⚠️ END OF LIFE NOTICE: Pico CMS is no longer maintained. No security updates are available. For new projects, consider actively maintained alternatives like Grav CMS, Typemill, HTMLy, or Automad.
Pico CMS should be configured for flat-file repository security and template/plugin risk reduction.
Pico uses configuration files in the site root:
| File | Purpose | Location |
|---|---|---|
config/config.php |
Main configuration | Site root |
config/config.yml |
YAML configuration (alternative) | Site root |
Edit config/config.php for core settings:
<?php
$config = [
// Site settings
'site_title' => 'My Pico Site',
'base_url' => 'https://example.com',
// Content settings
'content_dir' => 'content',
'content_ext' => '.md',
// Theme settings
'theme' => 'default',
'twig_config' => [
'cache' => 'cache/twig',
'debug' => false,
'auto_reload' => true,
],
// Plugins
'plugins' => [
// Enable/disable plugins
],
];
Content files use YAML front matter for metadata. Example content/index.md:
---
Title: Welcome Page
Description: My first page
Author: John Doe
Date: 2026-02-11
Tags: [welcome, intro]
Robots: index, follow
---
Page content in Markdown goes here...
Set correct file permissions for security:
# Directories: 755
find /var/www/picocms -type d -exec chmod 755 {} \;
# Files: 644
find /var/www/picocms -type f -exec chmod 644 {} \;
# Config files: 644 (read-only by web server)
chmod 644 /var/www/picocms/config/config.php
# Content files: 644
chmod 644 /var/www/picocms/content/*.md
# Set ownership (adjust for your web server)
sudo chown -R www-data:www-data /var/www/picocms
Back up:
Recovery test:
Every deployment is unique. We provide consulting for:
Get personalized assistance: office@linux-server-admin.com | Contact Page