Craft CMS has quickly become a top choice for building modern, content-driven websites. But before diving into development, it's crucial to fully understand Craft's requirements to ensure proper installation, configuration, and performance. This definitive guide covers all the key system, software, and environment requirements for Craft CMS. Read on to learn essential details like PHP and database versions supported across Craft editions, hosting considerations, security best practices, and optimization techniques to deliver fast, scalable sites. With this comprehensive overview, you'll gain the expertise needed to confidently match servers and infrastructure to Craft's specifications. By meeting Craft's requirements, you empower yourself to build dynamic sites that thrive.

Craft CMS requires PHP 7.4+, MySQL 5.6+, and modern evergreen browsers. It benefits from performance optimizations like Redis caching, CDNs, and image compression. Paid licenses unlock the full capabilities needed for commercial sites. Robust deployment practices involving version control, dependency management, and consistent server configuration aid in launching projects successfully.

Server Requirements for Craft CMS

PHP Version Requirements

Craft CMS requires PHP 5.6 or later to run. The latest versions of Craft 2 support PHP 5.6 to 7.2. Craft 3 has wider compatibility, supporting PHP 7.0 to 8.0.

It is recommended to use the latest PHP version for optimal performance and security when running Craft CMS. PHP 8.0 or 7.4 are ideal choices currently. Avoid outdated versions like PHP 5.6 and 7.0 if possible, as they lack security patches and modern language features.

When upgrading PHP versions on your server, check Craft CMS system requirements to ensure compatibility. Some minor version updates like PHP 7.3 to 7.4 may not require Craft CMS or plugin updates, while major jumps like PHP 7.2 to 8.0 will need Craft CMS core and plugin testing before launch.

Database Server Requirements

Craft CMS works with MySQL 5.6+ or MariaDB 10.0.5+ for the database server. MariaDB 10.1+ is recommended for full UTF8MB4 support. MySQL 8.0 and MariaDB 10.5 are great current options.

Some key database configuration tips for optimal Craft CMS performance:

Use the InnoDB storage engine rather than MyISAM.
Set the SQL mode to "STRICT_TRANS_TABLES,NO_ENGINE_SUBSTITUTION".
Enable the Query Cache if possible.
Assign adequate RAM to handle site traffic.
Avoid expensive queries and use database indexes wisely.

Also ensure your MySQL/MariaDB user has privileges to create and modify databases, especially during Craft CMS installation.

Web Server Requirements

For the web server software, Craft CMS is compatible with Apache 2.2+ or Nginx 1.0+. Configuring these for optimal Craft performance involves:

Enabling PHP handlers like mod_php on Apache or php-fpm on Nginx.
Allowing custom .htaccess rules on Apache or equivalent Nginx rewrite rules.
Setting adequate PHP memory limits and timeouts.
Caching static assets and database object caching.
Enabling Gzip compression.

Nginx can provide faster static file serving compared to Apache in benchmarks. But Apache may have an edge in PHP performance with mod_php integration. For hosting, ensure your provider easily allows custom server configuration for Craft requirements.

In summary, use the latest PHP 8.0+ and MySQL/MariaDB versions for best Craft 3 performance today. Apache or Nginx will both work well optimized. Follow Craft's requirements and regularly update components for optimal stability, speed and security.

PHP Requirements for Craft CMS

Required PHP Extensions

For Craft CMS to function properly, there are a handful of PHP extensions that must be installed and enabled on the server. The most critical ones are PDO, GD, Ctype, MBString, JSON, OpenSSL, and cURL. PDO allows Craft to connect to the database for content storage and retrieval, using MySQL or PostgreSQL drivers. GD provides the image manipulation capabilities that are core to Craft's asset processing and image transforms. Ctype enables correct string and character handling for things like slug generation from titles. MBString adds multibyte UTF-8 string support, vital for non-ASCII content. JSON encoding and decoding is utilized in various APIs and data exchanges within Craft. OpenSSL gives access to cryptographic functions like password hashing. And cURL allows Craft to make HTTP requests to external services and APIs.

Without this foundational set of extensions activated in the PHP setup, Craft CMS simply will fail to work as intended. They provide the basic PHP functionality that the system relies on for its core feature set. Craft developers absolutely require them to be present for building a smooth user experience.

Recommended PHP Extensions

Beyond the mandatory extensions, there are some other PHP extensions that are strongly recommended for enabling full functionality and optimal performance with Craft CMS. Imagick provides superior image processing capabilities over the basic GD extension, allowing advanced image edits and PDF thumbnail generation. The Zip extension enables zip and unzip operations for compressed archives, which is utilized when installing plugins and modules.

