3 Reasons NOT to Use Fantastico For WordPress
In this post I will go against the flow and present my case AGAINST using Fantastico for WordPress install and upgrade. This will also address multitude of questions I receive on why my Web 2.0 Wealth product doesn’t take advantage of this method.
I want to show you exactly WHY I think Fantastico does more damage to you then it has benefits, provide you with 3 reasons NOT to use Fantastico for WordPress and perhaps help you learn how to avoid the problems you might experience as result…
Now this article will not apply to you if you are simply using a default WordPress install with one of the themes that comes with it, completely unmodified and NO plugins. Perhaps even with minimum number of plugins and well supported theme you can quite easily enjoy the benefits Fantastico provides.
Yes, I said benefits because in particular case above Fantastico serves as an ultimate time saver by removing all complexity from WordPress install and upgrade, assuming your host is staying up to date with latest releases. However…
- If you use multiple plugins, custom theme and actually trying to make your blog more interactive and engaging for your readers…
- If you want to KNOW how WordPress works and be able to solve the problem as they come up…
- If you plan to become a self-relying blogger…
You Should NOT Use Fantastico!
While I don’t claim to be an expert in how Fantastico works, my reasons provided in this article are based on personal experience and tests. Take them for what they are – personal technical opinion…
Reason 1: Simplicity Creates False Sense of Security
Who doesn’t want to create a WordPress blog by simply filling out a few fields and couple clicks later have it up and running? Or what’s even better – upgrade the blog to latest secure version with ONE SIMPLE CLICK?
Yes, those are the options presented to us by Fantastico. In fact that simplicity alone perhaps responcible for allowing hundreds on technical novices to put their own WordPress blog on the web in a matter of minutes. That simplicity enabled multitude of people to have their own place to share thoughts, ideas, exchange opinion or simply give it as is! And yet, I state that…
- This Simplicity Creates False Sense of Security!
While install of the blog part I can understand – Upgrade of WordPress through Fantastico is an ABSOLUTE EVIL! It might work for you once without any glitch, twice or however many times it might be but there will come a time when you click that Upgrade button only to learn few minutes later that your blog is a total mess!
And to make the matter even worse – EVERYONE can see that mess and you HAVE NO CLUE how to fix it. That is because from the very start you have chosen the path of least resistance and avoided learning process that comes with install of the blog and its initial setup. Simplicity of the install process and perhaps subsequent successful upgrades drove you to believe that it will ALWAYS be so and you have no need to know the inner workings of the platform you are using.
I know that it might seem intimidating but I highly recommend you get to know the platform you are using and with great documentation already available that covers every aspect of install and upgrade it is a lot simpler than you think! KNOWLEDGE is the power that will enable you to avoid the problems or fix them as they come up. Which brings us to second reason…
Reason 2: Upgrade Process Is Incomplete!
And before I get blamed for making false statement I want to quote one part from official WordPress Upgrade guide…
Note that during the upgrade process access to your blog may not work for your visitors. You may consider a plugin like Maintenance Mode.
Step 0: Before You Get Started
- Just in case something goes wrong, make sure you have a backup. WordPress_Backups is a comprehensive guide.
- Deactivate your plugins. A plugin might not be compatible with the new version, so it’s nice to check for new versions of them and deactivate any that may cause problems. You can reactivate plugins one-by-one after the upgrade.
Please note above the recommendation for Maintenance Mode and Deactivation of plugins. While I know for 100% that Maintenance Mode plugin is not part of default install and you have to get it in and activated and as such that recommendation is completely bypassed by Fantastico my knowledge with Plugins Deactivation is based on couple test upgrades I have done myself. In each case I didn’t see this step to be completed!
While in many cases this might not be an issue – major update to WordPress core often changes function calls as was the case with WordPress 2.3 and makes SOME plugins incompatible. Failure to deactivate them PRIOR to upgrade will lead to whole bunch of errors thrown on the screen and since Maintenance Mode was not activated – present it to your visitors and readers. How does that reflect on your professionalism? While your regular readers more then likely will understand – is that something you want to present your first time visitors with?
To make matters even worth – bad plugin might make your blog completely unavailable for login to admin interface and deactivate the offender! And since you made a decision to AVOID learning more about your platform of choice – more then likely you have no clue that solution is as simple as navigating through cPanel File Manager (or via FTP client) to /wp-content/plugins/ and simply renaming the plugin that throws errors to effectively deactivate it! But you wouldn’t know it – would you?
Which brings us to last and yet very important reason…
Reason 3: Upgrade Doesn’t Include Plugins and Theme
This is the last point I want to make and yet its importance should NOT be overlooked. As I have mentioned above major upgrade, such as one coming in March (2.5) generally includes drastic changes to the code. I have described some strategies you can use to make the process as painless as possible in my post “WordPress 2.4 Skipped, What Should You Do?” and steps within can be applied to any version.
But the point I want to make here is that official WordPress documentation should include one more step right before Step 3 and rename Step3 into Step 4:
Step 3: Upgrade Your Theme and Plugins
- Visit your theme developer site and make sure any fixes available to your theme applied to your installation to make it work with latest core version.
- Check for updates available to plugins your blog currently using via Admin->Plugins and make sure they are compatible with new version. Update plugins once compatability verified using this video tutorial and activate them one by one, verifying your blog functionality after each activation.
Now you can move to what used to be Step 3: Do Something Nice For Yourself. Now you really deserve it!
I hope that my 3 Reasons NOT to Use Fantastico For WordPress install and upgrade explain my personal take on the process and answer the questions I receive from people on Web 2.0 Wealth product. In fact I follow my own guidelines and provide my customers with a path that fully addresses concerns above, minus the complexity since I already do all the work and verify compatability prior to distributing upgrade.
Perhaps you don’t agree with my points and I would love to hear your feedback but either way – if I only managed to raise awareness and make you rethink you current strategy I consider my goal accomplished. Let me know what you think!
More Options Print This Post
 Subscribe With RSS Reader Subscribe by Email![[Post to Twitter]](http://www.howtospoter.com/wp-content/plugins/tweet-this/icons/tt-twitter.png){kind=icon} Tweet This PostFiled under WordPress |
Related posts |
Technorati: blog, blogging, fantastico, wordpress,
48 Responses to “3 Reasons NOT to Use Fantastico For WordPress”
Trackbacks/Pingbacks
-
3 Reasons NOT to Use Fantastico For WordPress…
In this post I will go against the flow and present my case AGAINST using Fantastico for WordPress install and upgrade. This will also address multitude of questions I receive on why my Web 2.0 Wealth product doesn’t take advantage of this method.
I…
-
[...] previous post of the reader’s link will be on the comments made by the readers. When I comment to Howtospotter I came to know about this plugin [...]
-
[...] Sysoef wrote about it here, to read more click here to visit his [...]
-
[...] is a really cool script management system that your web host should probably provide. I’m giving up on Fantastico, though, because it takes a long time for it to notice [...]
-
[...] before I even begin talking about security – I want to make my case AGAINST Fantastico installation. While it will work fine for most people and simplifies the process – it leaves you more open to [...]
-
[...] varias páginas que explicaban que no se debe NUNCA instalar Wordpress usando fantastico. La explicación de que da una falsa sensación de facilidad [...]
Alex,
You are so right. I have the advantage of having worked with computers as a trainer for Apple Computer for 12 years. The solution to the problem you describe is KNOWLEDGE, and the best way to get that knowledge is from good instruction. You have provided that kind of instruction all along the way in your excellent videos, including how to users can utilize FTP to copy files to a their web site.
Let me encourage your W2.0W readers to take the time to learn some of the simple tasks associated with maintaining their blogs. It isn’t all that complicated, and the aggravation it will prevent makes it well worth the effort. If you would like a brief video introduction on doing FTP on the Macintosh side, let me know. I would be glad to put something together for your Macintosh W2.0W users.
Jerry Nielsen – Internet Income Alliance
Jerry,
Thank you for comment! And yes, please do – I’m sure many people will greatly appreciate it! Please contact me for details
Alex
Alex
Amazing, I was thinking to write a post similar to yours.
What I wanted to highlight is that Fantastico uses the default wp_ for all wordpress tables as a prefix and this is dangerous no matter what version of wordpress you have.
Malicious users can update your wp_options table or even delete data from any other table, if they know you table names.
I have some customers in my hosting business and even me, who’s sites compromised for almost that reason alone.
Sherif’s last blog post..Here is a Free Software that is Helping me Communicate Efficiently.
Interesting point but correct me if I’m wrong – they have to be able to execute an sql query to do this form of update/change.
If blog is kept up to date – that will effectively prevent this form of exploit but I do see your point.
Great advice. I use this for the intial install of Wordpress on a new domain, but after that its FTP for me. I don’t trust any script to effectively be able to upgrade something as complicated as wordpress easily. Its not that I’m saying the upgrade is complicated, just that by the time I’ve had a blog up a few months it has been modifed to the hilt.
Bruce’s last blog post..Gorilla Link Love
Thanks Bruce,
That is exactly what I state and absolutely agree with you on:
Alex
Hi Alex,
Yet another informative and helpful post. I always enjoy reading your posts. Being a newbie to the hosting world, I was really happy to use Fantastico to do my initial installs, but the 2.2.3 upgrade really threw me. I like to know how things work so I can fix my own problems, so your comments make sense.
Thanks for taking the time to put your thoughts to paper!
Charly
http://arvoreentreasures.com/
http://arvoreentreasures.com/blog
Charly’s last blog post..What is Web 2.0 and Does It Work?
Thanks Charly!
Hi Alex , Thanks for the wonderful Lengthy post, I really enjoyed the post, I also agree with Charly I am also newbie to this blogging world , like me lots of newbies out there they also dont know how to install this complicated wordpress to self hosted blog for them Fantastico its really a useful one, sorry i dont know you agree me or not , once again thanks for the nice post
Vhxn.com
vhxn.com’s last blog post..Auctionads now moves to Shoppingads!
Fantastico is good place to start but I would recommend you don’t rely on it. Learn your blog and you will be rewarded – if only in time …
Yes, they can inject SQL through browser and even if you use the latest version of wordpress, a theme or plugin might have vulnerabilities that make them get to your tables.
I wrote and strongly recommend any wordpress owner to change your table prefix.
check it out here!
sherif’s last blog post..Here is a Free Software that is Helping me Communicate Efficiently.
Thanks for the link Sherif,
It is definitely worth a second look … even though for SQL injection a would be hacker would need a vulnerable plugin and them and we all KNOW that WP developers write only secure code
But on series note – I’ll have to reconsider my approach to this one …
I can see all the issues are regarding Wordpress upgrade. I uses Fantastico to install my side blogs (not taking the risk of using it with my main blog) but I upgrade them using the Automatic Wordpress Upgrade plugin to upgrade rather than the one-click upgrade.
Wayne Liew’s last blog post..No Self Ping to Stop Internal Blog Posts Pinging
Your spot on with this one. I have seen a lot of wordpress blogs get messed up because of a bad install from fantasico. I have used it to install wordpress – so I don’t need to setup the DB… However then I immediately upload the files by hand after fantiasico does it.
This is of course better than the install godaddy does. Which are almost guaranteed to be broken.
Matt Ellsworth’s last blog post..Google Maps Shows New Hampshire Results
Yeah… I think it is common issue with any script responcible for mass installs. Considering how easy it is to do it manually and that it only takes a few extra minutes and goes long way toward learning Why Not Do It?
As I have mentioned before – initial install is fine and I can actually easily recommend to any technical novice to get going but then learning should become part of blogging process. Unless you are paying someone to do it all for you and limit yourself in what you get …
Alex
I’ve never had any issues upgrading wordpress via Fantastico. I do it thru SSH myself on my own blog. I don’t use subversion, subversion sucks, and you can’t use it if you don’t have root access to the server, but as a Freelance web designer, I find Fantastico extremely easy to upgrade and maintain client blogs, so I don’t have to mess with updating wordpress via FTP, which can be MAJORLY time consuming on hosts that don’t allow SHELL access at all. Besides, I’ve had issues worse then those described here, upgrading wordpress the “FTP way” so alot of times I prefer the Fantastico way. The only issue I’ve ever had, was forgetting to run the upgrade.php script, then you’ll run into problems, yeah, but if you do it right, it works just fine. I’ve upgraded many of my clients to 2.3 using Fantastico without any issues. like I said, I’ve had more issues with clients that don’t have Fantastico or SSH, which believe you me alot of webhosts are not allowing SSH no more for some stupid reason, so FTP is the ONLY way in those situations, and I tell you, upgrading wordpress using FTP is a pain in the “you know where” most of the time. I get individual files that fail to upload, or files that should have been uploaded in ASCII format instead of binary, or vise versa, and believe you me, it causes more problems then Fantastico method does.
Thanks for your input – everyone has their own opinion based on what works best for them. I appreciate you sharing your experience as it gives people a different perspective on the process.
Alex
I’m with bubazoo – Fantastico is a life saver. As he said, uploading zillions of files via FTP is a nightmare. There’s always one file that gets left behind, and then go figure out which one it is! I also manage multiple client sites, and WordPress makes the installation process a matter of minutes rather than hours (FTPing), and upgrade is a cinch.
You’re right that people should know about the innards of WordPress, but once you do know that, why not make your life easier and use Fantastico?
Miriam’s last blog post..10 steps to a more splog-free WordPress blog
Miriam,
We all have our takes. My reason on Why not to use Fantastico stated above and I appreciate you express your opinion. I never expected everyone to agree with me
although I continue to stay with my initial statements – I don’t recommend it for upgrades.
I had the worst experience of my blogging life wit h Fantastico! That’s how I found this post..I was Googling about security issues and Wordpress, etc..anyway..
My host rep told me “oh just 1 fing click’ to upgrade…
I clicked (ok, a couple clicks, same difference)..I returned to WP admin to see that it hadn’t upgraded at all. But it SCREWED UP MY WHOLE BLOG!! They are behind the times with their update versions (still at 2.3.2, which is what I had to begin with that got me hacked..long story but I am posting about that as soon as I leave this message to you)
All I had left of my blog posts after the supposed upgrade were shells or ghosts of where my posts used to be! When the titles were clicked on, it took you to a shell of what my 404’s should be! EVERY ONE OF THEM.
I wish I had seen this post before I relied on those jerks for the upgrade. I finally upgraded manually to the newest 2.3.3..Hopefully THIS version won’t be hacked like 2.3.2..
Thanks for sharing,
I hope your story will help people see the light – it is that ONE TIME that matter the most.
Alex
Let me add another reason.
If you use a non latin character e.g. Arabic, forget Fantastico. It will use Latin1 as MySQL charset. I tried to change it to UTF8 to support Arabic, but it did not work. Finally i reinstalled it manually, and everything works fine.
The same goes to other script. My customer installed Moodle and ended up with the same problem.
Fairuz talibs last blog post..Moving DLGuard Installation to Another Server
Good points. For me it’s been about a 50/50 as far as using Fantastico or manual install for my WP blogs. But then, I am pretty intermediate/advanced when it comes to WP.
You do bring up some good points especially how it would really leave the novice, non-techy person in the dark when some glitch happens with the themes or plugins, or even during a version update. Hopefully if they were lazy, it’s during a crisis time as such that they spend the time to understand WP and learn how everything really works?
I think it’s a time saver to do the initial install from Fantastico, but everything after that, I do manually. Perhaps that’s at much as one should rely on Fantastico for, as far as WP is concerned.
Well what should I say.. when everyone is telling to USE fantastico for wordpress, this is the first time I have seen someone saying to NOT USE it.
I read your article 2 times and yes you have made some genuine and logical points. I never think that way.
Thanks for your post.
Gauravs last blog post..Nokia 5800 XpressMusic
I am debating whether to teach people to install and upgrade Wordpress using Fantasico. My gut feeling was not to. I found your article and think it sums up all the reasons why not perfectly. This line says it all : “Simplicity Creates False Sense of Security”. This is so true of many aspects of the easy web culture. All right for some, but not for those who want more and who also need control.
Liz
Liz Jamiesons last blog post..Getting Started With CodeIgniter – 2
Thanks Liz,
Unfortunately I agree with you, when complex scripts are too simple to install – always look for the downside. In case of fantastico it is a security, not something I’m personally willing to sacrifice.
The one issue that this post does not address that people should be made aware of is that Fantastico also makes the username and database name wrdp1 in all installations (if you install multiple times on same domain they will be wrdp2, wrdp3 etc.) and only leaves a hacker with the task of figuring out your password.
With many people using easy to guess passwords like password, a hacker could have control of your blog in less time than it takes to have a pizza delivered! I recommend that if people install Wordpress with Fantastico, that they change the database username at the very least.
I am giving away a report to help people make those changes to the database name and username without crashing your blog.
http://mybloggingschool.com/fantastico-fix
Thanks for reminding me about this back in June!
Micheal Savoie
http://twitter.com/michealsavoie
Good point Micheal,
And while I’m well aware of that fact and stated it several times in my other correspondence – you are correct, it is not pointed out here. And it should be – too many script kiddies rely on ability to guess.
Glad this article gave you ideas! BTW, seen your press-release, brilliant man!
I’ve used Fantastico for wordpress installation. But never faced critical problems with it. As for as upgradation is concerend, I use the plugin that automatically updates the wordpress to the latest version.
Cher,
I’m glad its working out for you. As long as you are aware of possible issues with it – that is all I’m trying to accomplish with this article.
Alex
I have to say, upgrading between smaller revisions may not be a bad thing, you can probably get away with that. But if anything that’s considered major e.g. 2.7 then yes a manual upgrade was needed and highly recommended.
