Jump to content
joseftu

Enable Curl? To Import Blogger To Wordpress

Recommended Posts

The newest version of wordpress has a neat feature to automagically import a blogger blog into a new wordpress installation.

 

I'm shifting my wife away from blogger, and into a wordpress blog on her own (brand new) domain at TCH.

 

But when I try to use the neat feature in wordpress, I get this message.

 

Howdy! This importer allows you to import posts and comments from your Blogger account into your WordPress blog.

 

Your web server is not properly configured to use this importer. Please enable the CURL extension for PHP and then reload this page.

How do I enable the CURL extension for PHP?

Share this post


Link to post
Share on other sites
Curl has been disabled on the servers but check out this post and it should get you going.

Thanks, Bruce, but I'm afraid that's more than a bit over my head!

I'm reading and re-reading, but it doesn't seem to answer my question.

Share this post


Link to post
Share on other sites
I found this tip page which may help.

Well, that tip page relies on the same Wordpress method that requires CURL. So that's no good.

 

Here's the thing...Wordpress 2.0 has a built-in import tab, that allows you to bring all the posts and comments from many other blogging tools directly into wordpress, with just about three clicks. No fuss, no bother.

 

It's a neat feature, but it won't work without curl.

 

Now, the good news is that I did figure a not-too-hard way to make it work, and I'll post that in a separate thread in the Blogging forum, in case anyone else faces the same problem.

 

It's interesting that curl will not be enabled here at TCH--I don't know enough to understand or evaluate the security risks, and I trust that the TCH gurus do. So I'm glad not to have that risk to worry about. But I do find it interesting, because wordpress is very widely used, and very security conscious, and they included this tool in their release, and they do have curl enabled on their free host for blogs (wordpress.com).

 

So what are they missing?

 

I mean, I'm getting, in my searching around, some very conflicting reports--on the one side we have TCH (and it looks like several other hosts, too) with the absolutely firm position that curl is dangerous to enable. On the other side we have plenty of hosts where it is enabled, and I even read a few recommendations from people who said "if your webhost won't enable curl, they're not a webhost worth having."

 

I'm not questioning TCH's decision (I've been happy with TCH for a long time now), and as I said I did find a way to make this work. But just out of my own curiosity, what is the danger? And why are others not aware of it?

 

Anyway, thanks for the help, Bruce. I often (as this time) try to do things that I really don't quite understand. It gets me in trouble, but it also helps me to learn!

Share this post


Link to post
Share on other sites

I don't know the specific reason the techs disabled Curl, but just a quick glance on the net shows a security vulnerability from just a couple of weeks ago.

 

Another from last June says "multiple security vulnerabilities were discovered in cURL".

 

They seem to be fast to update/patch it, but I'm glad it's not on my neighbor's sites. B)

 

I guess any program that transfers files that's not as "mature" as the standards is at great risk. About the statement that if a host doesn't do cURL it's not worth having -- what about programs that use such risky tools that can compromise the entire site being allowed to run and the sites that allow them? ;)

Share this post


Link to post
Share on other sites
But just out of my own curiosity, what is the danger? And why are others not aware of it?

The risk of tools such as curl is that it provides malicious hackers with an easy means to upload content, scripts, and tools of their choice to your site once it has been compromised.

 

I don't believe that the people at Wordpress are "not aware" of this risk. The risk faced by Wordpress servers is not the same as the risk faced by TCH servers. When you set up a free Wordpress blog on wordpress.com, who controls the actual hosting account? Wordpress does. Who controls your TCH hosting account? You do.

 

With the increased freedom you have with your own hosting account at TCH, this also includes the freedom to configure your account in a way that could allow it to be exploited, or upload a file to your account that could be compromised. This is not a rare occurrence at TCH, and when it does occur, every hosting account on the server is susceptible to being compromised as well.

 

TCH tries to mitigate this risk by limiting how much damage a malicious hacker can do once an account has been compromised. One way was to limit access to server tools that would allow a hacker to gain more control over a comproised account, or the server it was located on. This is the reason tools such as curl, lynx, GET, etc., were disabled.

 

As far as I know, you can't upload and run scripts that have been compromised in the past on TCH servers such as phpMyChat or phpBB to a free Wordpress blog account. With those kinds of restrictions, compromise of a free Wordpress blog account is much less likely, and the risk posed by the availability of tools such as curl is greatly reduced. Evidently, the people at Wordpress think the risk is low enough that they can justify allowing access to curl.

 

But just because Wordpress thinks its okay for them doesn't automatically mean that it's okay for TCH. TCH has to make that decision based on its own evaluation of the situation, which as noted above, is not the same as Wordpress'. B)

 

Hope this helps...

Share this post


Link to post
Share on other sites

This issue has been resolved and the import function works in Wordpress. Still unsure as to why it did not work the first time but only command line Curl is disabled.

Share this post


Link to post
Share on other sites

Thanks for those explanations, David and Jim. That really helps me to understand.

 

As Bruce says (tactfully! B)), whatever the problem was with that import script, it's gone now. Seems like it must have been (somehow) on my end.

 

Anyway, as they say, TCH rocks!

;)

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


×
×
  • Create New...