Home > Articles

PostNuke Essentials

This chapter is from the book

This chapter is from the book

Site Settings

The Settings module allows you to administer all general website configuration options in PostNuke. In the way that a given module might allow you to configure a particular site feature included with the module, the Settings module configures global variables for PostNuke itself. There are currently six main parts to the one long form:

  • General Site Info

  • Footer Messages

  • Backend Configuration

  • Security Options

  • Run on Intranet

  • HTML Options

When you submit your changes, anything altered in any of the six parts is submitted together.

General Site Info

The Site Name field allows you to place the name of your site into the PostNuke database, as shown in Figure 3.2. This is a very important field. Many themes, including the default ones included with PostNuke, use the Site Name field as a variable to dynamically display the name of your site in the page header. Your site's name also displays in the browser's title bar, and it is used to name the bookmarks visitors make to your site. Even if you decide later to use a graphic for your title, you should always have this field populated.

The Site Logo field names a file that should be a small version of your logo (no larger than 300px wide and 80px tall). The graphic must be placed in the main PostNuke images directory. You can find the default logo.gif file there as an example. The format of this graphic should be GIF, JPG, or PNG, just like any web image.

Figure 3.2Figure 3.2 Describing your site.

This logo filename can also be referenced in a theme, just as the site name mentioned previously, and some of the default themes previously used the file in the site header. In the current PostNuke release, the Site Logo field has two functions. When a user views content in the Printer Friendly Page format, all normal images and theme structure are removed from the page. The resulting content only includes the Site Logo file above the text. Second, when a website gets a Really Simple Syndication (RSS) news feed from a PostNuke site, the Site Logo image can optionally display with the news to identify where it comes from. It's recommended that you keep this image as small as possible to make a minimal impact on printing and news feed usage. For additional information on the later feature, see the "Backend Configuration" section later in this chapter.

The Site Slogan field is used to describe your site further. It appears in all the default themes, usually after or under the site name. You can code this variable out of your theme, but it's a good idea to leave it in the browser's title bar. PostNuke 0.750 does not provide a field for creating and editing your site's meta description tag. You can hack PostNuke to include additional meta tags (see Chapter 21, "General PostNuke Hacks"), but if you leave the page header information as the default, your site's title becomes very important for search engine indexing.

The Meta Keywords field, shown in Figure 3.3, allows you to populate the standard keyword tag used to describe your site to a search engine. The words and phrases should be separated by commas. Search engines usually give priority to the earlier words over the latter, so place your main words first. In addition, it is best to avoid word repetition, as many engines penalize you with a reduced ranking if they believe you are trying to abuse the keyword system.

You also have the option to turn on PostNuke's Dynamic Meta Keywords. With this feature enabled, the Meta Keywords for a given page are determined by the content displayed on the page. For example, if you are viewing a news article, the article's content is parsed by PostNuke, and the most commonly used words are applied to the page's keywords.

Figure 3.3Figure 3.3 Managing Meta Keywords.


The use of the Dynamic Meta Keywords feature can result in reduced performance for your site. If you are using this setting and find your site is running slow, try turning it off and test for speed improvement. See Appendix A, "Speed Up PostNuke," for more performance tips.

PostNuke's Site Start Date field describes the date your PostNuke site itself goes live. Even if your website existed before you installed and began using PostNuke, this date should reflect when PostNuke itself became active. It is displayed on the built-in statistics module, and that information only relates to PostNuke itself no matter how long your site existed previously. The date is actually a regular text field, so you can write the date in whichever manner you prefer, such as any of the following examples:

  • July 15, 2010

  • July 2010

  • 2010-07-15

  • 15/07/2010

  • 07.2010

  • Thursday, July 15th 2010, 10:30am

The Administrator Email field is used with any correspondence you initiate using the PostNuke mailing features. The contents of this field appear as the "From" address in the sent email. You might want to set up a special email address for administrative PostNuke messages to help protect your personal address from unwanted posts, such as spam solicitations or virus mailers.


PostNuke cannot send email if you have not configured one of the transport options in the Mailer module. Simple Mail Transfer Protocol (SMTP) services defined in your php.ini file are used by default. If you do not plan to have a mail server set up for your PostNuke site, you can leave the Administrator Email field blank.