OPcache offers caching of precompiled PHP scripts into bytecode for faster execution. Redis facilitates caching and background queue processing to boost site performance. The Intl extension adds useful internationalization functions missing from the base PHP install, enhancing localization abilities. And the Exif extension allows reading detailed image metadata like orientation, improving the quality of image transforms.

While not 100% required, having these additional extensions available unlocks Craft's full feature set, maximizes security protections, and accelerates page loads for a smoother experience. They are definitely worthwhile for developers to install on hosting environments that permit custom PHP configurations. The payoff is getting the complete range of capabilities and speed that Craft CMS offers.

PHP Configuration Settings

Apart from installed extensions, some key PHP configuration settings also need to be tuned for optimizing Craft CMS installations. Bumping up memory_limit to 256MB or higher gives headroom for memory-intensive operations on complex sites. Increasing post_max_size and upload_max_filesize to 64MB or beyond accommodates larger assets and entries being uploaded. Raising max_execution_time can help avoid timeout issues for longer running requests, if permitted by the hosting provider.

Settings like error_reporting and display_errors should be toggled - enabled for development to catch all warnings, but disabled on production sites. The date.timezone ini setting must be explicitly set to the desired timezone for correct datetime handling. Opcode caching via opcache can dramatically accelerate PHP execution if available. Adjusting values for these and other PHP settings based on project-specific needs can significantly improve Craft's functionality, security, and page load speeds.

Craft CMS Version Requirements

Craft 2 Requirements

Craft CMS 2.x has more modest server requirements, reflecting when it was initially launched. For PHP, versions 5.3.2 or later are supported. MySQL 5.1+ or PostgreSQL 9.5+ can be used for the database backend.

On the PHP side, Craft 2 needs less memory and supports running on lower 5.3-5.6 versions. But the downside is missing out on speed gains, security fixes, and modern PHP 7 language enhancements.

The database requirements are also dated. MySQL 5.5+ and PostgreSQL 9.5+ provide critical data integrity fixes over earlier versions. MariaDB and higher MySQL variants add useful new features as well.

So while Craft 2 itself will run on older stacks, best practices point towards using more up-to-date PHP 7.0+ and MySQL/MariaDB for better performance and safety. Regular security patching is strongly advised if opting for older components.

Craft 3 Requirements

Craft CMS 3 bumped the minimum requirements up considerably. It needs PHP 7.0 or newer, taking advantage of major speed, security and language improvements in modern PHP versions.

For the database, MySQL 5.6+ or MariaDB 10.0.5+ is required at a minimum. PostgreSQL 9.5+ remains supported. The database also needs to support UTF-8 4-byte sequences for full emoji support.

The forward-looking requirements of Craft 3 mean it can leverage the newest web tech features and improvements. But hosting needs to provide up-to-date PHP 7+ and MySQL/MariaDB versions to support this.

Regularly updating to the latest supported PHP and database releases ensures best performance and security. Craft 3 keeps pace with modern web technology standards.

Craft 4 Requirements

Craft CMS 4 is expected to release sometime in 2023. It will bump up the minimum PHP version requirement again, this time to PHP 7.4 or 8.0.

The database requirements may also increase, with MySQL 8.0 and MariaDB 10.4 becoming the new baselines. PostgreSQL 10+ should remain supported.

These upcoming requirements changes reflect the continual evolution of PHP and database technologies. By requiring newer releases, Craft CMS can utilize all the latest speed, security and developer experience improvements.

Some key things to expect in Craft CMS 4 - optimized code for PHP 8 performance gains, taking advantage of new PHP 8 data types and features, improved PostgreSQL support, and full UTF-8 coverage for global sites.

Staying current with the newest PHP and MySQL/MariaDB releases will be important for keeping pace with Craft CMS as it adapts to leverage the latest web technologies.

Front-end Requirements for Craft CMS

Browser Support Requirements

Craft CMS aims to provide a robust front-end experience across modern desktop and mobile browsers. For desktop, Craft officially supports the current and previous major versions of evergreen browsers - Chrome, Firefox, Safari, Edge.

For mobile, Craft supports the current iOS Safari and Android Browser versions, as well as Chrome on Android. Browsers without official support like IE11 can still technically work, but may have styling issues and degraded performance.

In terms of CSS, Craft sites can utilize flexbox, CSS Grid, and most modern web standards across these supported browsers. For any legacy browser compatibility needs, features like CSS autoprefixing and polyfill scripts can help fill the gaps.

When designing sites, focusing on Craft's officially supported desktop and mobile browsers ensures a consistent experience for the vast majority of users. Checking for edge case styling bugs and interactions in older browsers is still recommended.

