top right corner of the screen on most forums.

The Flagged Content defaults to showing most recently flagged content, but may be sorted and filtered via the options on the left of the screen.

Individual posts include information and a number of possible actions that may be taken.

A flag's State may be used to filter flagged content, and allows other Mods to see the current state of action. Possible flag States include:

• New/Open
• Work in Progress
• Resolved
• Rejected

Flags may be assigned to a individual Mod, who will receive a notification. Notes can view by other Mods. Mods can also see a history of the actions taken with regard to this flag.

Moderation actions include:

• Delete Post
• Message the poster via chat
• Ban the account temporarily, in a time period set in either hours or days
• Ban the account permanently
• Mute the account temporarily (muted users can view forum content but not post or communicate via chat)
• Permanently remove the user's content but leave the user account in place
• Permanently remove the user
• Permanently remove the user and their content

NodeBB allows for an unlimited number of accounts to be designated as one of the following:

• Administrators have full access to the Admin Control Panel (ACP) as well as all moderation tool
  • CAUTION any user designated as an Administrator has full power, including the ability to remove other admins
• Global Moderators have access to moderation tools within all categories of the forum
• Category Moderators have access to moderation tools only within their assigned category or categories

Note that a user must first have a forum account to be an Admin or Moderator. They can then be designated using the Manage > Admins & Mods menu in the ACP.

To designate an Admin or Mod, simply begin to type their user name in the appropriate "Add..." line. The user should pop up automatically as you begin to type, and can then be selected.

Admin or Mod privileges can be removed via this page by clicking on the X next to the appropriate name, then confirming.

Note that to designate a Category Mod, you must first select the appropriate category from the selection pulldown menu.

NodeBB has a bug bounty program to supplement our efforts to identify vulnerabilities in our software, and to reward those who submit them to us for fixing.

Please visit our bug bounty page for more information.

The General Data Protection Regulation (GDPR) is a European Union law intended to promote the protection of privacy and personal information. It’s main goal to give users more control over their personal data.

NodeBB was the world's first GDPR compliant forum software. Please visit the NodeBB GDPR page to review our Data Protection Addendum (DPA) and our list of subprocessors.

NodeBB currently has integrations for:

• Slack
• Wordpress
• Google Adsense
• Mailchimp
• Pushbullet
• Ghost
• Twilio
• Amazon S3

Other integrations can be built, if you are interested please contact us for more information.

Enabling Facebook SSO requires that you have a Facebook account of your own. You will also need to restart your NodeBB instance a couple of times during the process. This will shut down your forum to users for a short period each time, so if you run a busy forum you may wish to do this during off-peak hours.

Install and activate plugin

1. Open the administrative dashboard using the 'gear' icon on your forum.
2. Open the Extend > Plugins menu.
3. Select the Find Plugins tab.
4. Use the plugin search on the right side to search for Facebook.
5. From Installed tab on the Plugins menu, search again for Facebook and select Activate.
6. Activating the plugin will require a restart of your forum. To restart, select the Dashboard menu and press the Restart button to the right. After NodeBB restarts, the Facebook SSO plugin will be active.
7. Refresh your browser to reveal the Social Authentication menu -- select this menu, and then select Facebook.

Enable Facebook sign-on

1. Go to the Facebook Developers page, which is linked from this menu.
2. Create a Facebook app shell. Select Create a new app, and enter the required information. 
3. Select Dashboard on the left of the page and locate your App ID and Secret code. 

Returning to NodeBB, copy and paste the Application ID and Secret code into the appropriate places on the Facebook menu page. You can also allow users who sign on with Facebook to skip the standard email verification step since Facebook usually does a good job of verifying these emails, but this is up to you. Be sure to save these settings. Once you are done, you will need to restart the forum one more time.

Once your forum restarts, new users will be able to join your forum using their Facebook ID. This option will be added to the user registration page automatically.

 Facebook SSO for NodeBB

Enabling Google SSO requires that you have a Google account of your own. You will also need to restart your forum a couple of times to activate Google SSO for your users. 

Install and activate plugin

1. Open the administrative dashboard.
2. Plugins > Install Plugins menu.
3. Select the Find Plugins tab, and search for Google. There are number of different Google-related plugins, so scroll down the list until you see the SSO plugin -- select Install when you see it.
4. From Installed tab on the Plugins menu, search again and select Activate.
5. Activating the plugin will require a restart of your forum. Select the Dashboard menu and press the Restart button to the right. After NodeBB restarts, the Google SSO plugin will be active.
6. Refresh your browser to reveal the Social Authentication menu -- select this menu, and then select Google.

Enable Google SSO

Authenticate your forum in the Google API console, which is linked from this page. Before opening the Google console, select and copy the text /auth/google/callback without the single quotes. You'll need this info later to link Google SSO with your forum.

