Tutorial - How to migrate WordPress website (The proper way!)

Hello kiddos!

    Today we will learn the proper way to migrate a WordPress website from one hosting to another. Not that method that teaches you to install fresh WordPress installation and to move few folders from the old hosting on top of it. This is not the proper way to migrate a website and can mess everything.

    I will also try to keep it as simple as possible and will not involve complicated SSH command lines. Using SSH will save you a lot of time and efforts but it's more for the hosting support professionals than WordPress newbies. I will assume that if you know how to use SSH you will find your way to optimize this process ;)

Just to be clear:

DB = Database

Before starting the migration!

Let's prepare few things, shall we?

If you haven't done it already, download FileZilla - Good FTP client. We will use it to transfer files and folders.

Get access to FTP/SFTP and phpMyAdmin to both hosting environments - mandatory.

Add the website into the new hosting. This depends on the hosting environment and if you are not sure "how to" just ask the hosting support.

Putty or ZOC terminal emulator is optional.

Let's begin with the migration!

1) Download the files via FTP from the old hosting:

By using FileZilla connect to the FTP server of the old hosting and download all website's files to your computer.

Tip: You can reduce the download and upload time by putting all of the files in a archive.
Tip: Make sure that you have enabled "Force showing hidden files" in FileZilla. The option is located in: Server > Force showing hidden files.


2) Upload the files via FTP to the new hosting:

Again using FileZilla connect to the new hosting FTP server. Locate the website's directory and upload the files that you have already downloaded from the old hosting.

Tip: Check if you have moved the .htaccess file. Some users make custom rules there and it might be mandatory to move it.
Tip: Sometimes you will need to press F5 to refresh the folder and see any new files.

3) Export the Database from the old hosting:

Open phpMyAdmin. Locate the database and click on it. Go to the upper menu and click on the export option. Then click on Go.

Tip: If the Database is too big (more than 128-256MB you should ask the hosting support to export it for you via SSH (or use their Database backup solution). WP Plugins are often unreliable for that.

4) Check for old absolute paths in the DB: 

Some plugins leave absolute paths in the DB and if you leave them this can lead to crashing of the website or at least performance issues.

Tip: You can download the DB and search and edit with Notepad++, gVIM or similar text editor.

Look for paths like this: /home2/userTest/public_html/wp-content/....

Replace before "wp-content" with the correct paths of your server. If you are not sure what are they consult your support or developer.

Tip: If you have moved your website to a different domain you should edit it and replace every old domain with the new one in it! This can be achieved by downloading the DB and edit it using Notepad++, gVim or similar text editor (just find and replace). In 99% of the cases this will be enough.



5) Import the Database to the new hosting:

We will need to configure and tune the website to work with the new hosting environment. I will assume that you have already created DB, DB user and DB password.

Open phpMyAdmin. Locate the database and click on it. Go to the import option on the upper Menu > "Browse" the files that you have just exported in your computer and upload it.

Tip: Again! If the Database is too big you should import it via SSH or ask the Hosting support to do it for you.

6) Locate the wp-config.php and edit it:

- Fill the credentials of the new environment - DB name, DB user, DB pass:

/** The name of the database for WordPress */
define('DB_NAME', 'fill_the_db_name');

/** MySQL database username */
define('DB_USER', 'fill_the_db_user');

/** MySQL database password */
define('DB_PASSWORD', 'fill_the_db_password');

/** MySQL hostname */
define('DB_HOST', 'localhost'); //in 99% of the cases you should leave this as it is

- Change the paths if there are any in the wp-confg.php file according to the new hosting environment;

And now the fun part!

The final tuning!

7) Check for any errors in the error's log:

You can have some minor issues with the new environment. Every hosting environment is different and if you can't clean the errors alone the hosting support should help you.

Optional but recommended!

8) Check your file's permissions: 

If you have access to SSH run the following commands IN public_html:

find . -type d -exec chmod 755 {} ;
find . -type f -exec chmod 644 {} ;


If you are moving your website from WPEngine is little more complicated. and it's part of another tutorial.

Tip: I'm not recommending the usage of plugins to migrate websites. If you want to do it right do it manually.
Final Tip: If you are not sure what are you doing just hire a professional to do it for you ;)

WordPress - Fixing “Your connection is not private” issue with Chrome v44

THIS ARTICLE WAS WRITTEN REGARDING A BUG IN CHROME AND THE ISSUE WAS FIXED A LONG TIME AGO.

TO FIX “Your connection is not private / secure" issue in Chrome / FireFox" PLEASE CHECK THE FOLLOWING ARTICLE: http://bgroot-eng.blogspot.bg/2016/08/fixing-your-connection-is-not-private.html

Update 1: The issue should be fixed in the last Chrome update (Version 44.0.2403.107 m)

It appears that in the Chrome 44 release (version 44.0.2403.89), that happened just yesterday, Google made one little change that affects many websites and not for good.

It's now sending the 'HTTPS:1' header on every request by default. This affects many websites (core and plugins) and mainly some WordPress Plugins. This should be a change for a good, to enhance security but it seems that a lot of the developers were not ready for that change.

In general if you are not using SSL certificate for your website and try to access the admin section of your WordPress site (domain.com/wp-admin) it will redirect you to the https version of the website and you will get the error that “Your connection is not private” and “ERR_CERT_COMMON_NAME_INVALID “.

Some of the plugin developers already released updates which will fix this bug. However a lot of them still haven't.

Here is the solution of the issue if you are using Wordpress CMS:

1) Update all of your plugins! (use different browser to access your wp-admin section) In most of the cases this will fix the issue.

2) Purge your cache if you are using any cache plugin.

3) Check if you can access your admin section via Chrome!
If it's fixed, you don't need to do anything else. If the issue was not fixed move to the next step!

4) I work for a hosting company optimized for a fast WordPress moneymaking websites. Our team have created one miniPlugin for WP which fixes this issue. You can download it from here:

https://trafficplanethosting.com/downloads/category/2/fixes/

Install the plugin from the  Plugins section in your WP website:

Plugins > Add New > Upload Plugin > upload the ZIP you have already downloaded > Activate it.

When the plugin is active you should see a notice in the top of the page: “The fix for Chrome v44 is active now. Thank you for using Traffic Planet Hosting”. If you do not want to see this anymore you can click on “Close” and it will hide it for your user.

5) Check if you can access your admin section via Chrome!

You can remove the plugin when all of the plugin developers release fixes for their plugins.

Ensure high security of your WordPress Website!

Hello boys and girls,

    In the next lines we will see several things that you need to do in order to enhance your website's security.

Here is what I recommend to ensure high security:

1) Keep your computer/s secure and do not access your mail or websites from public computers and/or unknown open WiFI networks. Some of the open WiFI networks are made with the only goal to snuff for private information (but this is a subject for another article). On the same subject:

- Using of Antivirus software is mandatory - Here are the good once: Avira Antivirus (free or paid), Avast (free or paid), ESET NOD32 (only paid)
- Scanning with passive anti malware software - recommending MalwareBytes. DO NOT activate the paid version. Use it in passive mode and scan regularly your computer.

2) ONLY use plugins and themes from TRUSTED SOURCES.

    Some commercial plugins/themes can be found for free on seemingly good looking websites where it looks safe to download for free. Nothing on these legitmate-looking websites appears to suggest that the plugins or themes offered there are infected with a very powerful backdoor script called 'CryptoPHP'.
What this CryptoPHP can do:
After being installed on a webserver the backdoor has several options of being controlled which include command and control server communication, mail communication as well as manual control.
Backdoors of this type are mainly used for illegal search engine optimization, also known as Blackhat SEO. The backdoor is a well-developed piece of code and dynamic in its use. The capabilities of the CryptoPHP backdoor include:

• Integration into popular content management systems like WordPress, Drupal and Joomla
• Public key encryption for communication between the compromised server and the command and control (C2) server
• Backup mechanism in place against C2 domain takedowns by using email communication
• Manual control of the backdoor besides the C2 communication
• Remote updating of the C2 server list
• Ability to update itself

    Actually when installed it integrate itself deep into your website and use its functions, code and database. It can add additional administrator user, add/delete/modify the content of the website, change your websites settings and anything you can or can’t imagine.
So we HIGHLY recommend to ONLY use plugins from TRUSTED SOURCES.
    Here is a list of some of the websites that distribute plugins with CryptoPHP backdoor:

    The following websites host the actual plug-in and theme files used for direct download:

    If you have installed plugin or theme from one of these websites it is very likely your website to be infected with CryptoPHP.
What you need to do is at least delate the plugin/theme and check that you have additional admin user added and all your website looks like it should for the search engines.
You can do that from Google Webmasters Tools > Fetch as Googlebot .


3) Install CAPTCHA on your login page and comments.

4) Keep your WP and plugins up to date. A lot of vulnerabilities are found every day in plugins and WP itself. The truth is that 99% of the websites are hacked trough such vulnerabilities.

5) Last but not least, if you are using static IP to connect to internet you can Lock down your WordPress wp-admin. To allow access from multiple IP addresses, replace 123\.123\.123\.xxx with your own IP addresses:

<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{REQUEST_URI} ^(.*)?wp-login\.php(.*)$ [OR]
RewriteCond %{REQUEST_URI} ^(.*)?wp-admin$
RewriteCond %{REMOTE_ADDR} !^123\.123\.123\.121$
RewriteCond %{REMOTE_ADDR} !^123\.123\.123\.122$
RewriteCond %{REMOTE_ADDR} !^123\.123\.123\.123$
RewriteRule ^(.*)$ - [R=403,L]
</IfModule>

Another way:

<FilesMatch wp-login.php>
Order Deny,Allow
Deny from all
Allow from 123.123.123.123
</FilesMatch>[/code]

    If your IP address changes, you can protect your WordPress site by only allowing login requests coming directly from your domain name. Simply replace example\.com with your own domain name

    Most brute force attacks rely on sending direct POST requests right to your wp-login.php script. So requiring a POST request to have your domain as the referrer can help weed out bots.

<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{REQUEST_METHOD} POST
RewriteCond %{HTTP_REFERER} !^http://(.*)?example\.com [NC]
RewriteCond %{REQUEST_URI} ^(.*)?wp-login\.php(.*)$ [OR]
RewriteCond %{REQUEST_URI} ^(.*)?wp-admin$
RewriteRule ^(.*)$ - [F]
</IfModule>