All security features described
robiso edited this page Mar 19, 2018
·
1 revision
- WonderCMS supports HTTPS out of the box.
- All CSS and JS libraries include Subresource Integrity (SRI) tags. This prevents any changes to the libraries being loaded. If any changes are made, the libraries won't load for your and your visitors protection.
- Check how to add SRI tags to your custom theme. This step isn't necessary if you're using a theme from the official website.
- WonderCMS encourages you to change the default login URL. Consider the custom login URL as your private username.
- Choosing a good login URL can prevent brute force attacks.
- WonderCMS returns a 404 status on the login page, so search engines shouldn't visit/cache the login URL.
- The admin password is hashed using PHP's password_hash and password_verify functions.
- Even if an attacker guesses your login URL (which should be hard if you've chosen a good login URL), choosing a strong password prevents them from gaining admin privileges.
- WonderCMS includes CSRF verification tokens. It additionally includes the hash_equals function to prevent CSRF timing attacks.
Still need help?
- Ask a question or make a request in the community.
- Official website
Intro
- Home
- Demo
- Download
- One step install
- Requirements
- 5 file structure
- List of hooks
- Included libraries
- Create theme in 8 easy steps
- Create a plugin
- Custom modules
- Translations
- All security features described
Basic how to's
- Backup all files
- Change default login URL
- Change default password
- Create custom page template
- Create new editable areas or editable blocks
- Edit 404 page
- Get data from database
- Set data to database
- Hide page from menu
- Caddy web server config
- IIS server config
- NGINX server config
- Login
- Recover login URL
- Reset password
- Restore backup
- Update
- PHP built in server
Themes
- Create theme in 8 easy steps
- Add favicon
- Theme tags
- Update theme to work with WonderCMS 2.0.0
- Update theme to work with WonderCMS 3.0.0
- Share your themes with Custom modules
Plugins
- Quick intro on creating plugins and List of hooks
- Share your plugin with simply with Custom modules
Security
- All security features described
- Add SRI tags to your theme libraries
- Always redirect to https and www
- Additional security configuration(s)
- Add SRI tags to your theme libraries
- Better security mode (HTTPS and other features)
Features description
- One click update
- Optional: functions.php file
- Default database.js
- Allowed extensions file types for uploads
- Login URL doesn't work - 404
- 500 internal server error
- Persistent "New WonderCMS update available" message
- URLs mailformed on Windows IIS
- Other errors