16 Comments

  1. Keith Davis

    Hi Jeff
    “The typical way to install WordPress on a webhost is to visit WordPress.org, download a zip file, extract the contents, and upload it to a webserver.”
    In many ways that is the easy bit.

    The difficult part for new users is creating the database and adding database details to the wp-config.php file.

    Presumably that step will still be required on new installs.

    Report

    • Thomas

      Hi Keith,

      Creating the database is still required but the wp-config.php file is created automatically by CMS Commander during deployment.

      Report

  2. Matt

    For anybody else completely mislead by this posts title (c’mon Jeff!), here’s the rest of the post Jeff forgot to write…

    CMS Commander actually says:

    “Included is a 14 day trial of all our premium features. Afterwards you can continue to use CMS Commander completely free on 5 blogs with basic features.”

    I could not find (searched for 3-5 minutes) what the “basic” features are so I’ll just assume they are too poor to list since they aren’t listed.

    Report

  3. nick6352683

    First of all, I agree with Keith. Unless you install any script from your Hosting company’s control panel (one click install), you will need to know how to create the database manually, and retrieve the database’s credentials (host, database name, username and password).

    The next point that everybody missed is that we are expected to turn over our web sites database credentials, and of course the web site’s admin name and password to this company. Now, what could possibly go wrong, in a world of hackers, thieves, and web site hijackers, and dishonest companies (I’m not saying that this is the case here)?

    There are better and much safer alternatives. I’m sure there are more, but immediately 4 come to mind.

    1. Create your “starter” sites, preferably on a localhost, and use a migration plugin like Duplicator, to migrate the sites anywhere you want.

    2. Use InfiniteWP, and get the paid add-on to clone sites. You control the software, and you control all the data, usernames, passwords, etc… For added security, do not deploy InfiniteWP on the web, but install it on a localserver.

    3. Use the WP plugin repository’s favorite feature, to favorite any plugin you want to use, and use those fav. plugins to easily deploy those plugins in no time.

    4. For theme developers like myself, use the TGM Plugin Installer to quickly deploy plugins. I can install and activate plugins from the WP repositories, from zipped plugins contained within the themes, or from my own servers.

    There is absolutely no need to give the ability for ANYONE, to have access to your credentials of your databases and web sites.

    Report

    • Thomas

      Hi Nick,

      “Unless you install any script from your Hosting company’s control panel (one click install), you will need to know how to create the database manually”

      Agreed, and you are correct that a 1-click install from a hosts control panel will be easier for a complete beginner. Our feature is suited more for people who are able to complete the “standard” WP installation via FTP already.

      “The next point that everybody missed is that we are expected to turn over our web sites database credentials, and of course the web site’s admin name and password to this company.”

      Let me start by saying that CMS Commander does not store any user passwords. Neither the WP passwords of the sites our users manage remotely, nor the DB and FTP passwords used to deploy new WordPress sites. We don’t need them and don’t want them. They are only used one time during the deployment.

      Of course I realize that me simply saying this will probably not change your mind but that is ok. If a user is in doubt he/she could also simply change the passwords after creating a site with CMS Commander.

      “There are better and much safer alternatives.”

      All the alternatives you list require the user to install software or a plugin. I would argue that our solution (which amounts to filling out a form) is easier to utilize for the average user. But of course I won’t argue with you that there are many great alternatives available and would invite everyone to find the one that works best for their specific needs.

      Report

      • nick6352683

        Thanks for your attention to my concerns Thomas, and trust me when I say good luck with your business, you are clearly a very talented individual. I really mean that.

        You said this about using the web site credentials: “We don’t need them and don’t want them. ” And yet, right after that, you said “They are only used one time during the deployment.” If that is not a double talk, I don’t know what is, you can’t have it both ways, you either need the credentials or you don’t. Also, just because you say that you don’t store the credentials now, it does not mean that you won’t do it in the future, just like the NSA always insisted that they were not spying on us. After Snowden, we know better now. I’m not saying that you are lying, because I don’t know, and there is no way of me knowing one way or another, but the opportunity of abuse, is certainly there. Just because you say it, it does not mean you are not actually storing them – it’s that simple. Words and actual actions are two different things.

