All security features described

Security features

WonderCMS supports HTTPS out of the box.
- Check how to enable a permanent redirect on Apache or NGINX.
All CSS and JS libraries include Subresource Integrity (SRI) tags. This prevents any changes to the libraries being loaded. If any changes are made, the libraries won't load for your and your visitors protection.
- Check how to add SRI tags to your custom theme. This step isn't necessary if you're using a theme from the official website.
WonderCMS encourages you to change the default login URL. Consider the custom login URL as your private username.
- Choosing a good login URL can prevent brute force attacks.
- WonderCMS returns a 404 status on the login page, so search engines shouldn't visit/cache the login URL.
The admin password is hashed using PHP's password_hash and password_verify functions.
- Even if an attacker guesses your login URL (which should be hard if you've chosen a good login URL), choosing a strong password prevents them from gaining admin privileges.
WonderCMS includes CSRF verification tokens. It additionally includes the hash_equals function to prevent CSRF timing attacks.

Still need help?

Intro

Basic how to's

Themes

Plugins

Security

Features description

List of common errors