diff --git a/README.txt b/README.txt
index b6888c7..195f617 100644
--- a/README.txt
+++ b/README.txt
@@ -1,4 +1,4 @@
-Updated 22 October 2021
+Updated 23 October 2021
 
 Troggle is an application for caving expedition data management, 
 originally created for use on Cambridge University Caving Club (CUCC)expeditions 
@@ -8,6 +8,8 @@ Troggle has been forked into two projects. The original one is maintained by Aar
 and was used for Erebus caves. The CUCC variant uses files as the definitive data, 
 not the database and lives at http://expo.survex.com/repositories/troggle/.git/
 
+For the server setup, see /_deploy/debian/wookey-exposerver-recipe.txt
+
 See copyright notices in
 http://expo.survex.com/handbook/computing/contribute.html
 
diff --git a/_deploy/wsl/check-for-later-copy-of-localsettings.WSL.txt b/_deploy/wsl/check-for-later-copy-of-localsettings.WSL.txt
index e69de29..1f6a21f 100644
--- a/_deploy/wsl/check-for-later-copy-of-localsettings.WSL.txt
+++ b/_deploy/wsl/check-for-later-copy-of-localsettings.WSL.txt
@@ -0,0 +1,3 @@
+The copy in this /_deploy/ folder may not be the latest if active development
+has been going on in the parent folder. Check there for a later copy of
+the localsettingsWSL file.
\ No newline at end of file
diff --git a/localsettingsWSL.py b/_deploy/wsl/localsettingsWSL.py
similarity index 93%
rename from localsettingsWSL.py
rename to _deploy/wsl/localsettingsWSL.py
index ab64097..b75bccc 100644
--- a/localsettingsWSL.py
+++ b/_deploy/wsl/localsettingsWSL.py
@@ -27,10 +27,10 @@ print(" * importing troggle/localsettings.py")
 #-----------------------------------------------------------------
 # default values,  real secrets imported from credentials.py
 
-SECRET_KEY = "z514d%crn*fpd*ewt_27m_r^a#vaeozn0---^fj!355qki*vj2"
-EXPOUSERPASS = "161:gosser"
-EXPOADMINUSERPASS = "gosser:161"
-EMAIL_HOST_PASSWORD = "smtp-django-test" 
+SECRET_KEY = "real-SECRET_KEY--imported-from-localsettings.py"
+EXPOUSERPASS = "nnn:gggggg - real-expo-password---imported-from-localsettings.py"
+EXPOADMINUSERPASS = "gggggg:nnn - real-expo-password---imported-from-localsettings.py"
+EMAIL_HOST_PASSWORD = "real-email-password---imported-from-localsettings.py"
 
 EXPOFILESREMOTE = False # if True, then re-routes urls in expofiles to remote sever. Tests are then less accurate.
 #SECURE_SSL_REDIRECT = True # breaks 7 tests in test suite 301 not 200 (or 302) and runserver fails completely
@@ -130,8 +130,8 @@ TEMPLATES = [
 ]
 
 # Passwords are loaded from credentials.py by settings.py
-#EXPOUSERPASS = "nnn:gggggg" # overwritten by loading from credentials.py 
-#EMAIL_HOST_PASSWORD = "insert-real-email-password-here" # overwritten by loading from credentials.py
+EXPOUSERPASS = "nnn:gggggg - real-expo-password---imported-from-localsettings.py"
+EMAIL_HOST_PASSWORD = "real-email-password---imported-from-localsettings.py"
 
 EXPOUSER = 'expo'
 EXPOUSER_EMAIL = 'philip.sargent@gmail.com'
diff --git a/pre-push.sh b/pre-push.sh
index eb4e617..b3c2638 100644
--- a/pre-push.sh
+++ b/pre-push.sh
@@ -1,6 +1,7 @@
 #! /bin/sh
 # create and sanitise files for pushing to repo
-# Philip Sargent 2021/04/06
+# catatrophically forgot to sanitize localsettingsWSL.py - oops.
+# Philip Sargent 2021/10/23
 echo deprecations.
 python -Wall manage.py check -v 3 2>deprecations.txt >/dev/null
 echo diffsettings.
@@ -14,18 +15,22 @@ python manage.py inspectdb > troggle-inspectdb.py
 echo remove passwords.
 cp localsettings.py localsettingsWSL.py
 sed -i '/EXPOUSERPASS/ s/^.*$/EXPOUSERPASS = "nnn:gggggg - real-expo-password---imported-from-localsettings.py"/' diffsettings.txt
+sed -i '/EXPOUSERPASS/ s/^.*$/EXPOUSERPASS = "nnn:gggggg - real-expo-password---imported-from-localsettings.py"/' localsettingsWSL.py
 echo "    reset: EXPOUSERPASS = \"nnn:gggggg\"  - real-expo-password---imported-from-localsettings.py"
 
-sed -i '/EXPOADMINUSERPASS/ s/^.*$/EXPOADMINUSERPASS = "nnn:gggggg - real-expo-password---imported-from-localsettings.py"/' diffsettings.txt
+sed -i '/EXPOADMINUSERPASS/ s/^.*$/EXPOADMINUSERPASS = "gggggg:nnn - real-expo-password---imported-from-localsettings.py"/' diffsettings.txt
+sed -i '/EXPOADMINUSERPASS/ s/^.*$/EXPOADMINUSERPASS = "gggggg:nnn - real-expo-password---imported-from-localsettings.py"/' localsettingsWSL.py
 echo "    reset: EXPOUSERPASS = \"gggggg:nnn\"  - real-expo-password---imported-from-localsettings.py"
 
 sed -i '/EMAIL_HOST_PASSWORD/ s/^.*$/EMAIL_HOST_PASSWORD = "real-email-password---imported-from-localsettings.py"/' diffsettings.txt
+sed -i '/EMAIL_HOST_PASSWORD/ s/^.*$/EMAIL_HOST_PASSWORD = "real-email-password---imported-from-localsettings.py"/' localsettingsWSL.py
 echo "    reset: EMAIL_HOST_PASSWORD = \"real-email-password--imported-from-localsettings.py\""
 
 sed -i '/SECRET_KEY/ s/^.*$/SECRET_KEY = "real-SECRET_KEY--imported-from-localsettings.py"/' diffsettings.txt
+sed -i '/SECRET_KEY/ s/^.*$/SECRET_KEY = "real-SECRET_KEY--imported-from-localsettings.py"/' localsettingsWSL.py
 echo "    reset: SECRET_KEY = \"real-SECRET_KEY--imported-from-localsettings.py\""
 
-
+mv localsettingsWSL.py _deploy/wsl
 #
 # Do these before final testing, *not* just before pushing:
 # in ./pre-run.sh