What's new in v3.1.3
October 17, 2020

This update brings a minor fix for supporting GitHub's new default "main" branch name, which enables all new themes/plugins should be working/loading as expected.

This release also includes a new installable translation plugin - Greek.


Happy WonderCMS-ing! 🚀

Features & fixes

  • Add support for GitHub's new default branch name "main".

Plugins updates

  • New translation plugin: Greek.

1 click update

  • Login to your WonderCMS website and click "Update". Create a backup prior to updating.
    If you can't see the update, open Settings -> Themes or Plugins and click "Check for updates".


Previous updates

What's new in v3.1.2
October 8, 2020

This updates an important debugging fix with the database being randomly overwritten. This patch should prevent any database corruption and log any issues.

If your /data/ folder will contain any error logs after this update, please share it on any of our communcations channels, so the database can be resolved faster and the debugging implemented with this update will be removed from WonderCMS.

This release comes with two new installable plugins: Swedish and Portuguese translations!

Happy WonderCMS-ing 🚀

Features & fixes

  • Database corruption fix and error logging.
  • Minor optimizations.
  • Added password placeholder.

Plugins updates

  • New translation plugins: Swedish and Portuguese.

Download / Update instructions

  • Login to your WonderCMS website and click "Update". Create a backup prior to updating.
    If you can't see the update, open Settings -> Themes or Plugins and click "Check for updates".

What's new in v3.1.1
July 21, 2020

This updates bring three important security fixes as reported by Calvin Phang from SEC Consult. These issues affected only logged in users. This update also includes a few other minor updates.


After 12 years of development, we have finally opened our very own Official Merch Store. Please check it out and support future WonderCMS development.

Support WonderCMS by getting Merch

Happy WonderCMS-ing 🚀

Features & fixes

  • Fixed vulnerabilities.
  • Upgraded WonderCMS updating mechanism to prevent database corruption.
  • Improved file upload allowed extensions list.
  • Other minor improvements.

New themes & plugins + updates

  • New theme - Watercolor by Stephan Stanisic (can be installed via Settings -> Themes)
  • Cache plugin - caches all theme/plugin images. Created by Stephan Stanisic (can be installed via Settings -> Plugins)
  • Simple blog - fixed CSS (white background) issue
  • All translation plugins have been updated.

Download / Update instructions

  • Login to your WonderCMS website and click "Update". Create a backup prior to updating.
    If you can't see the update, open Settings -> Themes or Plugins and click "Check for updates".

Special thanks

What's new in v3.1.0
May 18, 2020

This update brings a lot of speed and easier editing improvements. We have finally detached the WonderCMS Settings panel from requiring Bootstrap or jQuery and have completely rewritten the CSS/JavaScript part of the Settings.

For the first time ever, we're now also providing translation plugins, which will translate your Settings panel into one of the mentioned languages below. Special thanks to Stephan Stanisic.

Additionally, there's a new default theme, along with some new variants - previews and screenshots below.

Happy WonderCMS-ing 🚀

Features and fixes

  • Faster WonderCMS - settings are now completely independent and detached of jQuery and Bootstrap.
  • Translations: German, Russian, Dutch, French, Polish, Slovenian.
  • Easier editing - edit icons from "Website title", "Menu" will open the modal window directly to the editable locatation.
  • Settings/Logout buttons are now floating/fixed to avoid theme compatibility issues.
  • Footer is now directly editable.
  • Optimized - admin JavaScript and CSS rewritten from scratch.
  • All alerts are now dismissible until a page refresh is done.
  • Autofocus on input field when logging in.
  • Improved loader when saving and checking for updates.
  • Improved file uploader allowed extensions.

New themes & updates

  • New default theme: Essence - can be installed via Settings and Themes.
  • New theme: Violet.
  • New theme: Universe Gradient.
  • These themes are similar with different color schemes.

New plugins & updates

  • German, Russian, Dutch, Polish, French and Slovenian plugin translations.
  • Simple blog - improved user experience.
  • Summernote editor - updated to support latest version of WonderCMS.
  • Simple statistics - fixed bug with special characters/UTF-8 encoding.
  • Additional contents - improved buttons without icons.
  • Hits counter - text changes.

Download / Update instructions

  • Login to your WonderCMS website and click "Update". Create a backup prior to updating.
    If you can't see the update, open Settings -> Themes or Plugins and click "Check for updates".

What's new in v3.0.6 + 3.0.7 patch
February 16 & March 3, 2020

Features/fixes

  • bug fix: keep/retain br tags after editing
  • 3.0.7 bug fix/patch: reverted including jQuery and Bootstrap at all times

Theme updates

  • 3.0.7 patch/revert: All themes have been updated: the order of the $Wcms->css is back to default place in theme.php.

Download / Update instructions

  • Log into your WonderCMS website and click "Update". Always create a backup prior to updating.
    If you can't see the update, open Settings -> Themes and click "Check for updates".

3.0.5 February 10, 2020

Features/fixes

  • added IDs to menu items
  • improved the theme version update checker
  • bug fix: renaming page/slug
  • bug fix: spaces being added automatically to footer (on edit)
  • bug fix: order of admin CSS library in all themes

Theme updates

  • All themes have been updated: the order of the $Wcms->css has been bumped higher.

Download / Update instructions

  • Log into your WonderCMS website and click "Update". Always create a backup prior to updating.

Thanks to

  • Slaven Stančič for the code fixes and improvements.
  • Thanks to our active community members which have started working on new themes and plugins.

3.0.4 January 1st, 2020

New features

  • built in theme and plugin installer
  • speed improvements
  • caching/update system for themes and plugins
  • new dropdown for selecting default page
  • improved notifications
  • shortcuts to opening tabs in the Settings panel
  • major code clean up and optimization - special thanks to Slaven Stančič
  • improved updating system for WonderCMS
  • numerous bug fixes
  • animated loaders (when logging in and checking for updates)
  • log out admin of all devices after password change
  • improved getter function
  • improved theme activator
  • redirect after logout/password change
  • additional hooks
  • IP logging for last 5 logins
  • settings/admin panel design improvements

New plugins

  • Blog plugin (by Stephan Stanisic)
  • Summernote air editor (by Stephan Stanisic)
  • Statistics plugin (by Stephan Stanisic)
  • Rewritten and improved contact form plugin (by Stephan Stanisic)

New themes

  • Fallout (by turboblack)
  • Parallax (by Stephan Stanisic)
  • w3css (by Stephan Stanisic)

Download / Update instructions / Manual update

Thanks to

  • Slaven Stančič for all the code re-writing, implementation, genius on the spot programming, fixing most bugs and issues.
  • Stephan Stanisic for the inspiration, new ideas, plugins, themes, helping out with user support and bringing so much excitement to the project.
  • Nicolas Carpi for re-writing a major part of WonderCMS.
  • Anusya Angamuthu and Ashe Safe for reporting vulnerabilities.
  • Turboblack for all the themes and promoting WonderCMS in other markets.

3.0.0/3.0.3 BETA - November/December 7th, 2019

  • built in theme and plugin installer
  • speed improvements
  • caching/update system for fetching themes and plugins
  • default page can be now selected from drop down
  • improved notifications
  • shortcuts to opening specific tabs for the Settings panel
  • major code clean up and optimization - special thanks to Slaven Stančič
  • improved updating system for WonderCMS
  • developer friendlier
  • numerous bug fixes
  • 3.0.1: loaders when logging in and checking for updates
  • 3.0.2: log out admin of all devices after password change
  • 3.0.2: improve getter function
  • 3.0.3: awesome theme activator, redirect after logout/password change, IP logging for last 5 logins.

New plugins

  • Blog plugin (by Stephan Stanisic)
  • Summernote air editor (by Stephan Stanisic)

New themes

  • Fallout (by turboblack)
  • Parallax (by Stephan Stanisic)

Download 3.0.3 beta

Thanks to

  • Slaven Stančič for all the code re-writing, implementation, genius on the spot programming and fixing for fixing bugs and issues.
  • Stephan Stanisic for the inspiration, new ideas, plugins, themes, helping out with user support and bringing so much excitement to the project.
  • Nicolas Carpi for re-writing a major part of WonderCMS.
  • Anusya Angamuthu and Ashe Safe for reporting vulnerabilities.
  • Turboblack for all the themes and promoting WonderCMS in other markets.

2.7.0 - March 31st, 2019

  • Random password generator for first time installs.
  • "Get external file" function improved.
  • Minimum password length changed to 8 characters.
  • Minor code improvements and optimizations.
  • Fixed a possible bypass (on top of an already patched) bug.
  • Removing auto update function, the next WonderCMS version (3.0.0) will require manual updating due to significant restructuring.

No special actions are required for this update

Simply use the one click update from your admin panel. Make sure to always backup before updating.

IMPORTANT: future version (3.0.0) will require manual updating

Due to some awesome restructuring done by Nicolas Carpi, WonderCMS 3.0.0 will not be backwards compatible and will require manual updating. Instructions will appear here once version 3.0.0 is ready to be released.

Notes

Thanks to Nicolas Carpi, an awesome developer that joined in on helping with WonderCMS. He's responsible for most of the code refactoring that is going to be included in the next milestone version (3.0.0) and all of the incoming improvements.

Thanks to Ashe Safe for responsibly reporting a possibility of a self-attack, which that bypassed an existing patch. More info on GitHub.

2.6.0 - January 1st, 2019

  • Added popup/functionality for naming a page before creating it.
  • Minor text and settings panel visual changes.
  • Code optimisation/cleanup.
  • Updated autosize library to latest version.
  • Increased randomness of backup file names.

No special actions are required for this update

Simply use the one click update from your admin panel. Make sure to always backup before updating.

2.5.2 - July 18th, 2018

  • Fixed session fixation vulnerability.
  • Fixed mixed content warning for NGINX servers.
  • Improved main URL function and added multiple string case checks for the HTTPS protocol and port forwarding.

No actions are required for this update

Simply use the one click updater from your admin panel.

Notes

Thanks to Anusya Angamuthu for reporting the session fixation vulnerability.

Thanks to Senthil Nathan for reporting the mixed content issue, providing a fix and testing.

2.5.0 and 2.5.1 patch - May 2nd, 2018

  • New feature (Apache only): better security mode and HTTPS redirect ON/OFF switch in Settings->Security. Read more about enabling better security mode.
  • New feature: view version number when updating. It's now easier to see to what WonderCMS version you're updating to next.
  • Minor text and style changes to the update notification and settings panel.
  • Upgraded logic when checking for directory traversal attacks. Other minor code fixes.
  • Moved location of backup action in index.php, this removes the "Delete backup files" notification bug when a backup file is removed.
  • Moved location of delete page action index.php, this remove the "Page deleted" notification when a corrupted database is recovered.
  • Changed most REQUEST['token'] checks to POST types.
  • Fixed bug in better security function.
  • Improved function for password changing.
  • Added keyword and description for 404 pages (for fresh WonderCMS installs only).
  • Improved function for installing themes and plugins.
  • Fixed bug with function for deleting files and folders.

8 theme updates available: check themes page

2016 default theme, Dark blue, Gold, Green, Light blue, Pink, Purple, Red

Notes

Thanks to Vekien for the upgraded code logic for checking directory traversal attacks.

2.4.1 - February 21st, 2018 (and 23rd - minor 2.4.2 patch)

  • Fixed bug with "double update" notification (2.4.2 patch). The double notification bug will be displayed one last time after updating.
  • Fixed vulnerability - logged in admin could delete files from any directory.
  • Added SRI hashes to external JavaScript and CSS files: jquery.min.js, bootstrap.min.js, autosize.min.js, taboverride.min.js, jquery.taboverride.min.js, bootstrap.min.css).
  • Removed unnecessary session unset.
  • Minor text changes.

Default theme update available

Copy the link below and paste it in Settings->Themes & plugins, select "Theme" and click update. https://github.com/robiso/wondercms-themes/releases/download/default-2/default.zip

2.4.0 - January 1st, 2018 (Happy New Year!)

