Clone or download
robiso Update version
Changing version number to start the update process.
Latest commit 22441f4 Jul 18, 2018
Failed to load latest commit information.
themes/default Update theme.php Feb 21, 2018
.gitignore Update .gitignore Mar 19, 2018
.htaccess Update .htaccess Mar 4, 2018
.htaccess-ultimate Update .htaccess-ultimate Apr 12, 2018 Update Feb 15, 2018 Update Jul 18, 2018
index.php Update index.php Jul 18, 2018
license Update license Jan 1, 2018
version Update version Jul 18, 2018

WonderCMS 2.5.2 5 files 14KB zip

Docs Number of downloads since first release on GitHub Maintaned License PayPal donate

One of the smallest and most simple CMS (no database)

Fast, responsive, single user flat file CMS. Built with PHP and jQuery. Alive and kicking since 2008.

DemoDownloadCommunityThemesPluginsNewsDonate or become a patron

1 step install

  • Unzip and upload to server.

OR clone from GitHub (via terminal): git clone


WonderCMS works on most Apache servers/hosts (even free ones) by default.

  • PHP 5.5. or greater
    • cURL extension
    • mbstring extension
    • Zip extension
  • mod_rewrite module

One additional step is required for setting up WonderCMS on NGINX or IIS.

Libraries used (6)

Libraries are loaded from Content Delivery Networks (CDNs) and include SRI tags.

  • 3 libraries located in theme.php, always included:
    • jquery.min.js (1.12.4), bootstrap.min.js (3.3.7), bootstrap.min.css (3.3.7).
  • 3 libraries located in index.php, included only when logged in:
    • autosize.min.js (4.0.0), taboverride.min.js (4.0.3), jquery.taboverride.min.js (4.0.0).

Security features

  • Track free, WonderCMS doesn't track users or store any cookies. Your WonderCMS installation is completely detached from WonderCMS servers. The one click updates are pushed from GitHub.
  • Supports HTTPS out of the box.
  • All CSS and JS libraries include SubResource Integrity (SRI) tags. This prevents any changes to the libraries being loaded. If any changes are made, the libraries won't load for your and your visitors protection.
  • WonderCMS encourages you to change your default login URL. Consider the custom login URL as your private username.
    • Choosing a good login URL can prevent brute force attacks.
    • WonderCMS returns a 404 status on the login page, so search engines shouldn't visit/cache the login URL.
  • The admin password is hashed using PHP's password_hash and password_verify functions.
    • Even if an attacker guesses your login URL (which should be difficult if you've chosen a good login URL), choosing a strong password prevents them from gaining admin privileges.
  • WonderCMS includes CSRF verification tokens for action verification's. It additionally uses the hash_equals function to prevent CSRF token timing attacks.
  • Transparent: downloads/updates are sent through GitHub (and not WonderCMS) servers.
  • No known vulnerabilities.
    • Special thanks to yassineaddi, hypnito and other security researchers.

Other features

  • no configuration required, unzip and upload
  • simple inline click and edit functionality
  • theme and plugin installer/updater
  • 1 click update and backup
  • easy to theme
  • file uploader
  • lightweight
  • responsive
  • clean URLs
  • custom homepage
  • menu reordering and visibility
    • hiding a page from the menu doesn't hide the page for search engines
  • highlighted current page in menu
  • custom 404 page
  • basic SEO support
    • custom title, keywords and description for each page
  • [optional] functions.php file for loading your custom code
    • includes itself when you create it
    • the location of functions.php file should be inside the current active theme folder (same location as theme.php)

List of donors and patrons

Also listed on the official WonderCMS website.

  • Martin Jablonka
  • Veselin Kamenarov
  • Håkon Wium Lie (creator of CSS)
  • Kenneth Rasmussen
  • David G.
  • Victor Onofrei
  • Matthew
  • James Campbell
  • Kirsten Hogan
  • Denis Volin
  • Jonathan Jacks
  • Bizibul
  • Bikespain
  • Aleksandr

What to (or not to) expect from WonderCMS

  • WonderCMS is meant to be a small gift to the internet and a simple alternative to website creating. It's 100% free and doesn't not include any "powered by" links.
  • WonderCMS doesn't track users and is not interested in any user data.
  • WonderCMS is not a fast-pace development project. Unless there is a critical vulnerability, there is no point in rushing updates.
  • WonderCMS is meant to be extremely simple and will not be over-bloated with features.
    • Specific features are added only if the majority of the WonderCMS community signals a wanted change.
    • Note: pull requests are welcome and appreciated.
  • To make WonderCMS sustainable and compact, I will support a maximum of 25 plugins and 25 themes.
    • Once this "25 limit" is reached in each category, a simple voting system will be established. Users will be free to vote for their favorite plugins and themes to ensure they stay in the "chosen 25" pool. Votes will be held on a 6-month basis/twice per year (subject to change).
    • The voting system comes in handy when users feel one of the 25 plugins or themes can be replaced by a better one with similar functionality or when a plugin/theme is no longer actively maintained.
    • This is a good way to ensure a small but good quality set of themes/plugins. The "25 chosen ones" of each category will be easier to maintain and watch over by the whole community.
      • If there's enough support from WonderCMS users in the future, I can lift the "25" limit and fully dedicate to maintaining this project.
  • WonderCMS doesn't include an "auto-update" feature.
    • In the unlikely event of this GitHub account being compromised, hackers would be able to deploy updates to all sites simultaneously.
    • These type of malicious attacks are currently prevented with the built in one click updater. This minimizes possible damage as users are encouraged to review code before using the 1 click update, so no damage is done automatically.
  • If you run into any issues when using WonderCMS, you can always expect someone to try to help you in the WonderCMS community.
    • Since WonderCMS is completely free and no one is paid to provide support, it's important to remain patient and respectful while asking for help.


Website links

Social links

Github links

Hosting and install tutorial links