thelia
Thelia is an open-source PHP e-commerce platform for building and managing online stores and content. Built on Symfony 6.4, it supports PHP 8.2/8.3 and MySQL 5.6+, with active maintenance and a modular architecture.
Key facts
Objective fields from the source. Values we can't verify are shown as “Unknown” rather than guessed.
| Field | Value |
|---|---|
| Repository | thelia/thelia |
| Owner | thelia |
| Primary language | PHP |
| License | GPL-3.0 — OSI-approved |
| Stars | 877 |
| Forks | 314 |
| Open issues | 81 |
| Latest release | 2.6.0 (2025-11-17) |
| Last updated | 2026-07-03 |
| Source | https://github.com/thelia/thelia |
What thelia is
A GPL-3.0 licensed Symfony-based e-commerce framework written in PHP, featuring modular design, CLI installation tools, Docker support, and compatibility with modern PHP/MySQL stacks. Latest release 2.6.0 (Nov 2025) targets PHP 8.2/8.3 with Symfony 6.4.
Get the thelia source
Clone the repository and explore it locally.
git clone https://github.com/thelia/thelia.gitcd thelia# follow the project's README for install & configurationNeed it deployed, integrated, or customized instead? DEV.co ships production installs.
Best use cases
Implementation considerations
- Requires PHP 8.2+, MySQL 5.6+, Apache 2 or Nginx; PDO_MySQL, OpenSSL, intl, gd, curl, DOM extensions mandatory; memory_limit ≥128M (256M preferred).
- MySQL strict mode (STRICT_TRANS_TABLES) must be disabled; non-standard SQL compatibility may surface during upgrades.
- Archive builders (zip, tar, tar.gz, tar.bz2) need external PECL extensions and php.ini tweaks; adds operational surface area.
- Development repo vs. production project: use thelia/thelia-project or thelia.zip for deployments; this repo is core development only.
- Installation paths: web wizard, CLI (php Thelia thelia:install), or Composer; Docker provided for dev only—production deployments require external orchestration.
When to avoid it — and what to weigh
- GPL-3.0 license incompatibility — If your stack or derivative works cannot be GPL-3.0 compliant (e.g., proprietary code must link against Thelia), this platform creates legal friction; commercial use requires careful copyleft review.
- Rapid time-to-market with minimal DevOps — Thelia requires manual configuration (vhosts, PHP extensions, MySQL tuning, archive builders), Docker support is dev-only, and no managed hosting is mentioned; unsuitable for click-to-deploy scenarios.
- Legacy PHP 5.x or PHP 7.0–7.1 environments — Thelia 2.6 requires PHP 8.2+; older versions (2.3–2.5) support older PHP but are no longer primary targets; migration path is non-trivial if stuck on legacy runtimes.
- Enterprise SaaS multi-tenancy out-of-box — No evidence of built-in multi-tenancy, role-based access control, or audit trails mentioned in README; single-instance focus means custom development for SaaS scenarios.
License & commercial use
Licensed under GNU General Public License v3.0 (GPL-3.0). This is a strong copyleft license: any derivative or linked work must also be GPL-3.0 and source-available. Commercial use is permitted, but all modifications and distributions must comply with GPL-3.0.
Commercial use is legally permitted under GPL-3.0, but with mandatory conditions: source code must remain open, modifications must be shared under the same license, and you cannot impose restrictions on end-users' rights. If your business model or tech stack is incompatible with copyleft, seek legal review before adopting. No commercial support or licensing exemption is mentioned.
DEV.co evaluation signals
Editorial assessment — not user reviews. Directional, with an explicit confidence level.
| Signal | Assessment |
|---|---|
| Maintenance | Active |
| Documentation | Adequate |
| License clarity | Clear |
| Deployment complexity | Moderate |
| DEV.co fit | Good |
| Assessment confidence | High |
No security posture statement, vulnerability disclosure policy, or audit reports visible in README. GPL-3.0 transparency allows code review, but no formal security certifications or penetration test results mentioned. Admin interface secured by UI (not detailed); no evidence of OAuth, SAML, or MFA. MySQL strict mode misconfiguration can leak logic errors; PHP extension requirements (openssl, intl, gd) are baseline. Requires review of current CVEs, dependency audits, and auth mechanisms before production use.
Alternatives to consider
WooCommerce (WordPress)
GPL-2.0 licensed, larger ecosystem, lower DevOps overhead, but less modular core and vendor lock-in to WordPress.
Magento/Adobe Commerce
Enterprise-grade, proprietary licensing, hosted or on-prem, extensive integrations, but significant cost and complexity.
Sylius (Symfony-based)
Modern Symfony 6.x stack, MIT licensed, API-first, headless-friendly, but smaller community and earlier maturity curve.
Build on thelia with DEV.co software developers
Our engineers can assess GPL-3.0 compliance, design a modular architecture, and plan a Symfony-based deployment. Let's discuss your requirements.
Talk to DEV.coRelated open-source tools
Surfaced by semantic similarity across the DEV.co open-source index.
Related on DEV.co
Explore the category and the services that help you build with it.
thelia FAQ
Can I use Thelia commercially?
What PHP/MySQL versions does Thelia 2.6 support?
Is production Docker support included?
Where do I find modules and integrations?
Custom software development services
Adopting thelia is usually one piece of a larger software development effort. As a software development agency, DEV.co provides software development services and web development expertise — pairing senior software developers and web developers with your team to design, build, and operate open-source ecommerce software in production.
Ready to evaluate Thelia for your e-commerce stack?
Our engineers can assess GPL-3.0 compliance, design a modular architecture, and plan a Symfony-based deployment. Let's discuss your requirements.