If you’ve found an error, spotted something missing, or feel a section could be clearer or better explained, we’d love to hear from you. Your feedback helps keep the documentation accurate and useful for everyone.
Please report issues or suggest improvements on GitHub. Community input is invaluable in making the docs stronger.
Not comfortable with GitHub? No problem — you can also get in touch with us directly via our contact form. We welcome all feedback.
Pre-Launch Checklist
Please forgive the slightly overwhelming quantity of red (danger!) alerts on this page. Those alerts were added because some of the information below pertains to security and is of critical importance. That being said, here’s a little checklist that you are encouraged to go through before launching your next Trongate web app.
Check 1
When you launch your web app, make sure your main config file (config.php) does not have ENV set to 'dev'. The recommendation is to change the ENV setting to 'live', 'production', or any word that is not 'DEV' or 'dev'.
Therefore, inside your config.php file, you should not have code like this:
Instead, you should use something like this:
Never launch a Trongate web app with the environment set to 'dev'.
Check 2
Change the password to your admin panel to something that is difficult or impossible to guess.
The admin panel that comes with the Trongate framework has a default username of 'admin' and a default password of 'admin'. Change them! Above all, it’s really important to make sure you don’t have 'admin' as your password.
Check 3
Improve your site security by hiding your main admin login URL. Not sure how to do that? No problem: here’s a guide on how to hide the admin login URL.
Leaving your admin login URL unchanged makes it easier for bots and bad actors to find and target your site. Obscuring the login URL adds an important extra layer of protection. Don’t skip this step!
Check 4
Make sure your BASE_URL is set to the full base URL that corresponds with your live website homepage. For example, https://trongate.io/.
Your BASE_URL should always end with a forward slash. For example:
An incorrect BASE_URL can cause broken links, missing assets, and malfunctioning redirects.
Check 5
Make sure your database.php file contains database settings that relate to your live database and not your localhost.
Accidentally pushing your local database settings to production can crash your live app instantly. Always confirm you’re pointing to your live database before launch.
Check 6
Ensure your website template includes a <base> tag in the <head> section. This tag sets the base URL for all relative links, making sure your internal links, images, and scripts work correctly regardless of the page’s location.
You can easily set a <base> tag by adding the following line of code within the <head> section of your HTML template(s):
Strictly speaking, there’s no obligation to include <base> tags in your HTML templates. However, if your site uses Trongate MX, then it is an essential requirement. All things considered, it’s a good practice to get into the habit of using the <base> tag within your HTML templates.
Check 7
Make sure the site owner configuration file has been populated correctly.
The config/site_owner.php file is where you define information relating to things like the website name and who owns the website. On a fresh Trongate installation, it has the following contents:
These placeholder values ship with Trongate by default and serve as a reminder to personalise the file. While they won’t break your site or expose a direct security risk, there’s zero benefit in uploading them unchanged. Worse, it may reflect poorly on the professionalism of your deployment.
Leaving the default placeholders untouched is a missed opportunity to properly represent your site’s identity.
Please do feel free to add additional owner-related settings to this file as you see fit. Remember, all of the constants that are set can be referenced from any controller files or view files within your Trongate application. For example:
Check 8
Before you declare your site ready for the world, set up at least one live email account linked to your domain and perform thorough two-way testing. This means sending and receiving emails to ensure everything works smoothly.
While the specifics of email setup can vary widely depending on your hosting provider, it’s always wise to consult their documentation or support team for recommended settings and best practices.
Neglecting email setup can cause missed notifications, lost user communications, and a generally poor user experience - so don’t skip this step.
Check 9
Once your site is live, be sure to test it thoroughly on a mobile device - such as a smartphone or tablet. The majority of visitors will access your website via mobile, and it’s crucial to ensure your design, functionality, and performance translate seamlessly.
Testing on mobile devices helps you uncover issues that desktop browsers might not reveal, such as touch responsiveness, layout breaks, font sizes, and loading speeds. It also gives you insight into the user experience on smaller screens, enabling you to make necessary adjustments that improve accessibility and engagement.
Ignoring mobile testing can lead to frustrated users, higher bounce rates, and lost opportunities - so don’t launch without this vital check.
Check 10
Set up regular backups for your website and database. Having a reliable backup system ensures that if anything goes wrong - such as a hack, server failure, or accidental deletion - you can restore your site quickly and avoid costly downtime or data loss.
Trongate is hosted with Cynderhost, who handle automatic backups with no fuss and no setup required. Check them out if you’re looking for fast and affordable hosting!