JavaScript Requirements

JavaScript must be enabled in the browser for Craft's front-end editing and Control Panel functionality. Craft relies on modern frameworks like jQuery, Vue.js and React for interactivity.

The Craft setup process checks for known minimum browser capabilities like cookies, AJAX support, DOM manipulation etc. Without these JavaScript features available, the editing experience can't work properly.

Front-end form submission, live preview and other features also require JavaScript. For optimal use, the latest stable releases of evergreen browsers tend to fully meet these requirements.

Accessibility Requirements

Craft CMS helps developers build accessible sites that meet WCAG 2.1 criteria. Entries and pages have proper semantic markup output, with configurable ARIA roles. Images have alt text options, keyboard navigation is supported, and colour contrast can be controlled.

But developers need to utilize these included accessibility features and follow web standards best practices too. Things like setting up proper document structure, using semantic HTML tags, providing image descriptions, and testing with assistive devices.

Craft's flexible templating and entry modelling support building sites that are perceptible, operable, understandable and robust for all users. With its solid foundation and smart developer decisions, truly inclusive user experiences are possible.

Following web accessibility guidelines strictly, leveraging all of Craft's built-in capabilities, and testing thoroughly are key to maximizing the accessibility of Craft CMS sites. The system provides the framework and tools for an accessible project.

Security Requirements for Craft CMS

Transport Layer Security (TLS)

Using HTTPS with a valid TLS certificate is highly recommended for all Craft CMS installs to enable secure encrypted connections. TLS protects communication between the server and client.

Craft's Control Panel forces HTTPS, but the front-end site connection can be configured. It's best practice to enable HTTPS sitewide and redirect all HTTP traffic for optimal security.

Free certificates from providers like Let's Encrypt are suitable for most use cases. Commercial certificates provide extra validation and features like wildcard names. Auto-renewals keep the certificates from expiring.

Proper TLS configuration like using up-to-date cipher suites, enabling HTTP Strict Transport Security headers, and prioritizing speed versus compatibility optimizes the encryption strength.

With HTTPS and TLS properly set up, web traffic to and from Craft CMS instances gains protection against man-in-the-middle attacks and eavesdropping.

Password Security

Craft CMS uses the bcrypt password hashing algorithm with individual salts to securely store hashed password representations. This robust approach prevents decrypted passwords even in database breaches.

The system can enforce minimum password lengths and complexity requirements through configurable rules. Using a password manager enables strong unique passwords for all user accounts. Enabling two-factor authentication adds an extra layer of login protection.

Session handling, encryption keys rotation, IP address restrictions and other mechanisms provide further authentication security for accessing the Control Panel and logged in front-end.

Data Encryption

Sensitive Craft CMS data like passwords, API keys and session tokens are encrypted both at rest and in transit between the server and client. The system uses modern standards like AES-256 and OpenSSL for robust encryption.

Database connections can be encrypted for an added layer of protection against queries being compromised. Backups should also be encrypted before transferring off-site or to cloud storage.

With TLS connections, password hashing, database encryption and other security measures applied properly, Craft CMS data gains protection against compromise through breaches or interception.

Following security best practices in the server setup, user access policies, and data handling allows taking full advantage of Craft's encryption capabilities for robust defence across the stack.

Performance Requirements for Craft CMS

Caching Techniques

There are various caching techniques that can dramatically improve performance for Craft CMS installs:

Server-side caching via Redis or Memcached caches database queries, templates, and other processed data to avoid repeated expensive operations. Craft has built-in support for Redis optimizations.

OPcache provides opcode caching for faster PHP execution. Database query caching offers similar benefits. Varnish can be implemented for reverse-proxy caching of full pages.

On the front-end, browser caching of static assets through proper headers boosts performance. Fragment caching avoids repetitive component generation. CDN distribution also accelerates asset delivery.

For large sites, hybrid caching combining server and browser techniques works best. Tuning cache times and purge rules specific to site traffic patterns optimizes the impact.

Content Delivery Network (CDN)

Using a content delivery network (CDN) is highly recommended for Craft CMS installs serving significant media and static assets. CDNs distribute assets globally, caching them at edge locations closer to visitors.

This provides big performance gains through faster file transfers over shorter distances. It also saves server bandwidth demands. And resilience against traffic spikes and DDoS attacks improves.

Craft allows configuring CDN origins for both site media and static assets. Leading options like Cloudflare, Amazon CloudFront and Akamai are suitable. Integrations like Imager resizing can build CDN URLs.

