Thanks! Please check the following:
Please read carefully! All purchases are final. Refunds will not be provided under any circumstances.

System requirements
License agreement
Refund policy
Purchase process
Pricing
Paddle
Customer support

System requirements
All the stacks sold through this website require RapidWeaver and the Stacks plugin. They will not install or work with any other publishing platforms (like Flow, Drupal, Blocs or Wordpress).

We recommend you aim towards installing the latest version of RapidWeaver that your computer is capable of running (preferably RapidWeaver 7 or greater) and Stacks 3 or later. Both are a separate purchase if you do not own them already.

Stacks4Stacks generously provides you fully-functioning free demo versions of everything sold on this website. This enables you to fully test addons before committing to a purchase. There are no time or functionality limitations applied.

If you cannot get the free demo version to work, DO NOT proceed with purchasing the stack - because the purchased stack is unlikely to work any better for you. Please request technical assistance first.

License agreement

You may use a purchased stack an unlimited number of times in personal or commercial projects and request technical support.

We permit you to install stacks onto all computers that you own. You are permitted to make private archival backup copies (e.g. iCloud, Disk Blaze, Google Drive or Dropbox).

You may not resell, redistribute or make a stack available for download, remove copyright credits, license information, or claim the stack to be your own creation. This includes free stacks, demo stacks or paid stacks, in modified or unmodified states.

The software is provided "as is" without any implied or expressed warranty of merchantability or fitness for purpose. In no event shall the authors or copyright holders be liable for any claim, damages or other liability, whether in an action of contract, tort or otherwise arising from, out of or in connection with the software or the use or other dealings in the software.

Refund policy
By purchasing from this website, you agree that your purchase will be available immediately via digital download and that you waive your statutory right of withdrawal.

All purchases are final. Refunds cannot be provided (we physically cannot un-download or remove stacks from your computer) under any circumstances.

You are reminded to make use of the free demo versions already provided on the website, to fully evaluate stacks for compatibility and suitability before making a purchase.

If you cannot get the free demo version to work, DO NOT proceed with purchasing the stack - because the purchased stack is unlikely to work any better for you. Please request technical assistance first.

Be certain that the stack you are buying is actually the one you want, and that you don't already own it or are confusing it with another stack of similar name or functionality.

Purchase process
The checkout system is provided by Paddle. An attempt is made to display prices in your local currency, with relevant taxes applied.

To complete your order, you must supply a valid email address. Your purchase receipt and download link will be sent to this address you supply. If you do not receive your purchase shortly after completing it, please carefully check your spam or junk mail folders.

Your purchases are available to re-download at anytime, via this secure order lookup page.

Pricing
Prices shown on the website include any applicable VAT or sales tax. You will be sent a full receipt by email. Charitable and bulk discounts may be available on request. Please get in touch if you have any queries about our pricing.

Paddle
Our order process is conducted by our online reseller Paddle.com. Paddle.com is the Merchant of Record for all our orders. Paddle provides all customer service inquiries relating to order processing. Paddle also provides an order lookup system, commonly referred to as your Paddle Account.

Customer support
If you have questions that relate specifically to a stack, you should make contact via the contact page.

General questions can be asked on the RapidWeaver Community Forums.
Expand
Sentry is a free update for existing users of the previous Sentry stack (if you purchased or updated after July 2017). To see if you're eligible, login to your Paddle account and look to see if Sentry is listed as a download. For everyone else, this is a one-time purchase. Sentry is a stack you can use in as many webpages and domains as you want.


A video has been published here on YouTube that walks you through the complete process of creating a password protected website in RapidWeaver with Sentry.

Sentry offers an average degree of security, in that you can set a long and complex password of up-to 4000 bytes. You hide this password from being viewed in the page source code. However it will not encrypt passwords or content. Neither will it protect against a brute-force attack. So you definitely do not want to be using this stack to store highly sensitive information (like payroll data, private emails, address books or credit card details) on a website.

Potential uses of Sentry could include hiding a webpage until it has finished being built, creating a little "members only" sub-section on your website, added protection to limit audio or video files being ripped, restricting the display of content (like instructions, promotional material or pricing tables) to certain customers, making course material available to students for home learning, listing exclusive content for people using crowd funding services like Patreon, or providing an area for people to upload files with a stack like Droplet. Basically this stack is good to use wherever you want a bit more added privacy on a webpage.