Kevin Styless last blog post..
I must admit I do use fantastico to install wordpress, but not for upgrading. I am still learning Wordpress so currently take advantage of the Auto Upgrade plugin. However I completely agreee with you that it is important to learn how wordpress works, so do want to have a go at a manual install and upgrade once I am more confident.
I missed this post when originally published. Just shows you the importance of linking to older posts from time to time!
I install a lot of blogs and use Fantastico for the initial installation for ease and speed but only after first checking to make sure they have the most up to date version – Fantastico is sometimes slow to get the updates. I would never use it for updates for the reasons you mention.
A client who has newly bought hosting, just tried to manually install something on her server and completely wiped out everything else that I had installed for her – including the customized wordpress installation I had created.
So I agree that it is handy to know how to install manually but for those new to hosting their own WP blog I would still recommend Fantastico to start them off. Experience with the server and FTP develops over time although with auto upgrade extensions this knowledge is not so necessary.
Sueblimelys last blog post..10 Reasons For Making More Money Blogging
Sue, I will have to disagree – it is better to learn the right way from the start. Ignorance makes us lazy and while I have recommended on several occasions for people to install using Fantastico, it is not really a good practice.
Learn the right way – save yourself a pain and headache down the road.
Alex,
I think you are misguided on your Fantastico functionality. But, you seem to have no intention of being open minded and intent on bad-mouthing Fantastico, apperantly for your own personal gain.
Kevin
Kevin,
Please do share your opinion and open my mind. Mine is based on my own knowledge and I have nothing to gain by sharing it.
But please do – continue with your own idea. Perhaps people who will read it – will follow yours.
Alex
I started install my wordpress through Fantastico
I find it very easy to install as compare to the manual installation.
Also when I install through the Fantastico, I have the option to select other ID as my administrator ID instead of the default ID “administrator”
One of my old blog was install through manual method & using the default Administrator ID. I notice the weakness in Wordpress is that it allows unlimited retries on password. As a result my old blog was hack in and my password was changed by the hacker.
After I have fully install through Fantastico. I load a plugin to update the Wordpress automatically. So far my wordpress version is up todate.
So I still favors install through Fantastico
Cheers
Alwin,
Choice is yours and I have no intentions to argue about it. I stated my opinion and you obviously have your own.
Alex – I totally agree with you. Some people just prefer methods that appear to be easier, even if they are not.
I advocate that you are better off updating wordpress yourself manually. It takes all of 1 minute to do and about half a brain cell.
Liz
Liz Jamiesons last blog post..A Quick Fix for an Every Day Problem – $99
Great post and comments. I always enjoy the information I receive from Alex as it is usually timely to an issue I am currently dealing with. Being a techy at heart, I tend to need to know how something works. But we all start somewhere and my initial training was to use the Fantastico method for the initial install along with the Wordpress upgrade plugin for any further upgrades. It is a bit disconcerting when the version Fantastico installs is immediately out of date. Some of the comments regarding how it handles databases have given me food for thought even though I do not use the default administrator logins. I do like the fact that the Wordpress upgrade plugin does put the site into maintenance mode. I’ve verified that on my own sites. Is the maintenance plugin the same one used? Or is there another that is recommended?
One thing I’ve not seen mentioned is the importance of backups. The Wordpress upgrade plugin does backup some parts, but not the entire site. Maybe it is overkill, but I tend to download the site for backup before doing an upgrade of any sort. I also use a test blog which has my key plugins to test the upgrade before using it on a live site. So far it has worked well for me.
Sherry
Sherry Driedgers last blog post..Finding Your Life’s Balance
Hi Alex! Great Post.
I agree 100%. I quit using Fantastico some time ago for other reasons. I know when you’re a newbe and excited to get going you appreciate a quick install and Fantastico certainly does that for you but I like to name my own Database and the wp1 wp2 is not a designation I was happy with ’cause at my age I tend to forget what was 1 and 2 and 3 before I get to 4. Some updates you want to make are not recommended if you used Fantastico so since the install is so easy anyway once you’ve done it a few times I wouldn’t do it any other way. Thanks for all the good stuff, keep it coming, Jim.
Jim Burrys last blog post..Weight Loss Surgery
Your blog “3 Reasons NOT to Use Fantastico For WordPress” was a very interesting post. Thank you for taking the time to share it with us, I totally agree with you because Fantastico messed up my blog, I had to start from fresh. Your work is really appreciated. Thanks.