Your site's global theme is chosen using the Default Theme For Your Site drop-down list box. The theme you choose here is the first thing all users see when they visit your website. PostNuke includes one basic theme, ExtraLite, enabled by default, and six different Xanthia themes. You can test each of the themes by simply selecting them and saving your changes in this form.


Click the Inactive Xanthia Themes Are Not Included in This List link by the Default Theme list box to jump to the Xanthia module administration page where you can easily add the other default themes.

The default themes are all similar, and you should have no trouble getting back to the settings form after testing. The theme shown in this book's figures is called simply "PostNuke" (see Figure 3.4).

Site users can be allowed to customize their own site interface by selecting a different theme in their personal account preferences. If you prefer to restrict the site to only your main theme, you can select "No" for the Allow Users to Override Theme option. The theme list is dynamically generated using the theme directories found in the /themes/ directory in your PostNuke site; if you remove a theme from that directory, it is also removed from the list box for both users and your website settings form. Users without an account or those who are not currently logged on will always see the default theme.

Figure 3.4Figure 3.4 Choosing your site's theme using the drop-down list box.


If you initially allow users to select personal themes, but later turn off this option, all users automatically see the site's default theme. If you rename or remove a theme previously chosen by a user, the user also automatically sees the default site theme until their chosen theme is replaced or renamed.

The Local Time Format field determines how date and time references are displayed throughout your site. It is mainly tied to the language setting. It's recommended that you leave this setting at your installed default, such as en_US. To alter the way dates appear on pages, go to your language directory and edit the configuration files manually. For example, with a site using English, edit /language/eng/global.php. The code you need to look for is as follows:

define('_DATEBRIEF','%b %d, %Y');
define('_DATELONG','%A, %B %d, %Y');
define('_DATESTRING','%A, %B %d @ %H:%M:%S');
define('_DATETIMEBRIEF','%b %d, %Y - %I:%M %p');
define('_DATETIMELONG','%A, %B %d, %Y - %I:%M %p');

The dates are defined using standard PHP time/date character variables. A complete listing of what characters are possible, what each means, and how to use them is available online in the official PHP documentation at http://www.php.net/manual/en/function.date.php.

The Time Zone Offset field should be set to the server's local time zone. The positive/negative hour offset is based on Greenwich mean time (GMT), which is the default setting. Every time PostNuke displays date or time information, it is in reference to this setting. Individual users with accounts can select their respective local time zone in their personal preferences. A user's local time is then computed using the server's Time Zone Offset and hardware time setting as a basis.

Your site's Start Page is determined by the next selection box. By default, all PostNuke sites use the News module as a home page. The drop-down list box provides a list of other modules you can use instead. News is still available to site visitors through the news link, just as other sections are always available from the Main Menu.

As mentioned previously, when you browse to the main site Administration Menu page, additional information areas are below the icons. One of those sections lists recent articles posted to your site. By default, only 20 articles are shown, but you can change that amount from 10 to 50 using the Number of Articles in Administration Menu field.

Similar to the Number of Articles in Administration Menu option, you can also set the number of posts visible on the main news page using the Number of Stories on Homepage list box. The default is 10 news articles, but you can increase it up to 30 by using this form.


A large number of news articles displayed at once can result in slower page display. If you are using News as your site's home page, it's better to keep the article number low so your site's most-visited page remains fast for your visitors.

The Order of Stories on Homepage option selects the criteria PostNuke uses to determine the age and importance of articles for display. By default, this field is set to News Date/Time. Each article has a time of creation associated with it, and normally the default setting is what you want to use. Alternatively, you can select the News ID to determine display order. Most PostNuke content is given a unique ID number as the content is created. The numbers are incremental and respective to the section where the content belongs. If you feel you cannot trust the time stamps placed on your articles, for example if your server's time setting has changed, using the ID number displays the articles in their creation order.

The Display Right Blocks in Articles option relates only to how a story article is displayed when read fully. For example, if you click on the name of a news posting, you are sent to a page containing just the one article. PostNuke articles have extra "right blocks" that can be displayed for extra information, such as to show other articles related to the one being viewed. If you turn this setting off, articles are automatically displayed in the full width available.