1. Follow the Google SSO link.
2. Accept the terms of use.
3. Look for the Google+ API link, which you should find under the Social APIs menu. Click on this link, and then click Enable to the right of the title.
4. Click on "Go to Credentials."  
5. For where the API is being called from select "Web Server" and for the type of data select "User Data."  
6. Now click "What credentials do I need?"
7. Under "Authorized Javascript Origins" enter your forum address.  
8. Under "Authorized redirect URIs", enter the address again but this time paste the path you copied earlier to the end.
9. Click "Create Client ID."

Confirmation email address

You'll be asked to provide a confirmation email address and a product name. This information will be shown to users who register for your forum, so make sure the name given is descriptive of your site. On the last set up page, just click Done.

Your Client ID will now be set up. You'll need both Client ID number and Secret code to activate SSO. To get these, click on the name of your ID. The easiest thing to do is to copy and paste both these codes into a blank notepad window. Once you have done this, you can exit the Google API page.

Returning to NodeBB, copy and paste the Client ID and Secret code into the appropriate places on the Google menu page. You can also allow users who sign on with Google to skip the standard email verification step since Google usually does a good job of verifying these emails, but this is up to you. Be sure to save these settings. Once you are done, you will need to restart the forum one more time. 

Once your forum restarts, new users will be able to join your forum using their Google ID. This option will be added to the user registration page automatically.

 Enabling Google SSO for your NodeBB forum

NodeBB does allow uploaded images to be displayed, but it is not optimized for large images or a high volume of images. If your forum lends itself to a lot of image sharing by members, you will want to activate an image handling plugin. One popular example uses the image sharing site Imgur.

1. Open the administrative dashboard using the 'gear' icon on your forum.
2. Open the Extend > Plugins menu, and select the Find Plugins tab. The quickest way to find the plugin is to use the search on the right. Type 'Imgur' and the plugin should appear -- select Install when you see it.
3. From the Installed tab on the Plugins menu, search for 'Imgur' again, and select Activate.
4. Activating the plugin will require a restart of your forum. To restart, select the Dashboard menu and press the Restart button to the right. After NodeBB restarts, the Imgur plugin will be active.

Now you'll need to register your forum with Imgur. If you don't already have an Imgur account of your own you'll need to create one first.

1. Once this is done, go to the Plugin > Imgur menu in NodeBB. Here you will find set-up instructions.
2. Select and copy the callback URL example.
3. Then click on the link that leads to the Imgur application registration page.
4. Enter a name for your forum, and then paste in the callback URL example.
5. Now, select the portion of this that reads "yourforum.com" and replace it with the actual address for your forum.
6. Fill out the remaining fields and submit the form.
7. Imgur makes use of two different keys: a Client ID key and a secret ID. Copy and paste each of these keys into the appropriate field in NodeBB.
8. Hit the "Save" button at the bottom of the screen, then "Authorize." You will be re-directed back to Imgur where you will be asked to allow the forum to access your account.
9. Select "allow." You will then be redirected back to your forum.

Once these steps are completed, any images uploaded to your forum will automatically be stored in your Imgur account.

 Setting up Imgur image upload service for NodeBB

One of the first important things to do after setting up NodeBB is to set up an emailer plugin. While NodeBB does include a local emailer, if your forum is particularly active we recommend using an third-party emailer such as SendGrid which provides better deliverability for sites that send a high volume of email. Setting up SendGrid in NodeBB is very easy.

1. Open the administrative dashboard using the 'gear' icon on your forum.
2. Open the Extend > Plugins menu, and select the Find Plugins tab.
3. Use the search on the right. Type 'SendGrid' and the plugin should appear -- select Install when you see it.
4. From Installed tab on the Plugins menu, search again for 'SendGrid' and select Activate.
5. Activating the plugin will require a restart of your forum. To restart, select the Dashboard menu and press the Restart button to the right. After NodeBB restarts, the SendGrid plugin will be active.

After you restart, there should be a item called Emailer (SendGrid) under the Plugins menu -- if you don't see this right away, try refreshing your browser.

Sign up to SendGrid

1. Go to the SendGrid website, open the pricing page and scroll to the bottom. Click on the link and create your free account.
2. Once you've confirmed your SendGrid account via email, you should be able to login to the SendGrid website. On the left side of your SendGrid dashboard, open Settings and click on API Keys.
3. Click the button in the top right to create a new key. Make sure that the key has Full Access for Send Mail and Alerts.  When you are done, the new key to your clipboard.

Now, return to the SendGrid menu on your NodeBB admin panel. Paste the API key into the field, and save your changes. Now go back to the Dashboard to restart your forum one more time.

SendGrid should now be working for your forum.

 Setting up SendGrid mailer for NodeBB

While NodeBB does provide anti-spamming features, spam posts will occationally slip by.

Logged-in admins can edit or delete offending messages right away by clicking the 'gear' icon on any message. You can also create moderator accounts that are separate from the main admin group. In addition, we have user moderation tools which allow admins to to select multiple users to delete/ban them or to remove their topics/posts. We also have IP Blacklisting which will ban all users originating from a range of IP addresses.