All security features described

robiso edited this page Mar 19, 2018 · 1 revision

Security features

  • WonderCMS supports HTTPS out of the box.
  • All CSS and JS libraries include Subresource Integrity (SRI) tags. This prevents any changes to the libraries being loaded. If any changes are made, the libraries won't load for your and your visitors protection.
  • WonderCMS encourages you to change the default login URL. Consider the custom login URL as your private username.
    • Choosing a good login URL can prevent brute force attacks.
    • WonderCMS returns a 404 status on the login page, so search engines shouldn't visit/cache the login URL.
  • The admin password is hashed using PHP's password_hash and password_verify functions.
    • Even if an attacker guesses your login URL (which should be hard if you've chosen a good login URL), choosing a strong password prevents them from gaining admin privileges.
  • WonderCMS includes CSRF verification tokens. It additionally includes the hash_equals function to prevent CSRF timing attacks.
Clone this wiki locally
You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.
Press h to open a hovercard with more details.