# Forums | Mahara Community

Posts: 7

20 May 2016, 7:22 PM

Hi All ...

When logged into my Admin area i get the following warning:

" The $cfg->urlsecret set for this site has not been changed from the default value. Edit your config.php and set the$cgf->urlsecret parameter to a different string (or null if you do not wish to use a urlsecret). "

I don't know the format, or syntax for what this entry should be in the config.php.  But I know it looks like it's not there.  Not sure where/how to add it ...  Can I add anywhere? Should it be first or last in the file?

$cfg-> ??? Please advise ... Posts: 122 ##### Re: Admin Warning 20 May 2016, 10:07 PM Hi Marcus, To remove that warning, please add the following to your config.php file :$cfg->urlsecret = 'a-secret-password';

That line can go anywhere in the file after the instanciation of $cfg. But, I would add it towards the end. The introduction of this variable is to allow only admins or the people who know this password to run upgrades or cron from the GUI. You can run them from the command line without it though. To run from the GUI, you will need to add to the URL: ?urlsecret=a-secret-password If you don't want to use a password (and I do not recommend this ), set$cfg->urlsecret = null;

in the config.php file.

For a much better explanation, please refer to the manual: