diff --git a/import/api/wpforms-crawler/README.md b/import/api/wpforms-crawler/README.md
index 694d1c6..77e99db 100644
--- a/import/api/wpforms-crawler/README.md
+++ b/import/api/wpforms-crawler/README.md
@@ -1,3 +1,14 @@
 [wpforms](https://wpforms.com/) uses a counter for `ENTRY_ID`s and seems to be vulnerable against CSRF :(
 
 Once we have obtained a cookie, crawling is trivial…
+
+
+## configuration && usage
+
+```bash
+cp config.sh{,~}
+edit config.sh~
+
+. config.sh~ && ./download.sh
+./merge.sh
+```
diff --git a/import/api/wpforms-crawler/config.sh b/import/api/wpforms-crawler/config.sh
index 792ad9f..793da4d 100644
--- a/import/api/wpforms-crawler/config.sh
+++ b/import/api/wpforms-crawler/config.sh
@@ -1,17 +1,17 @@
 ## common
 
-DATA_DIR="./data"
+export DATA_DIR=${DATA_DIR:='./data'}
 
 ## download
 
-START=500  #57
-END=500  #1000
+export START=${START:=500}  #57
+export END=${END:=1000}
 
-WP_ADMIN_URL='https://example.com/wp-admin/admin.php'
-FORM_ID=16993
-NONCE='caffeeeeee'
-AUTHORIZATION_HEADER='authorization: Basic Base64EncodedDataaaaaaaaaa=='
-COOKIE_HEADER='cookie: wordpress_sec_thisCopiedFromTheBrower; wordpress_logged_in_; some_other_cookies'
+export WP_ADMIN_URL=${WP_ADMIN_URL:='https://example.com/wp-admin/admin.php'}
+export FORM_ID=${FORM_ID:=16993}
+export NONCE=${NONCE:='caffeeeeee'}  ## it will change and needs be replaced
+export AUTHORIZATION_HEADER=${AUTHORIZATION_HEADER:='authorization: Basic Base64EncodedDataaaaaaaaaa=='}
+export COOKIE_HEADER=${COOKIE_HEADER:='cookie: wordpress_sec_thisCopiedFromTheBrower; wordpress_logged_in_; some_other_cookies'}
 
 ## HEADERS_THAT_SEEM_TO_BE_NOT_REQUIRED
 #-H 'authority: example.com' \
@@ -20,7 +20,7 @@ COOKIE_HEADER='cookie: wordpress_sec_thisCopiedFromTheBrower; wordpress_logged_i
 
 ## merge
 
-OUT="/tmp/example.csv"
+export UT=${OUT:="/tmp/example.csv"}
 
 ## setup