A particularly nice feature about Sentry is that logins are handled using tracking cookies, rather than anonymous sessions. Despite cookies sometimes getting a bad reputation, in our instance, they provide us with a far greater degree of user management. As a couple examples, we can use tracking cookies to...

  • Control more precisely how long the user is logged-in for. Specify minutes, days, weeks or even years.
  • Create different 'levels' of user access across a wider website. Each Sentry stack supports multiple passwords.
  • Automatically log-out idle users. Good to protect against people leaving browser windows open for long periods of time.
  • Use tracking cookies with other powerful stacks like Droplet, Indexer, CookieManager or MiniCookie.
  • Conditionally hide or show singular blocks of content on individual webpages, rather than the entire webpage.

If your website uses SSL (so the website address starts https://) there is a checkbox option to use secure cookies, on the login form. This adds another level of security and means the cookie is only ever sent over SSL connections (it is not available in parts of the website that are not secure).

The box for entering a password is presented to the user as a conventional password input, with the option to toggle to a text input. We purposefully do not provide inputs like separate number boxes for passcodes, because accessibility experts highlight the serious problems this can burden users with.

The completed login form is compatible with keychain software like 1Password, Lastpass and Bitwarden; allowing users to save passwords and have them automatically re-entered on future visits.

Example

A secret webpage has been published here. The only way to view its content is to login via Sentry. If you go to the secret page and you are not logged-in, then you get redirected back here. Use this login form:
login-form
Sorry, the password you entered was incorrect. Please try again.
If you are having continued difficulty with logging-in, please get in touch with our customer support team, who will be pleased to assist your further.
You are not permitted to view this webpage.
Please login below.
You were automatically logged out, after 1 minute of inactivity.
Please login again below, if you want to continue your session.
You are now logged out. Thank you for using Sentry!
Thanks, you are now logged in!
Try accessing some of the protected pages or content.
Please Login...

The password for this test is: letmein
After you login above (the password is letmein), you are redirected to the secret page. You should now be able to view its content.

As a test, try entering a wrong password. This makes a custom error message appear using the free QueryDisplay stack. We use the QueryDisplay stack, to display a couple of other example messages, for different actions or events, like logging out. These messages make the password system more intuitive.

After you login, if you check the Storage tab in your web browser developer tools, you should see a new cookie listed there marked sentry_login with the password showing as a value. This is the little tracking cookie that Sentry uses to check if you have permission to view a webpage or not.

On our secret page, you will also see a 'log out' button. This works to delete the tracking cookie and send the user back to the login page.

There is also an "idle logout" setup on the secret page. After the page has loaded, if you don't make any interaction with the page for more than 1 minute, you are automatically logged-out and returned back to the login form.

Setup

Essentially there are two parts for setting up password protection using Sentry:

1. Creating a login form
This is needed, so people can login. A login form can either be added on an existing webpage (like your homepage) or you could create a new webpage to place the login form on. Don't place the login form on webpages themselves requiring full password protection. Add a Sentry stack on the page and set its Configuration Type to Login Form. Then fill-in the fields for the password. Cookie settings can be changed if required. You have a wide choice of settings to customise both the style and behaviour of the login form, and make it look like an integral part of your website. After the user has logged in, you can redirect them somewhere; like to the webpage you want to protect or back to a homepage.

2. Protecting a webpage
Add a single Sentry stack to the webpage you want to protect. In the Configuration Type, set the configuration to Protect This Webpage. Obviously for people who are not logged-in, we need to show them the login form. Therefore use the stack settings to set the link to your login form.

Other setup notes:
  • All webpages you place Sentry on require a .php file extension, instead of a .html one. Sentry will attempt to change this for you. This may require that you login to your hosting account via FTP or your file manager, to delete the older .html webpages.
  • If you set the Sentry Configuration Type to Logout Button, you can generate a button to delete the tracking cookie and log a user out. You are free to place a logout button on any webpages.
  • A Sentry stack with its configuration set to Idle Logout can be added to any webpage. This smart feature gives you the ability to logout "idle" users automatically - in a similar way to how some banking websites (e.g. PayPal) work. For example, if the user does not move their mouse or tap their keyboard for 5 minutes, they can be automatically logged-out.
  • The Conditional Display configuration works to stop sections of a webpage from being loaded, if the user is not logged in. As an example, you could place video or pricing table stacks inside this area, which will only be loaded if the user is logged in. Any basic stacks can be used within a conditional display.
  • All settings have little informational tooltips, when you mouseover them. These can help you understand what the different settings do and might display important notes.
  • You can configure a Sentry stack as a Partial. This makes setup quicker, in instances where you want to protect multiple webpages with the same password.
  • Assets or resources used in a protected webpage (like PDF files, video, images, audio and file downloads) are not protected. It may be advisable to use longer, hard-to-guess links for these. You may wish to update your SEO preferences to request search bots and spiders should not attempt to crawl protected pages or index items like images.
  • In the Advanced Settings (and with the Sentry configuration set to Login Form), incorrect login attempts via the login form can be logged. These logs are stored on the hosting server and contain the date, time, failed password, IP address and user agent. Potentially these logs can grow very large and could be accessed from other sources. So they are mostly intended to be enabled temporarily to assist with development or troubleshooting login problems. Disable logging if it's not needed.
  • It's strongly recommended that any website you use Sentry on has an SSL security certificate. This improves the security of your website and also ensures website users don't get nagged with popups about entering passwords in non-secure forms. If your web server (e.g. MAMP) does not use SSL, you will need to disable the option for secure cookies temporarily while testing this stack (otherwise the cookie will not be created).

Query strings

These are extra parameters or anchors appended onto URLs, when a redirect happens. For example, if a user pressed a logout button, we could attach a query string of ?loginstatus=loggedout to the address bar. Or if an idle user was automatically logged-out, we could similarly use a query string of ?loginstatus=timedout on the URL. If we need the browser to redirect to a specific part of the webpage (like the login form) we can similarly use anchors like #loginform on the address.

Query strings on the address bar might look something like this:

https://example.com/login/?loginstatus=loggedout

https://example.com/login/?loginstatus=timedout

https://example.com/login/#loginform

We could then utilise a free stack like QueryDisplay for displaying some information to these users. This can make the whole process more intuitive. For logged-out users we could display a message along the lines of "thank you, you are now logged out". And for idle users, a similar message of "We logged you out automatically, because you were inactive for 5 minutes" could be displayed. Both messages could be placed as headings above the login form. it is possible to combine both a query string and anchor like this:

https://example.com/login/?loginstatus=loggedout#logout

The beauty of this system is you could create a highly sophisticated setup of query strings and messages; to the extent of being able to customise the messages depending on which webpage the user was referred from and their login status.

Handling incorrect logins

Sentry does not include a message for failed login attempts. The default behaviour is to reload the login webpage. To display a message that the user has entered an incorrect or invalid password, enable the Action Incorrect Logins checkbox setting. Then set the redirect link (for failed logins) back to the current login page. Use a query string of something like ?loginstatus=incorrect and combine this with our free QueryDisplay stack. Place the message, support information or help contact links you want shown in the QueryDisplay stack.

Using Sentry to password protect multiple webpages

The easiest solution is to create your dedicated login webpage in the normal way. Set it as a redirect to the webpage users would commonly come through, like a homepage or landing page.

On every page you want password protected, simply add one Sentry stack configured to Protect This Webpage. Set this Sentry stack as a link back to your login webpage, for the benefit of users who are not logged in. If you make your Sentry stack a Partial, you can quickly add the same stack on all the pages you want protected. Redirect links to the login webpage are automatically updated to reflect the address of each protect page.

Can I setup more than one password?

Yes, you absolutely can! For the login form, conditional display or page protection configurations, simply enter two or more passwords in the Passwords box. Separate each password with a single space. There is no requirement to put each password inside quote marks or separate them with commas. A single space works fine for each password. Sentry has some smart code that automatically converts a space-separated list of passwords into an array. When a website user arrives at a protected page, Sentry will first look for the presence of a sentry_password tracking cookie. If the cookie is found, then Sentry compares the cookie value with the list of passwords you supply. This system means that even if a person can fake the creation of a new sentry_password tracking cookie in their web browser, the value of the cookie is still tested against and has to be an absolute match.

For logout buttons or idle logouts, we simply delete the entire tracking cookie, irregardless of what password is assigned to it. This helps keep things simple and ensures the same logout button or idle logout can be used for multiple passwords.