  • Removed old version update support compatibility.
  • A better definition of public/private functions.
  • Corrected code logic in theme/plugin installer with an array check.
  • Added hash_equals checks to prevent CSRF timing attacks.
  • Added link to WonderCMS homepage in the Settings panel.
  • Minor text changes to the Settings panel and error messages.
  • Minor Settings panel design changes.
  • Prettified code fixes.
  • CSS fix, removed bottom border on the settings panel links. The border was visible only when designing a new theme/template from scratch.
  • Functions re-sorted alphabetically for easier overview.
  • Added 404 page editing support.
  • Added whitelist for allowed file type uploads.
  • Restructured function for deleting files, themes and plugins.
  • Updated taboverride and autosize to latest version.
  • Updated Summernote plugin to latest version and added tables to the Summernote editor toolbar.

2 plugins need manual updating (copy/paste link)

  • NOTE 1: If you don't have these plugins, there is no need to update them.
  • NOTE 2: Update WonderCMS before updating plugins.

1. Update link for Summernote editor plugin

Copy the link below and paste it in your Settings->Themes & plugins, select "Plugin" and click update.

https://github.com/robiso/wondercms-plugins/releases/download/summernote-2.4/summernote.zip

2. Update for Additonal contents plugin

Copy the link below and paste it in your Settings->Themes & plugins, select "Plugin" and click update.

https://github.com/robiso/wondercms-plugins/releases/download/additional-contents-2.4/addition_contents.zip

Notes

Note 1: Thanks to Vekien for the corrected code logic in the theme/plugin installer, helping implement hash_equals and restructuring the function for deleting files/themes/plugins.

Note 2: Thanks to ayeshrajans for spotting the hash_equals improvement.

2.3.2 - October 11th, 2017

  • two additional ISSET checks to prevent PHP notices
  • changed HTTP 1.0 headers to HTTP 1.1
  • updated links to themes and plugins in the Settings panel (new links are: https://wondercms.com/themes and https://wondercms.com/plugins)
  • removed converted case for page titles
  • core code in WonderCMS prettified - providing a better level of readability
  • minor text changes

No actions are required for this update

Notes

Note 1: Thanks to Samrat Das for sparking a debate about file type limits in the file uploader. Share your opinion on the file uploader file type limits.

Note 2: We are dropping old version support in January 2018.

2.3.0 + 2.3.1 patch - August 23rd, 2017

  • one click backup
  • re-designed settings panel
  • theme installer + updater + remover
  • plugin installer + updater + remover
  • file uploader + remover
  • tab/indentation support
  • additional security token checks
  • added "Visit page" link next to each page in menu
  • added success message when deleting a page
  • logout link moved to top right corner
  • fixed title case when creating new pages
  • files autosize.js, taboverride.min.js and taboverride.jquery.min.js are now loaded after the admin is logged in, resulting in faster website loading
  • minor code logic fixes
  • minor text fixes
  • added two additional checks if the request for token is set (2.3.1 patch)
  • double space removal / converted to tabs (2.3.1 patch)

Special thanks to Janez Čas (HttpMaster author), Davide Vago, Robbie Antenesse and Andreas Lenhardt.

1 plugin needs to be updated from your settings panel

  • Summernote WYSIWYG editor - Simply COPY/PASTE the below link into your Settings->Themes&plugins, select plugin and click update. https://github.com/robiso/wondercms-plugins/releases/download/Summernote/summernote.zip

2 changes in theme.php // only for custom themes

  1. In theme.php: remove autosize.js (https://cdn.jsdelivr.net/jquery.autosize/3.0.17/autosize.min.js)
  2. In style.css: replace .navbar-right li a:hover, .navbar-right li.active a with ul.nav.navbar-nav.navbar-right li a:hover, ul.nav.navbar-nav.navbar-right li.active a

2.2.1 - June 23rd, 2017

  • Custom port support. WonderCMS now works on non-standard HTTP ports - thanks to Grzegorz Kowalski.
  • JavaScript hook fix - thanks to Grzegorz Kowalski.
  • Show admin CSS and JS only when logged. Great for even faster website load times.
  • Minor text and tab fixes.

