- WonderCMS supports HTTPS out of the box. Check how to turn on better security mode.
- All CSS and JS libraries include Subresource Integrity (SRI) tags. This prevents any unauthorized changes to the libraries being loaded.
- WonderCMS encourages you to pick a good custom login URL (in Settings -> Security), as it prevents brute force attacks. Search engines don't index/find your login URL, as it always returns a 404 status.
- The admin password is hashed using PHP's password_hash and password_verify functions.
- WonderCMS includes CSRF verification tokens + hash_equals function to prevent timing attacks.
- Your website is completely independent and detached from WonderCMS servers. All updates are pushed through GitHub.
- GDPR compliant: WonderCMS uses only 1 session state cookie, which defines a state between a logged in and a logged out user.
no setup - unzip and upload
inline click and edit functionality
no link back required (no "powered by" link)
can be used as a skeleton for a web app/website
theme and plugin installer
highlighted current page in menu
lightweight - runs on 5 files
simple page deleting/creating
optional - functions.php automatically includes itself when created in any theme folder
SEO - custom title, keywords and description for each page
works by default on Apache (NGINX and IIS require editing one server file)