Do not confuse the Right Blocks in Articles option with the overall positioning of blocks in a theme. PostNuke themes have content locations with names such as "left," "right," and "center," and those positions are used to describe module blocks. But the name similarity with right-side article blocks is not meant to relate them.

You can make lengthy News articles easier to read using the Display Pager in News Articles option. Toggling the radio buttons to "Yes" breaks up lengthy articles into multiple pages with a dynamic numbered navigation bar.

PostNuke also allows you to turn off all those icons on the main Administration Menu page. Select "No" for the Graphics in Administration Menu option, and you receive a text-only page, as shown in Figure 3.5. The display is dynamic, and the icons return just as easily. This feature is only visible to those with access to the Administration Menu.


You can also change the administration icons to use other graphics. The icon for a given module is kept in the images directory of the module and is always called admin.gif.

The Send Error Reports by Email feature relates to users' attempted browsing to pages that do not exist. When a site visitor browses to an invalid uniform resource locator (URL), an email can be generated and mailed to the site administration address. Three different configurations for this feature are as follows:

Figure 3.5Figure 3.5 The Administration Menu without graphics.

  • Don't Send Error Reports—Selecting this option disables error reporting for your site.

  • For Referrers from This Domain Only—This option generates an email when a visitor clicks an invalid link within your site. The broken links reside on your site itself, and this report shows you what needs to be fixed.

  • For All Referrers—All referrers report all failed page-viewing attempts from any source. This option is useful if other sites often link deeply into your site; their links might become invalid as you make changes. The report shows what old moved or deleted pages you might need to replace with a redirect.

All web servers allow you to create customized error pages for your site. The PostNuke developers have created a humorous variation of the standard 404 Page Not Found message, and you can turn on this feature using the Enable Funny Error Message in error.php option. This feature is more humorous than useful and consists of a series of JavaScript-generated messages meant to be from the server that explains how sad and depressed the server is that it has failed to find your requested page. If your PostNuke site is of a commercial or professional focus, you should leave this feature turned off. An example of the message can be seen at http://www.postnuke.com/error.php?error=404.

Your website will be more secure if you leave the Enable pnAntiCracker feature on as the default. This PostNuke security module runs invisibly as part of the site subsystem and constantly watches for potential break-in or hack attempts on your PostNuke website via the use of GET, POST, and Cookie (GPC) variables. If an attack on your site triggers pnAntiCracker, the site administrator's email you configured previously is sent a message containing the ENV variables, such as IP address, browser, operating system, and so on, of the suspected assailant. The message also includes the module and script information relating to the attack. PostNuke 0.8 will include additional custom configuration options for pnAntiCraker.

Enable Support for Legacy Modules is a very important setting for your site. When set to "yes," it allows modules that are not fully pnAPI compliant to function with PostNuke. As PostNuke .750 is a release designed to transition users to version 0.8, many current modules for PostNuke are not yet compliant, including some core modules. Unless you are certain all of the modules are pnAPI compliant, keep this option set to "yes."

The Initial Group for Users field allows you to change the group setting for newly created accounts. When a new user account is created, whatever you have typed into that field is the group name given to the new account. Site permissions and user management are covered in Chapter 9, "Users and Permissions," but it's important to note that you must be careful when setting this field. It is a test field and does not provide a drop-down list of group names. If you mistype a group name, so that new users are assigned to a group that does not exist, those new users are locked out of your site. All modules and blocks outside of the most basic HTML in your theme are not displayed, and a locked-out user might not even be able to log back out of your site.

The Choose the Language to use for Your Website field determines the default language setting for all pages. Users with PostNuke accounts can select their personal language preference. This setting does not mean your pages are automatically translated into a newly chosen language. Each piece of content you create is associated with a given language (or with all languages), and the setting determines which content is displayed based upon the contents' association. You need to install additional language packs to have translations of PostNuke itself. Language options are covered in Chapter 4, "Modules and Blocks."

If you Activate Compression for your PostNuke website, you enable the GZIP compression option of PHP. Basically, a given page is compressed at the server before it is sent to a visitor's browser. The change offers a relatively small speed improvement for pages with many images, but it is noticeable on text-laden sites. This feature also only works with browsers that support GZIP-compressed pages; older browsers that cannot handle the compression receive pages normally.

Footer Messages

This section of the Site Settings has only one large text area field titled Footer Line. Here, you should enter any information you want to appear on the bottom of all pages on your site. Suggestions include copyright and legal notices, disclaimer information, contact links, and perhaps a miniature navigation bar for access to major areas of your site. You can include HTML in this footer field; the default footer is formatted with HTML and provides copyright and licensing information, as well as links to technologies used to create PostNuke (see Figure 3.6).

Figure 3.6Figure 3.6 Default PostNuke footer.

Backend Configuration

PostNuke includes support for RSS news feeds. RSS is a universal and popular Extensible Markup Language (XML) format used to share news headlines and similar timely content between websites. You can include other sites' content on your website, and other sites can list "what's new" from your PostNuke site. The Backend options here allow you to define the content you send.

The Backend Title field should be populated with a short description of your site or the type of news you provide. Your site name is automatically sent with a feed, and this is the title of the news being sent.

The Backend Language field identifies your content using the RSS listing. The language most commonly used in your news should be set here.


Your site provides RSS feeds automatically by default. If you want to turn off this feature, you need to rename or delete the backend.php file found in your PostNuke directory root. You can also edit this file manually for more advanced configuration options.

You can add news from another site by installing an RSS block. More information on RSS can be found at the following links:

Security Options

This section determines how user accounts interact with PostNuke. When a user logs in to his account, he has the option to be "remembered." Checking that box in the form places a cookie on the user's machine to authenticate him automatically when he returns to the website. This can be a security risk in shared computer environments in which a different user visiting the same PostNuke site might have access to areas where they would normally not be allowed.

Three basic Security Level options are available to you:

  • High—Users must log in each time they return to the site.

  • Medium—Users stay logged in for a set number of days.

  • Low—Users stay logged in forever.

Medium security is selected by default, and you can set the specific number of days before a user is required to log in again using the text field beneath the list box.

Users are also tracked by session, so that as users travel throughout your site, they are known by the site and automatically have access to available areas. If a user goes idle too long, the user's session can be ended, and this way PostNuke auto-logs out a given account. This setting is dependent on the security level, in that a low Security Level might still allow access through a new login.

The Check Referer on Printer Friendly Page option logs the source of traffic going to your site's print-ready pages. This setting is off by default, and unless you have security worries, it is best left that way. Under normal circumstances, all traffic to a printer page comes from links on your site.

Run on Intranet

This single radio button selection determines whether PostNuke is running in Intranet Mode. When turned on, the Intranet option reduces the amount of security PostNuke uses by default.

This option usually comes up in reference to the use of fully qualified domain names (FQDNs) with sites. For example, your full domain might be http://www.mypostnukesite.com/, but if you use http://mypostnukesite.com/, the URL is not fully qualified. The complete name helps ensure a site is identified correctly. Users on an intranet might simply use http://intranet/ to get to the site. Internally, behind a secure firewall, having an unqualified domain is fine. If your site is available to the general public, it is strongly recommended you leave this setting turned off.

HTML Options

PostNuke is a form-driven application, but when a user submits content that contains HTML, a bad choice of tags, by accident or intent, can break the overall site shell when the content is later rendered. Because of this common problem, PostNuke has implemented a detailed set of HTML tag controls you can customize through the Site Settings page (see Figure 3.7).

Figure 3.7Figure 3.7 Global HTML tag settings.

For a given tag, you have three options:

  • Not Allowed

  • Allowed

  • Allowed with Parameters

Not Allowed means the tag typed into a form with regular content is visible when the content is read. Allowed tags are rendered, but only the tag itself is parsed. Allowed with Parameters enables tags to be used normally and completely with all attributes.

You can see in Figure 3.8 that the article has two tags in it, a comment and a hyperlink. The comment is restricted by default, so it and the text inside it both appear. The hyperlink anchor, on the other hand, is allowed with full parameters, so the tag can be typed and the HREF attribute in the anchor is rendered making the link active.


Tag settings are globally applied to the site and are in effect for all user accounts regardless of group or permission settings. Even the Admin account must follow these HTML rules.

Figure 3.8Figure 3.8 Tag settings article example.

If you trust your site users to not damage the operation of PostNuke with bad tag usage, you can relax the HTML restrictions. Many of the tags can add a lot of functionality to a PostNuke site. It mainly depends on what abilities you grant your users. If, for example, you restrict posting to only a special power users group, this smaller approved group might be fine with all HTML open to use. An intranet environment is also a good example of an environment with a known user group.

Also as stated in the warning on the page, the <img>, <span>, <marquee>, <script>, <embed>, <object>, and <iframe> tags all pose a potential security hazard. Those tags can be used in inappropriate ways to gain access to user information or outright break your site. Do not allow potentially dangerous tags unless your site is otherwise secure through other settings or a known user base.

The final option, Translate Embedded HTML Entities into Real Characters, converts and displays standard foreign language characters from the &#xxx; entities to real characters. This option is only important if your site uses a foreign language and you're having problems getting the special characters of the language to display on your PostNuke site.

When you have completed your changes to the Website Configuration screen, simply click the Save Changes button at the bottom of the page to apply the settings.

InformIT Promotional Mailings & Special Offers

I would like to receive exclusive offers and hear about products from InformIT and its family of brands. I can unsubscribe at any time.


Pearson Education, Inc., 221 River Street, Hoboken, New Jersey 07030, (Pearson) presents this site to provide information about products and services that can be purchased through this site.

This privacy notice provides an overview of our commitment to privacy and describes how we collect, protect, use and share personal information collected through this site. Please note that other Pearson websites and online products and services have their own separate privacy policies.

Collection and Use of Information

To conduct business and deliver products and services, Pearson collects and uses personal information in several ways in connection with this site, including:

Questions and Inquiries

For inquiries and questions, we collect the inquiry or question, together with name, contact details (email address, phone number and mailing address) and any other additional information voluntarily submitted to us through a Contact Us form or an email. We use this information to address the inquiry and respond to the question.

Online Store

For orders and purchases placed through our online store on this site, we collect order details, name, institution name and address (if applicable), email address, phone number, shipping and billing addresses, credit/debit card information, shipping options and any instructions. We use this information to complete transactions, fulfill orders, communicate with individuals placing orders or visiting the online store, and for related purposes.


Pearson may offer opportunities to provide feedback or participate in surveys, including surveys evaluating Pearson products, services or sites. Participation is voluntary. Pearson collects information requested in the survey questions and uses the information to evaluate, support, maintain and improve products, services or sites, develop new products and services, conduct educational research and for other purposes specified in the survey.

Contests and Drawings

Occasionally, we may sponsor a contest or drawing. Participation is optional. Pearson collects name, contact information and other information specified on the entry form for the contest or drawing to conduct the contest or drawing. Pearson may collect additional personal information from the winners of a contest or drawing in order to award the prize and for tax reporting purposes, as required by law.


If you have elected to receive email newsletters or promotional mailings and special offers but want to unsubscribe, simply email information@informit.com.

Service Announcements

On rare occasions it is necessary to send out a strictly service related announcement. For instance, if our service is temporarily suspended for maintenance we might send users an email. Generally, users may not opt-out of these communications, though they can deactivate their account information. However, these communications are not promotional in nature.

Customer Service

We communicate with users on a regular basis to provide requested services and in regard to issues relating to their account we reply via email or phone in accordance with the users' wishes when a user submits their information through our Contact Us form.

Other Collection and Use of Information

Application and System Logs

Pearson automatically collects log data to help ensure the delivery, availability and security of this site. Log data may include technical information about how a user or visitor connected to this site, such as browser type, type of computer/device, operating system, internet service provider and IP address. We use this information for support purposes and to monitor the health of the site, identify problems, improve service, detect unauthorized access and fraudulent activity, prevent and respond to security incidents and appropriately scale computing resources.

Web Analytics

Pearson may use third party web trend analytical services, including Google Analytics, to collect visitor information, such as IP addresses, browser types, referring pages, pages visited and time spent on a particular site. While these analytical services collect and report information on an anonymous basis, they may use cookies to gather web trend information. The information gathered may enable Pearson (but not the third party web trend services) to link information with application and system log data. Pearson uses this information for system administration and to identify problems, improve service, detect unauthorized access and fraudulent activity, prevent and respond to security incidents, appropriately scale computing resources and otherwise support and deliver this site and its services.

Cookies and Related Technologies

This site uses cookies and similar technologies to personalize content, measure traffic patterns, control security, track use and access of information on this site, and provide interest-based messages and advertising. Users can manage and block the use of cookies through their browser. Disabling or blocking certain cookies may limit the functionality of this site.

Do Not Track

This site currently does not respond to Do Not Track signals.


Pearson uses appropriate physical, administrative and technical security measures to protect personal information from unauthorized access, use and disclosure.


This site is not directed to children under the age of 13.


Pearson may send or direct marketing communications to users, provided that

  • Pearson will not use personal information collected or processed as a K-12 school service provider for the purpose of directed or targeted advertising.
  • Such marketing is consistent with applicable law and Pearson's legal obligations.
  • Pearson will not knowingly direct or send marketing communications to an individual who has expressed a preference not to receive marketing.
  • Where required by applicable law, express or implied consent to marketing exists and has not been withdrawn.

Pearson may provide personal information to a third party service provider on a restricted basis to provide marketing solely on behalf of Pearson or an affiliate or customer for whom Pearson is a service provider. Marketing preferences may be changed at any time.

Correcting/Updating Personal Information

If a user's personally identifiable information changes (such as your postal address or email address), we provide a way to correct or update that user's personal data provided to us. This can be done on the Account page. If a user no longer desires our service and desires to delete his or her account, please contact us at customer-service@informit.com and we will process the deletion of a user's account.


Users can always make an informed choice as to whether they should proceed with certain services offered by InformIT. If you choose to remove yourself from our mailing list(s) simply visit the following page and uncheck any communication you no longer want to receive: www.informit.com/u.aspx.

Sale of Personal Information

Pearson does not rent or sell personal information in exchange for any payment of money.

While Pearson does not sell personal information, as defined in Nevada law, Nevada residents may email a request for no sale of their personal information to NevadaDesignatedRequest@pearson.com.

Supplemental Privacy Statement for California Residents

California residents should read our Supplemental privacy statement for California residents in conjunction with this Privacy Notice. The Supplemental privacy statement for California residents explains Pearson's commitment to comply with California law and applies to personal information of California residents collected in connection with this site and the Services.

Sharing and Disclosure

Pearson may disclose personal information, as follows:

  • As required by law.
  • With the consent of the individual (or their parent, if the individual is a minor)
  • In response to a subpoena, court order or legal process, to the extent permitted or required by law
  • To protect the security and safety of individuals, data, assets and systems, consistent with applicable law
  • In connection the sale, joint venture or other transfer of some or all of its company or assets, subject to the provisions of this Privacy Notice
  • To investigate or address actual or suspected fraud or other illegal activities
  • To exercise its legal rights, including enforcement of the Terms of Use for this site or another contract
  • To affiliated Pearson companies and other companies and organizations who perform work for Pearson and are obligated to protect the privacy of personal information consistent with this Privacy Notice
  • To a school, organization, company or government agency, where Pearson collects or processes the personal information in a school setting or on behalf of such organization, company or government agency.


This web site contains links to other sites. Please be aware that we are not responsible for the privacy practices of such other sites. We encourage our users to be aware when they leave our site and to read the privacy statements of each and every web site that collects Personal Information. This privacy statement applies solely to information collected by this web site.

Requests and Contact

Please contact us about this Privacy Notice or if you have any requests or questions relating to the privacy of your personal information.

Changes to this Privacy Notice

We may revise this Privacy Notice through an updated posting. We will identify the effective date of the revision in the posting. Often, updates are made to provide greater clarity or to comply with changes in regulatory requirements. If the updates involve material changes to the collection, protection, use or disclosure of Personal Information, Pearson will provide notice of the change through a conspicuous notice on this site or other appropriate way. Continued use of the site after the effective date of a posted revision evidences acceptance. Please contact us if you have questions or concerns about the Privacy Notice or any objection to any revisions.

Last Update: November 17, 2020