Page 2 of 2

Re: [SOLVED] Can't even get to login

Posted: Tue Feb 27, 2018 8:58 pm
by wiz
You are completely correct, cPanel does indeed append their content at some stage if something is missing.
I'm glad this came up, as at some stage in the future (probably beginning of 2019), I'd like to see WonderCMS automatically redirect users websites to HTTPS as the global moving of HTTPS-ing everything (more info in the ultimate link below)

I went to check and downloaded WordPress and it doesn't include the htaccess file. Trying to figure out where and how it's generated and haven't found out how for now.

Meanwhile, I updated the wiki to include the ultimate htaccess settings: https://github.com/robiso/wondercms/wik ... s-settings

What the "ultimate" .htaccess file does to improve functionality:
- turns off directory listing // included in WonderCMS by default
- turns off server signature // included by default
- denies access to database.js // included by default
- creates clean URLS (example.com/?page=home TO example.com/home) // included by default
- always redirect to https:// and www on your website
- a stricter cookie policy,
- additional XSS protection for when the user has it turned off by default (server side),
- MIME type sniffing prevention,
- iframes to be allowed only from the same origin and a
- stricter referrer policy

If anybody wants to use it, make sure your website supports HTTPS / has a valid certificate (this can be easily checked with your host).

I'll check back if I figure out something regarding the .htaccess file and generating it.

Re: [SOLVED] Can't even get to login

Posted: Tue Feb 27, 2018 9:09 pm
by postpar
VERY nice. Thanks again. I'll make those changes myself.