Features
Security
- WonderCMS supports HTTPS out of the box. Check how to turn enable HTTPS or also overwrite your htaccess to use the improved security mode.
- All CSS and JS libraries include Subresource Integrity (SRI) tags. This prevents any unauthorized changes to the libraries being loaded.
- WonderCMS encourages you to pick a good custom login URL (in Settings -> Security), as it prevents brute force attacks. Search engines don't index/find your login URL as it always returns a 404 status.
- The admin password is hashed using PHP's password_hash and password_verify functions.
- WonderCMS includes CSRF verification tokens + hash_equals function to prevent timing attacks.
- Your website is completely independent and detached from WonderCMS servers.
- GDPR compliant - WonderCMS uses only 1 session state cookie, which defines a state between a logged in/logged out user.
- Last 5 logged in IPs saved.
- Admin is logged out of all devices after password is changed.
Other features
- no setup - unzip and upload
- extremely fast
- blog mode
- unlimited subpages
- 1 click updates (screenshot)
- custom theme/template for each page
- open source & free
- clean/friendly URLs
- developed since 2008
- no "powered by" links
- simple skeleton for a web app/website
- file manager
- theme/plugin installer
- easy to theme (8 steps)
- responsive
- simple to customize
- highlighted current page in menu
- lightweight - runs on 5 files
- simple page deleting/creating
- custom login URL
- custom homepage
- optional - functions.php automatically includes itself when created in any theme folder
- SEO - custom title, keywords and description for each page
- works by default on Apache (NGINX or IIS or Caddy require editing one server file)
- custom 404 page
- last 5 "logged in from" IPs
- log out of all devices after changing password
- easy click and edit functionality