wonder cms

WonderCMS - fast and small flat file CMS (5 files).

https://wondercms.com/

Smallest CMS (5 files • 20KB zip) - 1 step install

     

WonderCMS is an extremely small flat file CMS. It's fast, responsive and doesn't require any configuration.

It provides a simple way for creating and editing websites.
Includes features such as: 1-step install, 1-click updates, 1-click backups, theme/plugin installer and much more.

Demo • Download • Community • News/Changelog • Donate • Merch

Small and simple flat file CMS

• No configuration needed - unzip and upload.
• 5 files: database.js (JSON format), index.php, theme.php, style.css and htaccess.
  • Transferring your website to a new host/server is done by only copy/pasting all files (no additional configuration/migration)
• Privacy oriented: no cookies, tracking or "powered by" links.
• Includes plugins (via hooks/listeners), themes/plugins installer, backups, 1 click updates.
• Supports most server types (Apache, NGINX, IIS).
• Project goal: keep it simple, tiny, hassle free (infrequent-ish 1 click updates).

1 step install

• Unzip and upload latest version to your server.

Other install options

• Option 2: Clone from GitHub: git clone https://github.com/robiso/wondercms.git
• Option 3: Get hosting with WonderCMS pre-installed
• Option 4: Docker image
• Option 5: Install with cPanel (and Softaculous) - video tutorial
• Option 6: Watch video - installing WonderCMS on Microsoft Azure

Requirements

• PHP 7.2 or greater
  • cURL extension
  • mbstring extension
  • Zip extension
• mod_rewrite module
• any type of server (Apache, NGINX or IIS)

For setting up WonderCMS on NGINX or IIS servers, there is one additional step required. Read more: NGINX setup or IIS setup.

WonderCMS works on most Apache servers/hosts (even free ones) by default.

Libraries used (7)

Libraries are loaded from Content Delivery Networks (CDNs) and include SRI tags.

• 4 libraries located in theme.php, always included:
  • jquery.min.js (3.1.4), bootstrap.min.js (4.4.1), bootstrap.min.css (4.4.1), popper.min.js (1.16.0)
• 3 libraries located in index.php, included only when logged in:
  • wcms-admin.min.js, autosize.min.js (4.0.2), taboverride.min.js (4.0.3).

Security features

• Track free and transparent - WonderCMS doesn't track users or store any personal cookies, there is only one session state cookie. Your WonderCMS installation is completely detached from WonderCMS servers. One click updates are pushed through GitHub.
• Supports HTTPS out of the box.
  • Check how to turn on "improved security" mode.
• All CSS and JS libraries include SubResource Integrity (SRI) tags. This prevents any changes to the libraries being loaded. If any changes are made, the libraries won't load for your and your visitors protection.
  • Check how to add SRI tags to your custom theme. This step isn't necessary if you're using a theme from the official website.
• WonderCMS encourages you to change your default login URL. Consider your custom login URL as your private username.
  • Choosing a good login URL can prevent brute force attacks.
  • Your login page will always return a 404 header response. Search engines do not (and should not) cache your login URL.
• The admin password is hashed using PHP's password_hash and password_verify.
  • Choosing a strong password will prevent malicious actors from gaining any further admin access (if they would have guessed your login URL).
• WonderCMS includes CSRF verification tokens for each user action and additionally uses the hash_equals function to prevent CSRF token timing attacks.
• No known vulnerabilities.
  • Special thanks to yassineaddi, hypnito and other security researchers.

Other features

• no configuration required, unzip and upload
• extremely fast
• simple inline click and edit functionality
• theme and plugin installer/updater
• 1 click updates
• 1 click backups
• easy to theme
• custom editable blocks
• custom theme and plugin repositories
• log of last 5 logged in IPs
• file uploader
• lightweight
• responsive
• clean URLs
• custom homepage
• menu reordering and visibility
  • note: hiding a page from the menu only hides it from the actual menu (and not from search engines)
• highlighted current page in menu
• custom 404 page
• basic SEO support
  • custom title, keywords and description for each page
• [optional] functions.php file for loading your custom code
• note 1: functions.php file includes itself when you create it
• note 2: the location of functions.php file should be inside the current active theme folder (same location as theme.php)

from https://github.com/robiso/wondercms