The performance boost from distributed asset delivery is substantial, especially for image-heavy sites. CDN costs are relatively low, making them a smart investment.

Image Optimization

Optimizing images is critical for web performance, and Craft CMS sites often deliver lots of media. Best practices include:

Compressing images with tools like TinyPNG during uploads. Craft also compresses resized versions.
Resizing appropriately for layouts, not oversizing. Setting explicit dimensions avoids extra work.
Generating multiple smaller sizes using transforms for responsive delivery.
Lazy loading below the fold images to defer full asset transfer.
Using WebP and AVIF formats over JPEG/PNG where supported.
Adding width/height attributes to aid layout without blocking rendering.

Following image optimization guidelines enhances Craft CMS performance and provides better UX through faster loading pages. Combined with caching and CDN delivery, it makes a huge overall difference.

Licensing Requirements for Craft CMS

Personal vs Commercial Licenses

Craft CMS offers different licenses, both a free personal edition and paid commercial licenses. The personal edition can be used for testing, personal sites, and basic projects. But for client work and commercial use cases, a Pro or Business license is required.

The personal edition is fully-featured, but limits sites to only 500 pages and contacts. It also lacks white-label branding, multiple sites, user groups, and other key features needed for professional use.

Paid licenses unlock unlimited Craft CMS capabilities for building robust commercial sites and applications. They add essentials like white-label Control Panels, multi-environment management, unlimited pages and contacts, user groups with permissions, single sign-on integrations, and premium support.

For freelancers and agencies doing client work, Craft's commercial licenses provide the complete set of features, flexibility, and reliability required for successful business use.

License Costs

Craft CMS pricing: Craft CMS Pro licenses cost $299 per site initially, with discounts available for multiple sites. A yearly subscription is $159 per site. For unlimited sites across clients, the Pro Plus plan costs $999 annually.

The Craft Business edition aimed at large enterprises is $999 for the first production site license. Additional sites are $399 each. It comes with premium support and onboarding included.

For teams and organizations, volume discounts are available on bulk licenses. Non-profits also get 50% off normal pricing.

Free trial licenses can test Craft CMS initially before purchasing. Upgrades from Craft Personal to Pro or Business editions are priced based on the difference in cost.

Edition Upgrade Pricing

Upgrading from Craft Personal to a commercial edition is simply the cost difference between license types. So Personal to Pro is $299 initially for a single site, or $159 for yearly.

For multi-site clients, upgrading to Pro Plus from Personal is just the $999 annual plan price. Similar edition upgrade pricing applies for Business licenses based on the site count.

Converting existing Craft Personal test sites and projects to paid licenses for commercial launch requires only this edition upgrade payment, keeping data and setup intact. This allows smooth transition from trial to production use.

Pricing is proportional to the expanded feature set, resources, and support that come with paid Craft CMS licenses. Paying the edition upgrade cost unlocks robust capabilities for serious projects.

Deployment Requirements for Craft CMS

Version Control System

Using a version control system like Git is highly recommended for deploying code changes and managing Craft CMS across environments. Git facilitates:

Versioning of code changes so development adjustments can be tracked.
Branching workflows so new features can be isolated until ready.
Team collaboration allows code reviews and merging.
Reverting changes by restoring previous commits.

Popular Git servers like GitHub and GitLab integrate nicely. Repository management best practices like small commits, descriptive messages, branching strategies, and pull requests aid development.

Version control gives confidence for making, debugging, and deploying incremental code improvements. And DevOps coordination streamlines getting changes live across staging and production.

Dependency Management

The Composer package manager handles installing and updating PHP dependencies for Craft CMS. It maintains craftcms/cms and craftcms/crud packages plus plugins and libraries.

Running Composer updates and composer install pulls in the correct code versions across environments. This handles dependencies cleanly without git tracking the large vendor folder.

Configuration sets like minimum stability ensure consistency. Optimized autoloading improves performance. Parameter syncing manages environment configs.

Overall, Composer provides robust dependency and package management. It's the tool of choice for mainstream PHP deployment, eliminating much of the complexity.

Server Provisioning and Configuration

To launch successfully, staging and production servers must be provisioned to meet Craft's requirements consistently. The database, cache, web server, PHP runtime and other components need proper configuration.

Hardening measures like disabling unused ports, restricting user accounts, and enabling firewall rules should also be applied. Monitoring helps catch production issues early.

Migrations handle database schema changes between versions. Backups are taken regularly for disaster recovery. Settings sync between servers minimizes config drift.

The goal is to maintain a high-availability production environment optimized for Craft's resource needs and security protections. Testing on accurate staging servers prevents surprises when deploying. Consistent provisioning and procedures are key.