How to Export and Import a WordPress Blog

Changing your web host is probably not something you do for fun, but if you are unhappy with your current host or have found a better one, there is no reason for you to suffer, when there is something better out there. If you have a WordPress blog, you will need to move it and most likely want keep all of the posts. Follow these simple steps.

1. Login to WordPress
2. In the left column, expand the “Tools” section
3. Click “Export”
4. Click the “Download Export File” button and save the xml file to your computer.
5. Install WordPress on your new hosting account.
6. Login and Click “Tools”
7. Click “Import”
8. From the list, choose the last option: WordPress.
9. Click “Choose file” to select the import file, and find it on your computer.
10. Finally, click “Upload file and import”.

With that you will have successfully moved your WordPress blog. If you had a custom theme, you will also need to copy that separately. Otherwise, you are all finished.

Photo Source: Wikimedia Commons

Chinese hackers implicated in CMS hack attack

According to reports, Chinese hackers have infiltrated a number of WordPress and Joomla sites hosted by Go Daddy. The sites are still under attack today as the cyber criminals exploit vulnerabilities in outdated scripts.

The hackers are uploading malware to the sites, which visitors to the sites have been prompted to download. Network Solutions experienced a similar problem several weeks ago.

It is always important to keep CMS’s and other scripts up-to-date. This situation isn’t so much Go Daddy’s fault as the customers’ for failing to update their installations. However, Go Daddy’s large size also makes it an attractive target for hackers.

Photo | simonok

User scripts, plugins, extensions, and security

When operating a dedicated server with more website users than just yourself, you always run the risk of getting attacked because of a security hole in a user-installed script. That situation is now compounded by the fact that users also install plugins and extensions for their blogs and content management systems like WordPress and Joomla.

Are extensions and plugins a security risk? How can you make sure they do not hurt other users or the server? Like with any security issues, there are general precautions you can take.

1. Make sure the user has no additional privileges outside of his or her chroot environment.
2. Remind users to check the permissions on scripts so that attackers cannot use them to piggyback onto another system.
3. Do not allow root login under any circumstances.
4. Keep an eye on logs to see if any scripts are behaving unusually.
5. Disable scripts with known problems, and direct users to viable alternatives.

How to secure your WordPress installation

Yesterday, news sources and blogs announced that WordPress blogs hosted by Network Solutions were being hacked. The website owners’ credentials were stolen, and then the sites were used to redirect thousands of visitors to websites that distributed malware. Apparently, WordPress’ configuration file, called wp-config.php, stores the user’s database password in plain text. Even still, attackers would not have access to the file if the right permissions are set. The hacked sites had configuration files that were readable by the outside world, including site visitors.

Because the attack exploits user error rather than an actual bug in the WordPress code, it is important to make sure that yours or your customers’ WordPress-based sites are secure. The first thing you can do is to chmod wp-config.php to 640, which means any outside site visitors will be completely denied.

chmod 650 wp-config.php

The second is to deny access using your .htaccess file, since no one who accesses the webserver will actually need access to the file under any circumstances.

# to protect wp-config.php

order allow,deny
deny from all


That is essentially all it takes and is actually more than is probably necessary to keep everything secure.
Warning: Some web hosting providers provide automated scripts to install WordPress for you. Do not assume that those installations are automatically secure.

Photo Source: Wikimedia Commons

Blogging software roundup

Run a hosting site long enough and you are bound to encounter customers who want blogs. Even if you are a customer yourself, there is a good chance you will want a blog. You could get a free one from WordPress or Blogger, but having your own domain for it just makes sense if you want something professional looking.

WordPress – The company that offers free service also offers their blogging software as free and open source PHP code. It is easy to install and maintain.

Livejournal – The old kid on the block, Livejournal was a perl-based blogging software with a big following.

Moveable Type – Another perl-based blogging app that is very popular.

