Security First

I think the title says it all.
It looks great as it is so concentrate on security features not making it look all fancy and making more vulnerabilities.

Get rid of that logo and let people put there own in because I see that come up a lot.
Make a right-click admin panel on each user for volume and cam, block, kick and so on.
Take away registering by email and use the bitcoin method to make a wallet with 6 rememberable words to get your password back, easy and simple.
make sure there are never any peer2peer leaks add a nice profile to each user so the can give stats about themselves
make plugins if its to hard to code some options that the owner can install.
Give the server owner a Great Admin control panel, then you can really put some great options on to protect rooms from trollers playing porn in the room full of kids ( yes I have seen it on YouTubes)
Most of all just copy the same method Facebook uses to block people, one banned the troller can not see the room ever again with IP ban too.
I use to use automated IP ban into the firewall on my projects because if you also ban proxy use then if they make a new name to come back they still can’t see the room and public proxies are too weak for WebRTC.
Also, make the rooms invisible for owners.
encrypt the passwords.

This is already the case, anyone can hide the logo by editing their interface_conmig.js on their deployment.

This is deployment specific and is hard to do a generic one. For example on an anonymous platform as this cannot be added as there is no authentication, you cannot authenticate users to admin certain rooms.

This is something you can already do. Prosody have several official and many contributed authentication providers:

A nice surprise there then lol many thanks.
I will look into that thank you for the links and taking the time to reply :wink:

Great work!
I guess no right click then means more protection options on admin panel.
I would be interested to see what you think about invisible rooms and block method that most apps use as I said for example facebook instead of never seeing the users profile again on facebook, instead it makes the room invisible to the trollers once banned, that would be perfect and of course Banning free proxies but not VPN servers, if you get what I mean.

Banning by ip is dangerous thing as you may ban a lot of people that are behind the same ip as the person you banned …

That is true but it should still be an option just encase or another idea is to do what PfSense does and ban country ip ranges server side to reduce attacks, I found that worked for me very well.