        We can go back and forth, but if ANYONE has to choose between safety and difficulty in deploying sites, and chooses difficulty over safety, deserves to get hacked, and does not belong in the business of creating web sites, either as a hobby, but specially as a professional service provider. Furthermore, anyone who finds it too difficult to set up InfiniteWP, using Duplicator, or use the WP plugin repositories favorite feature, again, does not have any business building web sites. You make it sound that you need to be rocket scientist to use the solutions that I suggested. Instead, you are asking your customers to hand over their web site credentials, even for only 1 time. That should not be acceptable to any self respecting semi-intelligent human being.

        Your prices are very reasonable, and I’m sure your service is excellent, however I can’t digest the fact that there is a BIG chance that somebody else besides me can obtain my web sites and databases credentials – it’s that simple! We live in a sick, sick world, and there is no way I would risk my business to go to hell, because I’m too lazy or incompetent to set up any of the 4 safer solutions I outlined before.

        Above everything, safety and security should top all priorities, which is a big unresolving issue in the WordPress community in general.

        Report

        • Thomas

          Hi Nick, thanks for your reply and let me try to clarify a few things below.

          “If that is not a double talk, I don’t know what is, you can’t have it both ways, you either need the credentials or you don’t.”

          Let me try to clarify:
          – For our site management features you do not need to enter any passwords at all.
          – For the site creation tool discussed in this post you need to but we do not save them.

          For someone like you who doubts my word (for reasons I understand completely) that we do not save the credentials but still would like to use the site creation feature I already presented an easy solution in my first comment:

          1. Use our site creation feature to build a new blog.
          2. Change your admin, DB and FTP password afterwards.

          This is a little more hassle but even with this security precaution I am confident the tool can still save a lot of time over the standard way to install WordPress.

          Now what I actually meant with “We don’t need them and don’t want them. ” in regards to your passwords is this: Our business depends on being a secure platform. If we stored passwords that would be additional baggage – which we do not want or need. That’s why we don’t and have no interest in changing that.

          So unlike you say we are actually not “asking our customers to hand over their web site credentials” at all.

          For our main service (managing WordPress sites) it is simply not required. The new deploy feature is an added convenience that no one is forced to use (or as stated can use and simply change their password after doing so).

          “You make it sound that you need to be rocket scientist to use the solutions that I suggested.”

          Now you start putting words into my mouth (or at least exagerating). I never said something like that but I stand by what I actually did say that our deploy feature is easier to use or – at least – does not require any previous setup (installing something). I clearly stated that all the alternatives shown by you are great options that people should consider to find the one that works best for them.

          Report

    • genestuffle

      Yeah, I too thought Duplicator sounded like a great tool the first time I heard about it. Then I found out that they neglect to tell you that it can’t handle a site of any useful size. Is there an alternative that can?

      Report

  4. Jeffrey

    Aren’t you supposed to be technical enough to install WordPress? I have seen more and more non-technical people, such as graphic designers, photographers, are using WordPress to create business web sites for other people. They rely on third-party plugins and themes to build the web site, but have little knowledge of how to configure the web site correctly, so when something bad (like security vulnerability) happens, they don’t know how to fix it. This actually damages the reputation of WordPress.

    This tool might be good for some people, but definitely not for me.

    What I think really helpful is that WordPress should learn from Drupal. Drupal allows developers to build different “distributions” based on Drupal core. Each distribution is a pre-configured installation with a set of specific plugins included, allowing user to quickly set up a fully featured Drupal site. For example, Drupal Commerce is a famous distribution to build an eCommerce web site.

    Report

    • Thomas

      Our site creation tool is not really aimed at complete beginners. It is meant for people who are technical enough to install WordPress. The goal is not to make WP installation easier for beginners but to save regulars time when doing so, by automating parts of the setup and configuration process that follows the install.

      Report

Comments are closed.

%d bloggers like this: