WonderCMS features

Security features

  • WonderCMS supports HTTPS out of the box. Check how to turn on better security mode.
  • All CSS and JS libraries include Subresource Integrity (SRI) tags. This prevents any changes to the libraries being loaded.
  • WonderCMS encourages you to pick a good custom login URL (in Settings -> Security), as it prevents brute force attacks. Search engines don't index/find your login URL, as it always returns a 404 status.
  • The admin password is hashed using PHP's password_hash and password_verify functions.
  • WonderCMS includes CSRF verification tokens + hash_equals function to prevent timing attacks.
  • Your WonderCMS website is completely independent (detached) from WonderCMS servers.

no setup - unzip and upload

inline click and edit functionality

1 click update (screenshot)

open source & free

clean URLs

developed since 2008

no link back required (no "powered by" link)

can be used as a skeleton for a web app/website


1 click backup

file uploader

theme and plugin installer

easy to theme


clean URLs

highlighted current page in menu

lightweight - runs on 5 files

simple page deleting/creating

custom login URL

custom homepage

optional - functions.php automatically includes itself when created in any theme folder

SEO - custom title, keywords and description for each page

works by default on Apache (NGINX and IIS require editing one server file)

custom 404 page

WonderCMS demo
Download WonderCMS 2.5.2 14kb

hosting with WonderCMS pre-installed

[Video tutorial] How to install with cPanel and Softaculous

deploy on Microsoft Azure - [Video tutorial]