Your webserver logging IP addresses is a legitimate interest that does not require consent (preventing abuse).
I do hope you're not storing passwords, only a securely stretched and hashed variant, which is not subject to the GDPR.
Emails and Usernames will require consent, as do IPs stored outside a context of legitimate interest (preventing abuse).
The only thing that most communities will be missing is a function to delete all user data from their website (ie, delete user + all posts on request) but that should come into standard software soon enough or is already present.
I do hope you're not storing passwords, only a securely stretched and hashed variant, which is not subject to the GDPR.
Emails and Usernames will require consent, as do IPs stored outside a context of legitimate interest (preventing abuse).
The only thing that most communities will be missing is a function to delete all user data from their website (ie, delete user + all posts on request) but that should come into standard software soon enough or is already present.