Features


Security

  • WonderCMS supports HTTPS out of the box. Check how to turn enable HTTPS or also overwrite your htaccess to use the improved security mode.
  • All CSS and JS libraries include Subresource Integrity (SRI) tags. This prevents any unauthorized changes to the libraries being loaded.
  • WonderCMS encourages you to pick a good custom login URL (in Settings -> Security), as it prevents brute force attacks. Search engines don't index/find your login URL as it always returns a 404 status.
  • The admin password is hashed using PHP's password_hash and password_verify functions.
  • WonderCMS includes CSRF verification tokens + hash_equals function to prevent timing attacks.
  • Your website is completely independent and detached from WonderCMS servers.
  • GDPR compliant - WonderCMS uses only 1 session state cookie, which defines a state between a logged in/logged out user.
  • Last 5 logged in IPs saved.
  • Admin is logged out of all devices after password is changed.

Other features

  • no setup - unzip and upload
  • extremely fast
  • blog mode
  • unlimited subpages
  • 1 click updates (screenshot)
  • custom theme/template for each page
  • open source & free
  • clean/friendly URLs
  • developed since 2008
  • no "powered by" links
  • simple skeleton for a web app/website
  • file manager
  • theme/plugin installer
  • easy to theme (8 steps)
  • responsive
  • simple to customize
  • highlighted current page in menu
  • lightweight - runs on 5 files
  • simple page deleting/creating
  • custom login URL
  • custom homepage
  • optional - functions.php automatically includes itself when created in any theme folder
  • SEO - custom title, keywords and description for each page
  • works by default on Apache (NGINX or IIS or Caddy require editing one server file)
  • custom 404 page
  • last 5 "logged in from" IPs
  • log out of all devices after changing password
  • easy click and edit functionality