Drupal – This blogging software/CMS is uniquely known for its easy scalability. Create a blog for one or hundreds.

Serendipity – I have personally never used this one and know little about it, but it seems to offer a good host of features.

There are many others and no shortage of free and paid hosted solutions. In a future post, we will compare some of their features.

Photo Source: Flickr

WordPress.com blog hosting suffers outage

The WordPress.com blog hosting service suffered a two-hour-long outage today. The downtime had nothing to do with the WordPress CMS, but instead rendered the 10 million sites using its free blog hosting service unavailable.

The cause of the outage is still being investigated, but right now it seems as though one router caused all the ruckus. Apparently someone at one of the four data centers where WordPress rents space made a configuration change to a core router. This not only blocked off access to the blogs at that particular facility, but the other three data centers as well.

Photo | ozdv8

Web hosting provider script and CMS installation

Many web hosting companies offer free script and CMS installation. In most cases, the installation is automatic and done through the host’s control panel system. For example, users of cPanel might have an option for Fantasico De Luxe, which installs a number of web applications, such as Joomla, WordPress, and OS Commerce.

There are a few things you should consider when using such services:

1. Does the provider’s service provide updates for the scripts?
2. Are they standard installs that can be modified the same way a manual install would?
3. Is the software open and common so that if the user decides to leave that host, they can take their data and design elsewhere?
4. What type of the support does the host offer for these third-party packages?

Depending on the answers to these and other questions, you may decide to use your web host’s services or install the applications you need on your own.

Joomla vs WordPress

Question: I’m torn between two content management systems (CMS). Should I choose Joomla or WordPress?

Answer: There are hundreds of content management systems and tens of really good ones, but two very popular ones: Joomla and WordPress, are often highlighted. The truth of the matter is that there are benefits and drawbacks of both, and the one that will work best for you mostly depends on your needs and preferences.

Joomla is a large multi-functional CMS that is highly extensible and very customizable. Your website could be anything from a storefront with an ecommerce shopping cart to photography portfolio featuring a gallery of your work. The frontend, templates, and arrangement of modules are all subject to your imagination. It can also function as a blog or news magazine, but in that category it is a sloppy second to WordPress.

WordPress was primarily created as a blogging application. Since then, however, it has grown into a full-featured news creation and management tool. With it you can have a single user blog or a multi-user site complete with user bios, advertisements, etc., all extended through the plugin interface. Installation, setup, and extending of WordPress has become very easy, arguably easier than Joomla, and WordPress suits those who do not need all of the extra bells and whistles of Joomla.

WordPress acquires world's only two-letter .me

WordPress is best known as the world’s most popular blogging platform. Now it’s the owner WP.me, the only two-letter .me domain in the world.

The name will be used for a free URL redirection service for bloggers hosting on the WordPress site, similar to Bit.ly on Twitter. WordPress not only makes a great CMS, but also provides free subdomain hosting for blogs.

WordPress was able to obtain the name through a special agreement with the .ME registry. Most domain operators do not allow the sale of names under three letters.

WP.me seems to have been given as a gift, which was probably a good PR move for .ME. WordPress’s use of the domain will likely give the extension some much-needed attention.

Source | The Domains

The Database Dilemma

One feature some consumers forget to look over before signing up for a hosting package is the number of MySQL databases offered. The most common type of database, MySQL is required to use any of the most popular blogging or CMS platforms.

One clever trick hosts use to keep usage down is limit the number of MySQL databases a customer can use. It’s not uncommon for entry-level hosting plans to have only one or possibly no databases. Because each CMS or blog installation requires a separate database, a limit on MySQL limits the number of sites you can run. Hosts may also achieve the same effect by restricting the number of domain names that can be added to an account.

Before signing up for a hosting package, make sure you have enough databases. Higher-end plans will give you at least 10. Of course, you can always use static HTML instead to get around a MySQL limit, but most hosters these days prefer the ease of use offered by a CMS.