Settings
Settings allows specifying the operational values for a site.
Access△
This section contains flags for whether the site is to use 2-factor identification and enhanced accessibility presentation.
# | Name | Description |
---|---|---|
1 | Accessibility | If turned on, the whole site will show links as underlined and not justify text. A logged-in user can set their own accessibility preference |
2 | 2-factor login | If turned on, after submitting a password, an email will be sent to the user's email with a link which when clicked will allow entry to the management pages, after which the resulting browser page can then be closed. This ensures that someone logging in is likely to be the legitimate user. However, this process relies upon the user having the only access to their emails |
These are turned off by default.
Values△
This section covers site-wide values used by Smallsite Design.
# | Name | Description |
---|---|---|
1 | Site ID | Short identifier used as the prefix for archive file names. This uses basic Latin alphabetic characters so that it should display properly in all operating systems |
2 | Site name | Site name that is appended to the hidden title tag of a page in a browser. The full text of that tag will usually be displayed in the browser tab for the page |
3 | Copyright owner | Name of the copyright holder for the site. It will be the legally registered name for a business, or an individual's full name. It appears in the footer for a page |
4 | Registration name | Name of the type of registration for the next field. It is provided to show information like business registration numbers that may be legally required to be displayed. If this field is blank, no registration details will appear in page footers |
5 | Registration ID | Identifier or number for the type of registration in the previous field |
# | Name | Example |
---|---|---|
1 | Site ID | sd as an identifier for Smallsite Design |
2 | Site name | Smallsite Design |
3 | Copyright owner | Patanjali Sokaris or Company Pty Ltd |
4 | Registration name | ABN for Australian Business Number |
5 | Registration ID | 14 326 274 274 |
Mime types△
Mime types define how the web server processes files so that they display properly.
Warning
Only change these if you really know what you are doing. Incorrect settings may affect how some files are displayed and processed.
Working values have already been supplied. These settings have only been provided to cater for future changes that may be required, such as for new multimedia file formats.
The currently recommended mime types that you can cut-and-paste from here are:
csv=text/csv
epub=application/epub+zip
flac=audio/flac
gif=image/gif
ico=image/x-icon
jpg=image/jpeg
m4a=audio/mp4
mp3=audio/mpeg
mp4=video/mp4
oga=audio/ogg; codecs="vorbis"
ogv=video/ogg; codecs="theora, vorbis"
pdf=application/pdf
png=image/png
txt=text/plain
webm=video/webm; codecs="vp8.0, vorbis"
While technically a file with a specific extension may have multiple mime types associated with it, Smallsite Design is keeping it simple by allowing only one mime type per extension. In those rare cases where a mime type extension is already used, an alternate extension will need to be specified here for the new mime type, and any files expected to use it need to be renamed to use the new extension before uploading them.
Settings△
These settings facilitate site stability and operation.
Warning
Only change these if you really know what you are doing. Incorrect settings may make parts or all of the site inaccessible, or expose it to exploitation.
Working values have already been supplied. These settings have only been provided to cater for future changes that may be required.
# | Name | Description |
---|---|---|
1 | Unwanted crawlers | Web site crawlers that excessively scan sites while generally providing little benefit for them. These are typically scanning for the benefit of their business customers, rather than helping the discovery of the scanned sites by the general public. However, some may benefit your site, so do your research. If you want one, delete the name and its associated | character |
2 | Additional schemes | Names of communication protocols, other than https, and separated by |, that external sites might need at the front of their URLs for some of the services they offer. Cannot add the insecure http scheme. For almost all likely external sites to be linked to, no schemes have to be added here |
# | Name | Current recommendation |
---|---|---|
1 | Unwanted crawlers | PetalBot|AhrefsBot|SemrushBot|SeznamBot|Mail.RU_Bot |
2 | Additional schemes | None |
There are many words that should never be used in the Unwanted crawlers setting, such as browser names like Mozilla or Safari, or for operating systems. That is because most browsers cite many of these names in their compatibility text to ensure that that sites that are sniffing for browsers to determine how they render the page will show the full page. However, if any of these words are mentioned here, the site's pages will be hidden from many, if not all visitors.
For example, a typical browser user agent string for Chrome on Windows is:
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.102 Safari/537.36
while that for Safari on an iPhone is:
Mozilla/5.0 (iPhone; CPU iPhone OS 15_3_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.2 Mobile/15E148 Safari/604.1.
If adding a bot name to this list, ensure it is exactly as it appears in browser user agent strings, such as in server logs, including case.
Password checking△
These settings configure how user passwords are checked against those that have been leaked.
Warning
Only change these if you really know what you are doing. Incorrect settings may affect whether passwords are checked properly or at all.
Working values have already been supplied. These settings have only been provided to cater for future changes that may be required.
# | Name | Description |
---|---|---|
1 | Status | Whether checking passwords at login is enabled |
2 | URL | Prefix to the URL to the checking provider's command internet address. The parameters to checked a password are added to this. If blank, no password checking is done |
3 | Hash protocol | Name of the method used to generate the hash from the password |
4 | Characters | Number of the first characters of the hashed password added to the URL |
# | Name | Current recommendation |
---|---|---|
1 | Status | Enabled |
2 | URL | https://api.pwnedpasswords.com/range/ |
3 | Hash protocol | sha1 |
4 | Characters | 5 |
The current settings are for a service provided by Troy Hunt and his Have I been pwned web site, using Cloudflare to timely service the huge number of daily requests at the edge servers of their cloud infrastructure. His database contains half a billion leaked passwords.
The process uses what is known as k-anonymity to allow secure transmission of passwords. It involves hashing the password, and sending off the first few characters. A list of several hundred remainders of hashes that match that prefix is returned. If the tail end of the hash of the actual password is on the list, it is compromised.
Smallsite Design checks the password at login if more than a day has elapsed since the previous check. If the check fails, a highlighted notice will be displayed, prompting the user to change to another, which will also be rejected if it fails when checked.