1 plugin needs to be updated manually

  1. Additional contents plugin - DOWNLOAD the updated plugin, unzip it, and overwrite your existing addition_contents plugin folder with the new files.

2.2.0 - June 18th, 2017

  1. Added additional tokens to prevent/fix CSRF vulnerabilities thanks to Luka Mrovlje from Mobinia inter for the fix. Special thanks to Ehsan Hosseini from Zerox Security Lab (ZeroxSecLab Twitter) for reporting this and confirming the issue is resolved.
  2. Added CSS style (text align left) the settings panel. This is to prevent the admin settings panel text alignment from being overwritten by a custom theme.
  3. New created pages are now visible in the menu by default.
  4. Added extra help on the example page for new WonderCMS installations.

Plugins that need to be updated manually

  1. Summernote (WYSIWYG editor and file uploader). DOWNLOAD the new plugin, unzip it, and overwrite your existing summernote plugin folder with the new files.

2.1.0 - May 30th, 2017

  1. Easy page adding and hiding | thanks to Pascal Jordin.
  2. Easy page re-ordering | thanks to Pascal Jordin.
  3. Cleaner URLs | thanks to Pascal Jordin.
  4. Improved URL function | thanks to Luka Mrovlje.
  5. Minor code improvements.
  6. Additional thanks to turboblack (Dannis Danylenko) for all the testing.
  7. NOTE: All pages will be visible in your menu after updating. You can hide pages easily from your settings panel. This is necessary due to the new menu functionality.

2.0.6 - April 28th, 2017

  1. Fixed bug $_SERVER[REQUEST_URI] to $_SERVER['REQUEST_URI'] because of errors reported on some sites. Thanks to turboblack (Dannis Danylenko) for reporting this.

2.0.5 - April 28th, 2017

  1. Fixed display login URL in settings panel thanks to Robbie Antenesse.

2.0.4 - April 27th, 2017

  1. Update system changed from using file_get_contents to cURL - thanks to Robbie Antenesse for providing us with a more stable update system.
  2. Fixed absolute URLs to relative, this bug happened on some servers/environments and made WonderCMS URLs unusable - another thanks to Robbie Antenesse for this awesome fix.

2.0.3 - April 20th, 2017

  1. Fixed CSRF vulnerability with low severity - thanks to Ashutosh Singh for reporting this. Fixed in less than 24 hours from the time of the report.
  2. Changed/fixed span wrappers to div wrappers around editable areas - thanks to scsmash3r.
  3. Fixed bug which returned a 404 header to the logged in user.

New themes available, check them out in the WonderCMS demo. They're all downloadable for free in the WonderCMS themes repository.

2.0.2 - March 31st, 2017

  1. Additional hook added: page - this makes plugin developers lives easier.

New plugin available - easily create new editable areas

- Test this plugin in our WonderCMS demo. The green pluses which enable you to create new editable areas are visible after you log in.

- Download additional contents plugin and upload it to your plugins folder to activate it.

2.0.1 - March 28th, 2017

  1. Fixed bug in function name that caused errors for some users.
  2. Added default font size for settings panel.
  3. Removed unnecessary spaces and semicolons in settings CSS.

2.0.0 - March 18th, 2017

  1. This is the first non-beta release in 9 years.
  2. Major code clean up.
  3. New default theme.
  4. Improved settings panel.
  5. We now update the default theme (default theme.php, style.css) and .htaccess, we used to update only index.php.
  6. database.js versioning, which makes it really easy to define what user gets what update.
  7. "Powered by WonderCMS" link removed from footer. Wohoo freedom.
  8. Developer friendlier.
  9. Plugins are easier to develop.

Important theme.php changes - 8 tags need changing for version 2.0.0

- Easy instructions for replacement can be found here.

Important plugin changes for version 2.0.0

- The following plugins need to be updated:

- The following plugins are unavailable until developers update their plugins: