WordPress.org

Ready to get started?Download WordPress

Forums

[resolved] Move to WordPress from XOOPS ? (11 posts)

  1. pete_398
    Member
    Posted 3 years ago #

    Hi,

    I am considering converting our XOOPS driven site to WordPress, as we are using the XPressME Integration Kit, which 'combines WordPress 3.1 and the XPressME module to 'make' a WordPress XOOPS working module. I am quite impressed with WordPress, despite having used XOOPS for many years.

    Have spent considerable time doing searches on the WP forums about XOOPS. Most of the posts are very old (also most closed), and therefore irrelevant, and many of the other posts do not contain the information I'm seeking. Therefore, please don't suggest I search the forums. :D

    Here is what we are using now, each 'part' is called a module in XOOPS.

    1. WordPress - I'm assuming I can use the db tables to import from XOOPS to WP, as I now use WP Admin to add new posts, etc

    2. Headlines - This is a RSS news feed. It has categories, and within categories, you simply supply the uri of the news feed and a decription, also how long you want the cache to be, XML, rss type, etc. There are options about whether to display images, full text, number of news stories each 'page', etc

    3. Links - Categories can be setup here also, and then within each category, add a link to a site, plus add HTML to describe any info and images, etc, that you may want to use.

    4. Sitemap - Fairly basic sitemap. If you change any part of the site, it does it automatically. Part of this is to give Google, etc a sitemap, just a .php file.

    5. Contact Us - Simple contact form, name, email, message, BUT is has captcha, which is a definite need, as bots can be a nuisance, so forcing a 'person' to do it is the best way.

    So, looking for plugins I guess, that would do the same job as the above. Here is the server config ..

    Apache version 2.2.13
    PHP version 5.2.10
    MySQL version 5.0.92-community

    don't see a problem there. Also, our host has the security side of things very well 'tight'. Which brings to mind probably the most important side of 'staying' with XOOPS these so many years, is that it has a module called 'Protector', which was originally designed/built by GIJOE, see Protectors download info . The brief info there about what Protector can do ..

    - DoS
    - Bad Crawlers (like bots collecting e-mails...)
    - SQL Injection
    - XSS (not all though)
    - System globals pollution
    - Session hi-jacking
    - Null-bytes
    - Directory Traversal
    - Some kind of CSRF (fatal in XOOPS <= 2.0.9.2)
    - Brute Force
    - Camouflaged Image File Uploading (== IE Content-Type XSS)
    - Executable File Uploading Attack
    - XMLRPC's eval() and SQL Injection Attacks
    - SPAMs for comment, trackback etc.

    It is very powerful, and has saved many sites from being hacked. This is probably my biggest concern with moving from XOOPS to WordPress, the module Protector is very good on the security side of things.

    Is there a WordPress plugin that I could use that will give me the 'protection' that the XOOPS protector module has been giving ?

    I realise other protection measures can always be in place, like cmod to lowest level possible, etc.

    Thanks,

    Peter

  2. pete_398
    Member
    Posted 3 years ago #

    Anyone please ?

  3. Normally I'd say 'don't bump, if no one answered, obviously no one knows' but at 2 months... A lot of this you could google and find out, by the way.

    DoS - Nothing I know of. That's server side stuff, not webapp stuff, at the end of the day

    Bad Crawlers - Bad Behavior can help there.

    SQL Injection, XSS (not all though), System globals pollution - Built in to WP.

    Session hi-jacking - I want to say that's built in, but also use HTTPS. It helps.

    Null-bytes - Not sure what you mean here...

    Directory Traversal - NO idea what that means in this case.

    Some kind of CSRF (fatal in XOOPS <= 2.0.9.2)

    Brute Force - There are brute force plugisn. Use Google.

    Camouflaged Image File Uploading (== IE Content-Type XSS), Executable File Uploading Attack - Image uploads are restricted to specific file types.

    XMLRPC's eval() and SQL Injection Attacks - Built In

    SPAMs for comment, trackback etc. - Akismet.

  4. pete_398
    Member
    Posted 3 years ago #

    Hi Ipstenu, thanks for your reply, very informative. We don't allow new registrations, or comments on the site, so in some ways, it is 'protected'. Possibly a https login would be better than what I use now.

    The server I use 'catches' instances of where people try to pass a url/uri from another site, or when people try to pass code in the url, etc. It returns a 406 or a 404 most times, and they get a 'message'.

    I guess when everything is installed, take a backup of the site, and use one of the plugins to see if anything has 'changed'.

    Thanks,

    pete

  5. Yeah, generally speaking I say that server security is NOT the job of my web app, but of me, a big stick, and the beefy dudes I hired to protect my server ;)

    If you're relying on WP (or ANY web-app) to be the totality of your site protection, you're a brave, brave man.

  6. pete_398
    Member
    Posted 3 years ago #

    If you're relying on WP (or ANY web-app) to be the totality of your site protection, you're a brave, brave man.

    Yes, that's for sure. The bottom line is server security, which comes to do how well 'bedded down' the server admin person/s can make it. The good thing about XOOPS Protector, though, was that 'everything' (every request) went through the Protector module, so whatever modules were added (like WP plugins), they all passed through Protector first.

  7. pete_398
    Member
    Posted 3 years ago #

    Well, everything went okay, importing all the XOOPS data into WP. There were a few hiccups of course, but now sorted out, and the security side of things is as bedded down as I can make it at present, but I may do some extras later.

    In regards to the XOOPS modules ..

    * Headlines - I will look into various plugins soon, no rush there.
    * Links - I see there is a simple menu structure within the widgets, that may suffice for now.
    * Sitemap - Have installed the plugin google-sitemap-generator. I don't like the idea of a plugin 'automatically' writing to a file on my site, so just ran it once and disabled it. Only to be updated manually from now on.
    * Contact Us - I'm sure there will be some plugins to do that.

    I installed plugin WP-Optimize, to remove the garbage from the posts table, and used wordpress-importer to load the data from XOOPS.

    All in all, I'm happy with WP, it loads much faster than XOOPS, and isn't so 'cluttered'.

  8. Sitemap's can be done to virtual files (I think http://wordpress.org/extend/plugins/wordpress-seo/ does that)

    Contact us, there are LOADS of plugins :) I use Grunion.

  9. pete_398
    Member
    Posted 3 years ago #

    Thanks, I will have a look at WordPress seo plugin. :)

  10. chris0m
    Member
    Posted 3 years ago #

    Hi guys, what about gConverter? My friend has asked them and they've converted his XOOPS CMS to WordPress CMS and even XOOPS Forum to Simple:Press forum plugin for WordPress, so he has got nice WordPress site with Simple:Press forum.

  11. pete_398
    Member
    Posted 3 years ago #

    chris0m - if you want to pay the money, then do it that way. But it usually wouldn't be needed, for a 'content only' XOOPS site. However, if you have forums or many other XOOPS modules, then the 'move' to WP is more complicated, and therefore may require to employ the services of a company like gConveter.

Topic Closed

This topic has been closed to new replies.

About this Topic

Tags