Open Journal Systems (OJS) makes it incredibly easy to launch and manage your own academic journal. It’s open-source, free to use, and backed by a global community of developers and editors. But while OJS offers a user-friendly interface and powerful features out of the box, it’s not a simple install-and-forget solution.

Before sharing your journal with the world, there are a few crucial settings you need to configure. These settings will ensure your journal runs securely, efficiently, and professionally from day one.

In this article, we’ll walk you through the most important OJS settings to check and change before going live.

Start with config.inc.php

Once you’ve installed OJS, locate the config.inc.php file in the root directory of your installation. This file contains all the core system-level configurations that determine how your journal behaves behind the scenes.

Open it with a text editor and prepare to make a few changes.

Email Settings

require_validation = On

This setting forces new users to verify their email address before they can access your journal. It’s a simple but powerful way to prevent spam registrations and protect your system from automated abuse.

Why it matters:
Without email validation, malicious users could flood your journal with fake accounts, potentially overwhelming your server and making it difficult to manage real users.

✅ Set it to:

require_validation = On

Security Settings

Force SSL Encryption Always

force_ssl = On

Most hosting providers now offer SSL certificates as a standard feature. By setting force_ssl to On, you ensure all traffic to your journal is encrypted over HTTPS — even if a user tries to access it through an unsecured connection.

Why it matters:
SSL encryption is no longer optional. It’s critical for protecting user credentials, article submissions, and editorial communications.

✅ Set it to:

force_ssl = On

Set Your Unique Salt and API Secret Key

salt = "your-unique-salt-value"

This setting defines the cryptographic salt used in password reset operations and other secure hashes.

Why it matters:
If you leave the salt value unchanged from the default or empty, your journal becomes vulnerable to password recovery attacks. Always replace this with a long, random string.

✅ Set it to: a unique, strong random string — and never share it.

api_key_secret = "your-secret-key"

This key is used to encode and decode API keys used in OJS’ REST API.

Why it matters:
Without setting this, any API-based integrations (such as external systems or mobile apps) could be at risk of being exploited.

✅ Set it to: a long, secure, and unique string that only your system administrators know.

Cache Settings

object_cache = ...

As your journal gains users and submissions, your server will have to process more database queries and generate more dynamic content. This can lead to slow page loads and poor user experience.

OJS supports multiple object caching backends (like Memcached, APCu, or Redis) depending on what your server offers.

Why it matters:
Object caching speeds up repeated operations, reducing load times from seconds (or more) to milliseconds.

✅ Choose the best option based on your server environment and enable it in config.inc.php.

web_cache = On

This setting enables static file caching for non-logged-in users. It stores a rendered version of your journal’s front page and serves that file directly instead of regenerating the page every time someone visits.

Why it matters:
This dramatically reduces server load and improves load speed for visitors who aren’t logged in.

✅ Set it to:

web_cache = On

You can also configure how often this cache is refreshed using:

web_cache_hours = 1

The default is once per hour. If your front page doesn’t change frequently, you can extend this to once per day, week, or even month.

⚠️ Note: Cached content will delay the appearance of updates like new announcements or articles. Choose your cache interval accordingly.

OJS is a powerful tool, but just like any other web application, it requires careful configuration to ensure security, performance, and user experience. Before announcing your journal to the world, take the time to review and update your config.inc.php file using the recommendations above.

Doing so will save you headaches later, protect your users, and help your journal scale with confidence.