- WonderCMS supports HTTPS out of the box. Check how to make permanent redirects on Apache or NGINX.
- All CSS and JS libraries include Subresource Integrity (SRI) tags. This prevents any changes to the libraries being loaded.
- WonderCMS encourages you to pick a good custom login URL (in Settings -> Security), as it prevents brute force attacks. Search engines don't index/find your login URL, as it always returns a 404 status.
- The admin password is hashed using PHP's password_hash and password_verify functions.
- WonderCMS includes CSRF verification tokens + hash_equals function to prevent timing attacks.
no setup - unzip and upload
inline click and edit functionality
no link back required (no "powered by" link)
can be used as a skeleton for a web app/website
theme and plugin installer
highlighted current page in menu
lightweight - runs on 5 files
simple page deleting/creating
optional - functions.php automatically includes itself when created in any theme folder
SEO - custom title, keywords and description for each page
works by default on Apache (NGINX and IIS require editing one server file)