Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
All security features described
- WonderCMS supports HTTPS out of the box.
- All CSS and JS libraries include Subresource Integrity (SRI) tags. This prevents any changes to the libraries being loaded. If any changes are made, the libraries won't load for your and your visitors protection.
- Check how to add SRI tags to your custom theme. This step isn't necessary if you're using a theme from the official website.
- WonderCMS encourages you to change the default login URL. Consider the custom login URL as your private username.
- Choosing a good login URL can prevent brute force attacks.
- WonderCMS returns a 404 status on the login page, so search engines shouldn't visit/cache the login URL.
- The admin password is hashed using PHP's password_hash and password_verify functions.
- Even if an attacker guesses your login URL (which should be hard if you've chosen a good login URL), choosing a strong password prevents them from gaining admin privileges.
- WonderCMS includes CSRF verification tokens. It additionally includes the hash_equals function to prevent CSRF timing attacks.
Clone this wiki locally
Press h to open a hovercard with more details.