Skip to main content

Settings

The settings page lets you configure site-specific options. Settings are scoped to the currently selected site and organized into tabs — which tabs you see depends on your role and which modules are enabled.

Accessing Settings

Navigate to Site Settings in the sidebar (under the Administration group). The page is organized into tabs.

Settings Tabs Overview

TabVisible ToCondition
OverviewAdmin, OwnerAlways
ContentAdmin, OwnerAlways
ModulesAdmin, OwnerAlways
SEOAdmin, OwnerAlways
FaviconAdmin, OwnerAlways
Code InjectionAdmin, OwnerAlways
AIAdmin, OwnerAI module enabled
AI UsageAdmin, OwnerAI module enabled
FormsAdmin, OwnerForms module enabled
MembersAdmin, OwnerAlways
API KeysAdmin, OwnerAlways
WebhooksAdmin, OwnerAlways
Danger ZoneOwnerAlways
Personal preferences

Language, theme, autosave, and page size are managed in the Preferences panel, accessible from the user account menu (profile avatar → Preferences) — not from the site settings page.


Overview Tab

Shows a compact site info bar (slug, ID with copy button, creation date) and site-level statistics. Requires Admin or Owner role.

Content Tab

Core content configuration. Requires Admin or Owner role.

Upload Limits

SettingDescription
Max media file sizeMaximum upload size for images and files (1–500 MB).
Max document file sizeMaximum upload size for document attachments (1–100 MB).

Feature Toggles

ToggleDescription
AnalyticsEnable site analytics tracking.
Maintenance modePut the site into maintenance mode (public API returns 503). When active, a warning banner appears on every dashboard page with a quick "Turn Off" button.
Editorial workflowEnable the review workflow for blog posts (Draft → In Review → Published). Only visible when the site has 2 or more members.

Document Security

SettingDescription
Password minimum lengthMinimum length for document passwords (4–128).
Password regexOptional regex pattern that document passwords must satisfy.

Preview Templates

Configure URLs to frontend template dev servers for content preview. Built-in templates (like the Astro blog) are read-only. Custom templates can be added by URL.

Modules Tab

Enable or disable content modules for the site. Requires Admin or Owner role.

ModuleDescription
BlogBlog posts, categories, and tags.
PagesStatic pages with sections.
PortfolioResume / portfolio entries and skills.
LegalLegal pages (privacy policy, terms of service, etc.).
DocumentsFile/document management and attachments.
FormsStructured form builder with custom fields, submissions, and GDPR retention.
AIAI-powered content assist features.

Disabling a module hides its sidebar entry and API endpoints for this site. Existing data is preserved and reappears if you re-enable the module.

SEO Tab

The SEO tab contains two sections: SEO Defaults and robots.txt Configuration.

SEO Defaults

Site-wide fallback values for content that lacks custom SEO metadata. These are applied at response time in the content detail endpoints (blog posts, pages) — they are never stored on the content itself.

SettingDescription
Title templatePattern for <title> tags. Use {{title}} for the content title and {{site_name}} for the site name. Example: {{title}} | {{site_name}}. A live preview shows how the template renders.
Default meta descriptionFallback <meta name="description"> used when content has no custom description. A character counter shows the recommended 160-character limit.
Default OG imageFallback Open Graph image (selected from the media library) used when content has no cover image. The cascade is: content cover image → default OG image → site logo.

robots.txt Configuration

Control how search engine crawlers access your site. Changes are reflected immediately at the public GET /sites/<slug>/robots.txt endpoint.

  • Add/remove User-Agent blocks (e.g. *, Googlebot)
  • Add/remove Allow/Disallow directives per block
  • A live preview panel shows the rendered robots.txt
  • The Sitemap: directive is automatically appended when a Site URL is configured
  • Reset to Defaults restores the default "allow all" rule

Favicon Tab

Upload a source image (512×512 px+ recommended) to generate a complete favicon package. The generated variants include:

  • favicon.ico (multi-resolution: 16, 32, 48px)
  • favicon-16x16.png, favicon-32x32.png
  • apple-touch-icon.png (180×180)
  • android-chrome-192x192.png, android-chrome-512x512.png

After uploading, the page shows a variant preview grid, colour pickers for theme/background colour, and a ready-to-paste HTML snippet. Icons are stored separately from the media library. The site's favicon_url is automatically updated for backwards compatibility.

Code Injection Tab

Inject custom HTML, CSS, or JavaScript into your site's templates. Useful for analytics scripts (Google Analytics, Plausible), search engine verification tags (Google Search Console), chat widgets, tracking pixels, or custom meta tags.

FieldDescription
Head codeInjected into the <head> section of every page.
Footer codeInjected before the closing </body> tag.

Both fields have a 10,000-character limit (enforced on backend and shown in UI). A warning banner reminds you that injected code runs on your live site. Templates fetch these values from the site settings API and render them in the appropriate document locations.

AI Tab

Configure the AI provider for content assist features. Requires Admin or Owner role and the AI module to be enabled.

SettingDescription
LLM ProviderThe AI service provider (e.g., OpenAI, Anthropic).
API KeyYour provider API key (stored encrypted).
ModelThe model to use for generation (e.g., gpt-4o, claude-sonnet-4-20250514).
TemperatureControls randomness (0 = deterministic, 1 = creative).
Max tokensMaximum number of tokens per AI response.
System promptsCustom instructions sent to the LLM for content generation and SEO tasks.

For full details on capabilities, see the AI Content Assist guide.

AI Usage Tab

Shows AI usage statistics for the current site — total generations and recent 30-day activity. Requires Admin or Owner role and the AI module to be enabled.

Forms Tab

Configure bot protection for forms. Requires Admin or Owner role and the Forms module to be enabled. Protection stays opt-in per form (set a form to Mandatory protection); this tab chooses how the token is verified.

Pick a Provider mode:

  • ALTCHA (self-hosted) — the default and recommended option. Open-source proof-of-work verified on your own server: no signup, no third-party requests, no cookies (GDPR-friendly). Enabling it needs no input — a signing key is generated and stored encrypted. The panel shows the challenge URL to point your ALTCHA widget at (/api/v1/public/forms/<form-slug>/altcha-challenge on your public API host). Use Regenerate key to rotate the signing key (this invalidates challenges visitors are mid-solve).

  • Custom captcha vendor — the original remote-verify model. Forja forwards the submitted token to your vendor's siteverify endpoint:

    SettingDescription
    Provider labelA human-readable name for the captcha provider (e.g. "Cloudflare Turnstile").
    Verify URLThe provider's siteverify endpoint URL.
    SecretThe captcha provider secret (stored encrypted). Use the show/hide toggle to view.

For full details, see the Forms guide.

Members Tab

Manage site members — invite users, assign roles, remove members. Requires Admin or Owner role.

See the Members guide for full details.

API Keys Tab

Create and manage API keys with permission levels (Read, Write, Admin, Master). Requires Admin or Owner role.

See the API Keys guide for full details.

Webhooks Tab

Configure webhook endpoints, view delivery logs, test deliveries, and monitor statistics. Requires Admin or Owner role.

See the Webhooks guide for full details.

Danger Zone Tab

Critical site operations. Visible only to Owner users.

  • Delete site — permanently remove the site and all its content. Requires confirmation.

Saving Settings

After making changes to any tab, click Save. Settings take effect immediately.

Permissions

ActionRequired Role
View settingsViewer
Modify settingsAdmin, Owner
Delete siteOwner