Enable Curl? To Import Blogger To Wordpress

[joseftu]

The newest version of wordpress has a neat feature to automagically import a blogger blog into a new wordpress installation.

 

I'm shifting my wife away from blogger, and into a wordpress blog on her own (brand new) domain at TCH.

 

But when I try to use the neat feature in wordpress, I get this message.

 

Howdy! This importer allows you to import posts and comments from your Blogger account into your WordPress blog.

 

Your web server is not properly configured to use this importer. Please enable the CURL extension for PHP and then reload this page.

How do I enable the CURL extension for PHP?

[TCH-Bruce]

Curl has been disabled on the servers but check out this post and it should get you going.

[joseftu]

Curl has been disabled on the servers but check out this post and it should get you going.

Thanks, Bruce, but I'm afraid that's more than a bit over my head!

I'm reading and re-reading, but it doesn't seem to answer my question.

[TCH-Bruce]

How are you trying to import from Blogger? You should be able to do it.

[TCH-Bruce]

I found this tip page which may help.

[joseftu]

I found this tip page which may help.

Well, that tip page relies on the same Wordpress method that requires CURL. So that's no good.

 

Here's the thing...Wordpress 2.0 has a built-in import tab, that allows you to bring all the posts and comments from many other blogging tools directly into wordpress, with just about three clicks. No fuss, no bother.

 

It's a neat feature, but it won't work without curl.

 

Now, the good news is that I did figure a not-too-hard way to make it work, and I'll post that in a separate thread in the Blogging forum, in case anyone else faces the same problem.

 

It's interesting that curl will not be enabled here at TCH--I don't know enough to understand or evaluate the security risks, and I trust that the TCH gurus do. So I'm glad not to have that risk to worry about. But I do find it interesting, because wordpress is very widely used, and very security conscious, and they included this tool in their release, and they do have curl enabled on their free host for blogs (wordpress.com).

 

So what are they missing?

 

I mean, I'm getting, in my searching around, some very conflicting reports--on the one side we have TCH (and it looks like several other hosts, too) with the absolutely firm position that curl is dangerous to enable. On the other side we have plenty of hosts where it is enabled, and I even read a few recommendations from people who said "if your webhost won't enable curl, they're not a webhost worth having."

 

I'm not questioning TCH's decision (I've been happy with TCH for a long time now), and as I said I did find a way to make this work. But just out of my own curiosity, what is the danger? And why are others not aware of it?

 

Anyway, thanks for the help, Bruce. I often (as this time) try to do things that I really don't quite understand. It gets me in trouble, but it also helps me to learn!

[Deverill]

I don't know the specific reason the techs disabled Curl, but just a quick glance on the net shows a security vulnerability from just a couple of weeks ago.

 

Another from last June says "multiple security vulnerabilities were discovered in cURL".

 

They seem to be fast to update/patch it, but I'm glad it's not on my neighbor's sites.

 

I guess any program that transfers files that's not as "mature" as the standards is at great risk. About the statement that if a host doesn't do cURL it's not worth having -- what about programs that use such risky tools that can compromise the entire site being allowed to run and the sites that allow them?

[TweezerMan]

But just out of my own curiosity, what is the danger? And why are others not aware of it?

The risk of tools such as curl is that it provides malicious hackers with an easy means to upload content, scripts, and tools of their choice to your site once it has been compromised.

 

I don't believe that the people at Wordpress are "not aware" of this risk. The risk faced by Wordpress servers is not the same as the risk faced by TCH servers. When you set up a free Wordpress blog on wordpress.com, who controls the actual hosting account? Wordpress does. Who controls your TCH hosting account? You do.

 

With the increased freedom you have with your own hosting account at TCH, this also includes the freedom to configure your account in a way that could allow it to be exploited, or upload a file to your account that could be compromised. This is not a rare occurrence at TCH, and when it does occur, every hosting account on the server is susceptible to being compromised as well.

 

TCH tries to mitigate this risk by limiting how much damage a malicious hacker can do once an account has been compromised. One way was to limit access to server tools that would allow a hacker to gain more control over a comproised account, or the server it was located on. This is the reason tools such as curl, lynx, GET, etc., were disabled.

 

As far as I know, you can't upload and run scripts that have been compromised in the past on TCH servers such as phpMyChat or phpBB to a free Wordpress blog account. With those kinds of restrictions, compromise of a free Wordpress blog account is much less likely, and the risk posed by the availability of tools such as curl is greatly reduced. Evidently, the people at Wordpress think the risk is low enough that they can justify allowing access to curl.

 

But just because Wordpress thinks its okay for them doesn't automatically mean that it's okay for TCH. TCH has to make that decision based on its own evaluation of the situation, which as noted above, is not the same as Wordpress'.

 

Hope this helps...

[TCH-Bruce]

This issue has been resolved and the import function works in Wordpress. Still unsure as to why it did not work the first time but only command line Curl is disabled.

[joseftu]

Thanks for those explanations, David and Jim. That really helps me to understand.

 

As Bruce says (tactfully! ), whatever the problem was with that import script, it's gone now. Seems like it must have been (somehow) on my end.

 

Anyway, as they say, TCH rocks!