Modern Self-Hosted PHP Blog Platform

Poly is a modern, self-hosted PHP blog platform engineered for developers, content creators, startups, and small teams who want complete ownership of their publishing system without the overhead of large frameworks or unnecessary dependencies.

Built entirely with vanilla PHP 8+ and MySQL, Poly delivers a clean MVC-inspired architecture, strict security standards, and a modular design that is easy to understand, extend, and maintain. There is no Composer, no Node.js, no build tools, and no hidden framework magic, just structured, readable code that works on virtually any shared hosting environment.

Poly was designed with long-term maintainability in mind. Every component, from authentication and permissions to media handling and templating, follows consistent patterns and best practices. The codebase is organized for clarity, making it ideal for developers who want full control over customization without fighting against a heavy framework.

The platform combines powerful publishing tools with enterprise-level security features. It includes granular role-based access control (RBAC), audit logging, strict upload validation, encrypted SMTP credentials, Content Security Policy (CSP) protection, rate limiting, and hardened authentication flows. Poly is built not only to publish content, but to do so securely.

On the frontend, Poly features a Blade-inspired template engine that allows developers to create modern themes using familiar syntax like @extends, @section, and @include. Templates can be swapped or redesigned without modifying backend logic, giving full creative freedom for building custom blog experiences.

The admin dashboard provides a clean and professional interface for managing posts, categories, tags, users, comments, media, and system settings. Advanced insights such as post popularity, reaction analytics, activity feeds, and content distribution statistics give administrators meaningful visibility into site performance.

Whether you are launching a personal blog, a content-driven startup, a knowledge base, or a niche publishing platform, Poly gives you the flexibility of a custom-built system with the simplicity of a plug-and-play solution.

Upload, install through the guided web installer, and you are ready to publish, fully self-hosted, fully customizable, and fully under your control.

Key Features

Rich Content Editing

• WYSIWYG editor with full formatting support
• Multi-category and multi-tag post organization
• Featured images integrated with the media library
• Draft and publish workflow
• Auto-generated SEO-friendly slugs
• Per-post comment enable/disable toggle

Media Library

• Drag and drop uploads (JPG, PNG, GIF)
• Automatic EXIF metadata stripping for privacy
• Inline editor uploads without leaving the editor
• Media usage tracking and orphan detection

User Management & RBAC

• Granular role-based access control with 29 permissions
• Create unlimited custom roles (Admin, Editor, Author, Moderator, etc.)
• Per-action permission checks across the entire admin panel
• Admin-to-user impersonation for debugging and support

Comment System

• Nested and threaded comment replies
• Moderation queue with approve/reject workflow
• Optional login requirement for commenting
• Guest commenting with name and email
• Email notifications on approval or rejection
• Rate limiting and spam protection

Post Reactions

• Reaction system (like, love, wow, etc.)
• IP-based deduplication to prevent abuse
• Hashed IP storage for privacy protection

Admin Dashboard

• At-a-glance stats: posts, comments, users, media, categories, tags
• Most viewed posts, most reacted posts, and top authors
• Recent activity feed (posts, comments, media, users)
• Category and tag distribution insights

Site Settings

• Site title, base URL, timezone, and admin email
• SMTP configuration with AES-256-GCM encrypted password storage
• Registration toggle with configurable default role
• Comment policies (global toggle, login requirement, default status)
• Reverse proxy support (Cloudflare, Nginx)

Security

• CSRF protection on all forms
• Bcrypt password hashing with automatic rehashing
• Content Security Policy (CSP) with per-request nonces
• Security headers: HSTS, X-Frame-Options, X-Content-Type-Options
• Session fixation prevention
• Rate limiting on login, registration, password reset, and comments
• Secure uploads: extension allowlist, MIME checks, magic byte verification
• Timing-safe authentication to reduce user enumeration risk
• Audit logging for admin actions

Blade-Inspired Template Engine

• Escaped output: {{ }} and raw output: {!! !!}
• Layouts: @extends, @section, @yield
• Partials: @include
• Control structures: @if, @foreach, @isset, @empty
• Swap templates without touching backend PHP logic

Zero-Dependency Installation

• No Composer, npm, or build step
• Web-based installer with 6 guided steps
• Auto-generates a secure application secret
• Creates the database schema automatically
• Runs on shared hosting (PHP 8.0+ and MySQL)

Requirements

• PHP 8.0+
• MySQL 5.7+ or MariaDB 10.3+
• Apache with mod_rewrite
• Extensions: pdo_mysql, mbstring, gd, openssl, fileinfo

What’s Included

• Full source code (unencrypted)
• Web-based installer
• Database schema (SQL)
• Default blog template
• Admin panel template
• Complete HTML documentation
• Bundled PHPMailer library