After Installation (Getting Started)

Thanks for installing UserSpice! Below is a focused walkthrough of the first things to do — log in, configure your settings, lock down security, design your own pages, and learn how to do it the right way so you stay compatible with future updates.

1. 01 First steps

   Log in for the first time

   Use the admin username and password you chose during the installer. There is no longer a default admin / password account — UserSpice creates your admin during setup.

   1. 1Click the login link and use the credentials you set during the installer.
   2. 2Click the gear icon in the upper right to open the Admin Dashboard.
   3. 3If you forgot the password, use "Forgot Password" — or reset it directly in the database.

   Development tip: You can set any user's password to password by updating their password column in the users table to:

   $2y$14$PgeyxJSwK77koaY2kGfqme2nHnUoiipj5NOS0oLBPMDjoknhMzGfG

2. 02 Configure

   Walk through General & Registration settings

   From the Admin Dashboard, open Settings and look at both General and Registration. These two screens control most of how your site looks and behaves — it's worth clicking through every option once.

   • Site name & copyright
   • Force HTTPS
   • Maintenance mode
   • Templates & navigation
   • Permission restrictions
   • Passkeys / TOTP / OAuth
   • Allow registration
   • Email verification
   • Username & password rules
   • Vericode expiry

   Each option has a hover tooltip explaining what it does and what the default is. Don't skim — flip through both screens before you build anything on top.

3. 03 Lock it down

   Visit the Security Dashboard

   Under Settings → Security you'll find a live posture score with one-click fixes. It's the fastest way to see what's misconfigured and exactly what to flip.

   • ✓Recommendations met (live %), HTTPS status, PHP version & EOL tracking.
   • ✓5 security headers + CSP, cookie flags, and trusted-proxy detection.
   • ✓Quick toggles for Force HTTPS, Email Logins, Password Logins, 2FA, and Passkeys.
   • ✓Auto-detects and writes the correct Passkey RP ID for your host.
   • ✓Validates your TOTP encryption backend (libsodium / AES-256-GCM).

   Aim for 100% — anything red is something the dashboard will tell you exactly how to fix.

4. 04 Free API key

   Get your free UserSpice API key

   Register for a free account at bugs.userspice.com and grab your API key from your account page. Paste it into Spice Shaker on the dashboard and refresh the page. One key works in all your UserSpice installs.

   • Themes, plugins & widgets
   • Language packs
   • In-dashboard bug reports
   • UserSpice updates
5. 05 Build

   Design and secure your own pages

   Copy /users/_blank_pages/project_root.php to your root folder and rename it to whatever you want. The first time you visit it as admin, UserSpice redirects you to set up permissions for that page.

   Three lines of code turn any PHP file into a UserSpice page:

   <?php
   require_once '../users/init.php';
   require_once $abs_us_root.$us_url_root.'users/includes/template/prep.php';
   if (!securePage($_SERVER['PHP_SELF'])){die();}

   By default these pages can live in:

   • / (root)
   • /users/
   • /usersc/

   To add additional folders, go to Manage → Pages in the dashboard and click the "Change" link at the top. Folders cannot be above your project root.

6. 06 Access control

   Learn how pages and permissions work

   Permissions are the heart of UserSpice. Spend ten minutes here and the rest of the framework falls into place.

   How permission levels work User management guide
7. 07 Spend 27 minutes

   Learn the basics of the database

   Our database wrapper is one of the most loved parts of UserSpice. Watch the 27-minute walkthrough or read the complete guide — you'll write less code and avoid almost every SQL injection footgun.

   Database guide & video →
8. 08 Stay update-safe

   Customize UserSpice the right way

   There are "right" ways to customize UserSpice that keep your project secure and compatible with future updates. Use them — your future self will thank you.

   Customizing UserSpice Install or create a template
9. 09 RTFM

   Read the manual

   Most functions, methods, and features are documented in the knowledge base. Beyond that, the Discord community is fast and friendly.

   Open the knowledge base →
10. 10 Give back

    Contribute

    UserSpice is 100% free, but it's not free to make. Servers, infrastructure, and thousands of hours of development and support add up. Here's how you can help:

    • Donate (one-time or monthly)
    • File bug reports at bugs.userspice.com
    • Join the team on Discord to develop or document the project
    • Star the GitHub repo & share UserSpice with people who'd benefit