alex sysoef

3 Reasons NOT to Use Fantastico For WordPress

wpfantastico.jpgIn this post I will go against the flow and present my case AGAINST using Fantastico for WordPress install and upgrade. This will also address multitude of questions I receive on why my Web 2.0 Wealth product doesn’t take advantage of this method.

I want to show you exactly WHY I think Fantastico does more damage to you then it has benefits, provide you with 3 reasons NOT to use Fantastico for WordPress and perhaps help you learn how to avoid the problems you might experience as result…

Now this article will not apply to you if you are simply using a default WordPress install with one of the themes that comes with it, completely unmodified and NO plugins. Perhaps even with minimum number of plugins and well supported theme you can quite easily enjoy the benefits Fantastico provides.

Yes, I said benefits because in particular case above Fantastico serves as an ultimate time saver by removing all complexity from WordPress install and upgrade, assuming your host is staying up to date with latest releases. However…

  • If you use multiple plugins, custom theme and actually trying to make your blog more interactive and engaging for your readers…
  • If you want to KNOW how WordPress works and be able to solve the problem as they come up…
  • If you plan to become a self-relying blogger…

You Should NOT Use Fantastico!

While I don’t claim to be an expert in how Fantastico works, my reasons provided in this article are based on personal experience and tests. Take them for what they are – personal technical opinion

Reason 1: Simplicity Creates False Sense of Security

Who doesn’t want to create a WordPress blog by simply filling out a few fields and couple clicks later have it up and running? Or what’s even better – upgrade the blog to latest secure version with ONE SIMPLE CLICK?

Yes, those are the options presented to us by Fantastico. In fact that simplicity alone perhaps responcible for allowing hundreds on technical novices to put their own WordPress blog on the web in a matter of minutes. That simplicity enabled multitude of people to have their own place to share thoughts, ideas, exchange opinion or simply give it as is! And yet, I state that…

  • This Simplicity Creates False Sense of Security!

While install of the blog part I can understand – Upgrade of WordPress through Fantastico is an ABSOLUTE EVIL! It might work for you once without any glitch, twice or however many times it might be but there will come a time when you click that Upgrade button only to learn few minutes later that your blog is a total mess!

And to make the matter even worse – EVERYONE can see that mess and you HAVE NO CLUE how to fix it. That is because from the very start you have chosen the path of least resistance and avoided learning process that comes with install of the blog and its initial setup. Simplicity of the install process and perhaps subsequent successful upgrades drove you to believe that it will ALWAYS be so and you have no need to know the inner workings of the platform you are using.

I know that it might seem intimidating but I highly recommend you get to know the platform you are using and with great documentation already available that covers every aspect of install and upgrade it is a lot simpler than you think! KNOWLEDGE is the power that will enable you to avoid the problems or fix them as they come up. Which brings us to second reason…

Reason 2: Upgrade Process Is Incomplete!

And before I get blamed for making false statement I want to quote one part from official WordPress Upgrade guide…

Note that during the upgrade process access to your blog may not work for your visitors. You may consider a plugin like Maintenance Mode.

Step 0: Before You Get Started

  • Just in case something goes wrong, make sure you have a backup. WordPress_Backups is a comprehensive guide.
  • Deactivate your plugins. A plugin might not be compatible with the new version, so it’s nice to check for new versions of them and deactivate any that may cause problems. You can reactivate plugins one-by-one after the upgrade.

Please note above the recommendation for Maintenance Mode and Deactivation of plugins. While I know for 100% that Maintenance Mode plugin is not part of default install and you have to get it in and activated and as such that recommendation is completely bypassed by Fantastico my knowledge with Plugins Deactivation is based on couple test upgrades I have done myself. In each case I didn’t see this step to be completed!

While in many cases this might not be an issue – major update to WordPress core often changes function calls as was the case with WordPress 2.3 and makes SOME plugins incompatible. Failure to deactivate them PRIOR to upgrade will lead to whole bunch of errors thrown on the screen and since Maintenance Mode was not activated – present it to your visitors and readers. How does that reflect on your professionalism? While your regular readers more then likely will understand – is that something you want to present your first time visitors with?

To make matters even worth – bad plugin might make your blog completely unavailable for login to admin interface and deactivate the offender! And since you made a decision to AVOID learning more about your platform of choice – more then likely you have no clue that solution is as simple as navigating through cPanel File Manager (or via FTP client) to /wp-content/plugins/ and simply renaming the plugin that throws errors to effectively deactivate it! But you wouldn’t know it – would you?

Which brings us to last and yet very important reason…

Reason 3: Upgrade Doesn’t Include Plugins and Theme

This is the last point I want to make and yet its importance should NOT be overlooked. As I have mentioned above major upgrade, such as one coming in March (2.5) generally includes drastic changes to the code. I have described some strategies you can use to make the process as painless as possible in my post “WordPress 2.4 Skipped, What Should You Do?” and steps within can be applied to any version.

But the point I want to make here is that official WordPress documentation should include one more step right before Step 3 and rename Step3 into Step 4:

Step 3: Upgrade Your Theme and Plugins

  1. Visit your theme developer site and make sure any fixes available to your theme applied to your installation to make it work with latest core version.
  2. Check for updates available to plugins your blog currently using via Admin->Plugins and make sure they are compatible with new version. Update plugins once compatability verified using this video tutorial and activate them one by one, verifying your blog functionality after each activation.

Now you can move to what used to be Step 3: Do Something Nice For Yourself. Now you really deserve it!

I hope that my 3 Reasons NOT to Use Fantastico For WordPress install and upgrade explain my personal take on the process and answer the questions I receive from people on Web 2.0 Wealth product. In fact I follow my own guidelines and provide my customers with a path that fully addresses concerns above, minus the complexity since I already do all the work and verify compatability prior to distributing upgrade.

Perhaps you don’t agree with my points and I would love to hear your feedback but either way – if I only managed to raise awareness and make you rethink you current strategy I consider my goal accomplished. Let me know what you think!

Tags: , , ,

About The Blog Author

Alex Sysoef is an IT Consultant, Internet Marketer and ProBlogger who shares his passion and knowledge of WordPress, SEO, Social Media and traffic strategies on his blog WordPress Howto Spotter. Connect on Twitter or Facebook

68 Responses to “3 Reasons NOT to Use Fantastico For WordPress”

  1. Alex,

    You are so right. I have the advantage of having worked with computers as a trainer for Apple Computer for 12 years. The solution to the problem you describe is KNOWLEDGE, and the best way to get that knowledge is from good instruction. You have provided that kind of instruction all along the way in your excellent videos, including how to users can utilize FTP to copy files to a their web site.

    Let me encourage your W2.0W readers to take the time to learn some of the simple tasks associated with maintaining their blogs. It isn’t all that complicated, and the aggravation it will prevent makes it well worth the effort. If you would like a brief video introduction on doing FTP on the Macintosh side, let me know. I would be glad to put something together for your Macintosh W2.0W users.

    Jerry Nielsen – Internet Income Alliance

  2. Sherif says:

    Alex
    Amazing, I was thinking to write a post similar to yours. :)
    What I wanted to highlight is that Fantastico uses the default wp_ for all wordpress tables as a prefix and this is dangerous no matter what version of wordpress you have.
    Malicious users can update your wp_options table or even delete data from any other table, if they know you table names.
    I have some customers in my hosting business and even me, who’s sites compromised for almost that reason alone.

    Sherif’s last blog post..Here is a Free Software that is Helping me Communicate Efficiently.

    • TheSpot-er says:

      Interesting point but correct me if I’m wrong – they have to be able to execute an sql query to do this form of update/change.

      If blog is kept up to date – that will effectively prevent this form of exploit but I do see your point.

  3. Bruce says:

    Great advice. I use this for the intial install of WordPress on a new domain, but after that its FTP for me. I don’t trust any script to effectively be able to upgrade something as complicated as wordpress easily. Its not that I’m saying the upgrade is complicated, just that by the time I’ve had a blog up a few months it has been modifed to the hilt.

    Bruce’s last blog post..Gorilla Link Love

    • TheSpot-er says:

      Thanks Bruce,

      That is exactly what I state and absolutely agree with you on:

      While install of the blog part I can understand – Upgrade of WordPress through Fantastico is an ABSOLUTE EVIL!

      Alex

  4. Charly says:

    Hi Alex,
    Yet another informative and helpful post. I always enjoy reading your posts. Being a newbie to the hosting world, I was really happy to use Fantastico to do my initial installs, but the 2.2.3 upgrade really threw me. I like to know how things work so I can fix my own problems, so your comments make sense.

    Thanks for taking the time to put your thoughts to paper!

    Charly
    http://arvoreentreasures.com/
    http://arvoreentreasures.com/blog

    Charly’s last blog post..What is Web 2.0 and Does It Work?

  5. vhxn.com says:

    Hi Alex , Thanks for the wonderful Lengthy post, I really enjoyed the post, I also agree with Charly I am also newbie to this blogging world , like me lots of newbies out there they also dont know how to install this complicated wordpress to self hosted blog for them Fantastico its really a useful one, sorry i dont know you agree me or not , once again thanks for the nice post

    Vhxn.com

    vhxn.com’s last blog post..Auctionads now moves to Shoppingads!

  6. sherif says:

    Yes, they can inject SQL through browser and even if you use the latest version of wordpress, a theme or plugin might have vulnerabilities that make them get to your tables.
    I wrote and strongly recommend any wordpress owner to change your table prefix.
    check it out here!

    sherif’s last blog post..Here is a Free Software that is Helping me Communicate Efficiently.

    • TheSpot-er says:

      Thanks for the link Sherif,

      It is definitely worth a second look … even though for SQL injection a would be hacker would need a vulnerable plugin and them and we all KNOW that WP developers write only secure code :D

      But on series note – I’ll have to reconsider my approach to this one …

  7. Wayne Liew says:

    I can see all the issues are regarding WordPress upgrade. I uses Fantastico to install my side blogs (not taking the risk of using it with my main blog) but I upgrade them using the Automatic WordPress Upgrade plugin to upgrade rather than the one-click upgrade.

    Wayne Liew’s last blog post..No Self Ping to Stop Internal Blog Posts Pinging

  8. Your spot on with this one. I have seen a lot of wordpress blogs get messed up because of a bad install from fantasico. I have used it to install wordpress – so I don’t need to setup the DB… However then I immediately upload the files by hand after fantiasico does it.

    This is of course better than the install godaddy does. Which are almost guaranteed to be broken.

    Matt Ellsworth’s last blog post..Google Maps Shows New Hampshire Results

    • TheSpot-er says:

      Yeah… I think it is common issue with any script responcible for mass installs. Considering how easy it is to do it manually and that it only takes a few extra minutes and goes long way toward learning Why Not Do It?

      As I have mentioned before – initial install is fine and I can actually easily recommend to any technical novice to get going but then learning should become part of blogging process. Unless you are paying someone to do it all for you and limit yourself in what you get …

      Alex

  9. bubazoo says:

    I’ve never had any issues upgrading wordpress via Fantastico. I do it thru SSH myself on my own blog. I don’t use subversion, subversion sucks, and you can’t use it if you don’t have root access to the server, but as a Freelance web designer, I find Fantastico extremely easy to upgrade and maintain client blogs, so I don’t have to mess with updating wordpress via FTP, which can be MAJORLY time consuming on hosts that don’t allow SHELL access at all. Besides, I’ve had issues worse then those described here, upgrading wordpress the “FTP way” so alot of times I prefer the Fantastico way. The only issue I’ve ever had, was forgetting to run the upgrade.php script, then you’ll run into problems, yeah, but if you do it right, it works just fine. I’ve upgraded many of my clients to 2.3 using Fantastico without any issues. like I said, I’ve had more issues with clients that don’t have Fantastico or SSH, which believe you me alot of webhosts are not allowing SSH no more for some stupid reason, so FTP is the ONLY way in those situations, and I tell you, upgrading wordpress using FTP is a pain in the “you know where” most of the time. I get individual files that fail to upload, or files that should have been uploaded in ASCII format instead of binary, or vise versa, and believe you me, it causes more problems then Fantastico method does.

    • TheSpot-er says:

      Thanks for your input – everyone has their own opinion based on what works best for them. I appreciate you sharing your experience as it gives people a different perspective on the process.

      Alex

      • Stuart L says:

        I abandoned using Fantastico after the first similar read several years ago. I don’t understand everyones issues with FTP. All you have to do is bring in the new build in zipped form and unpack it on the server. I take double precautions and drag all my working directories into a folder while I do this and yes it takes my site down for 10 minutes. After I unzip it, I copy the correct folders back onto the root and I’m up. This also allows me to have my last good known files safely tucked away should I have an issue later.

        Bottom line on this great post, how can you be enthusiastic about a great product if the internal working of it are foreign to you? I’ve escaped disasters many times by being forced to learn.

        Good job here.
        .-= Stuart L´s last blog .. =-.

  10. Miriam says:

    I’m with bubazoo – Fantastico is a life saver. As he said, uploading zillions of files via FTP is a nightmare. There’s always one file that gets left behind, and then go figure out which one it is! I also manage multiple client sites, and WordPress makes the installation process a matter of minutes rather than hours (FTPing), and upgrade is a cinch.

    You’re right that people should know about the innards of WordPress, but once you do know that, why not make your life easier and use Fantastico?

    Miriam’s last blog post..10 steps to a more splog-free WordPress blog

    • TheSpot-er says:

      Miriam,

      We all have our takes. My reason on Why not to use Fantastico stated above and I appreciate you express your opinion. I never expected everyone to agree with me :) although I continue to stay with my initial statements – I don’t recommend it for upgrades.

  11. spostareduro says:

    I had the worst experience of my blogging life wit h Fantastico! That’s how I found this post..I was Googling about security issues and WordPress, etc..anyway..

    My host rep told me “oh just 1 fing click’ to upgrade…

    I clicked (ok, a couple clicks, same difference)..I returned to WP admin to see that it hadn’t upgraded at all. But it SCREWED UP MY WHOLE BLOG!! They are behind the times with their update versions (still at 2.3.2, which is what I had to begin with that got me hacked..long story but I am posting about that as soon as I leave this message to you)

    All I had left of my blog posts after the supposed upgrade were shells or ghosts of where my posts used to be! When the titles were clicked on, it took you to a shell of what my 404’s should be! EVERY ONE OF THEM.

    I wish I had seen this post before I relied on those jerks for the upgrade. I finally upgraded manually to the newest 2.3.3..Hopefully THIS version won’t be hacked like 2.3.2..

  12. Fairuz talib says:

    Let me add another reason.

    If you use a non latin character e.g. Arabic, forget Fantastico. It will use Latin1 as MySQL charset. I tried to change it to UTF8 to support Arabic, but it did not work. Finally i reinstalled it manually, and everything works fine.

    The same goes to other script. My customer installed Moodle and ended up with the same problem.

    Fairuz talibs last blog post..Moving DLGuard Installation to Another Server

  13. Good points. For me it’s been about a 50/50 as far as using Fantastico or manual install for my WP blogs. But then, I am pretty intermediate/advanced when it comes to WP.

    You do bring up some good points especially how it would really leave the novice, non-techy person in the dark when some glitch happens with the themes or plugins, or even during a version update. Hopefully if they were lazy, it’s during a crisis time as such that they spend the time to understand WP and learn how everything really works?

    I think it’s a time saver to do the initial install from Fantastico, but everything after that, I do manually. Perhaps that’s at much as one should rely on Fantastico for, as far as WP is concerned.

  14. Well what should I say.. when everyone is telling to USE fantastico for wordpress, this is the first time I have seen someone saying to NOT USE it.

    I read your article 2 times and yes you have made some genuine and logical points. I never think that way.

    Thanks for your post.

    Gauravs last blog post..Nokia 5800 XpressMusic

  15. Liz Jamieson says:

    I am debating whether to teach people to install and upgrade WordPress using Fantasico. My gut feeling was not to. I found your article and think it sums up all the reasons why not perfectly. This line says it all : “Simplicity Creates False Sense of Security”. This is so true of many aspects of the easy web culture. All right for some, but not for those who want more and who also need control.

    Liz

    Liz Jamiesons last blog post..Getting Started With CodeIgniter – 2

    • TheSpotter says:

      Thanks Liz,

      Unfortunately I agree with you, when complex scripts are too simple to install – always look for the downside. In case of fantastico it is a security, not something I’m personally willing to sacrifice.

Trackbacks/Pingbacks

  1. 3 Reasons NOT to Use Fantastico For WordPress…

    In this post I will go against the flow and present my case AGAINST using Fantastico for WordPress install and upgrade. This will also address multitude of questions I receive on why my Web 2.0 Wealth product doesn’t take advantage of this method.

    I…

  2. [...] previous post of the reader’s link will be on the comments made by the readers. When I comment to Howtospotter I came to know about this plugin [...]

  3. [...] Sysoef wrote about it here, to read more click here to visit his [...]

  4. [...] is a really cool script management system that your web host should probably provide.  I’m giving up on Fantastico, though, because it takes a long time for it to notice [...]

  5. [...] before I even begin talking about security – I want to make my case AGAINST Fantastico installation. While it will work fine for most people and simplifies the process – it leaves you more open to [...]

  6. [...] varias páginas que explicaban que no se debe NUNCA instalar WordPress usando fantastico. La explicación de que da una falsa sensación de facilidad [...]

  7. Never realised Fantastico was so bad for auto-installing software on your host server. Kinda makes sense though: http://bit.ly/90TG37

Leave a Reply

Comment Guidelines: All your links are DoFollow links. No Keywords In Name. No inappropriate or offensive comments. No links to inappropriate or offensive sites. Comments must contribute to the discussion. ALL SPAM DELETED!

Comments Manually Approved prior to appearing!

CommentLuv badge

Notify me of followup comments via e-mail. You can also subscribe without commenting.