Your Opinions on Fantasico

12 replies
Hey Guys!

I wanted to ask your opinions on Fantastico installation for Wordpress. I gather that John Chow provides a service for Wordpress installation and that he actually uses Fantastico.

So do you like it or not - and why?

Cheers,

Will
#fantasico #opinions
  • Profile picture of the author radhika
    Personally I like to install scripts seperately. I didn't even enabled Fantasico in my VPS. If we install manually, we can install/upgrade latest version of scripts.

    Just my opinion.

    .
    Signature
    Follow up Autoresponder PRO :: 33% Discount!!
    FREE Upgrades! IMPROVED Email Deliverability!!
    {{ DiscussionBoard.errors[7912410].message }}
  • Profile picture of the author typoo999
    I like it. Time is money, Fantastico saves time.
    Signature
    Boom shakalaka!
    {{ DiscussionBoard.errors[7912417].message }}
  • Profile picture of the author butters
    I can understand why it is such a liked tool, I have used it in the past but it does come with its draw backs in terms of security.

    It creates your database with the same generic line as everyone else (Easy to be found.)

    Not sure if it still does but it installs a .php file on your server which could be exploited.

    Some times it installs an out of date version of WP.

    Table prefixes are also generic and the same for everyone.

    People also complain that it is restricted to a 12 character password.

    But don't get me wrong, there is ways of fixing these flaws quite simply, just adds a little extra effort if you want to secure it properly.

    Found this article, it may help Fixing The Fantastico Security Flaw | Micheal Savoie
    {{ DiscussionBoard.errors[7912420].message }}
    • Profile picture of the author Will Edwards
      Originally Posted by butters View Post

      Actually, reading that article pretty much convinces me to leave it alone. I don't use it for my blogs, but I was wondering whether or not to recommend it for people with less experience.

      Will
      {{ DiscussionBoard.errors[7912941].message }}
      • Profile picture of the author butters
        Originally Posted by Will Edwards View Post

        Actually, reading that article pretty much convinces me to leave it alone. I don't use it for my blogs, but I was wondering whether or not to recommend it for people with less experience.

        Will
        Glad I could help I only realised the flaws of the tool and had to learn the hard way when I researched about blog security.
        {{ DiscussionBoard.errors[7912993].message }}
        • Profile picture of the author Alexa Smith
          Banned
          I don't use WordPress, myself, but if I ever did (and I suppose it's conceivable I might want to use OptimizePress theme, or something similar, at some point), I certainly wouldn't be installing it that way.
          {{ DiscussionBoard.errors[7913012].message }}
          • Profile picture of the author Sandra Martinez
            I used fantastico for some time; they have a delay with the updates that can be problematic.

            I prefer now quick install, it comes with Cpanel as well. The updates are usually almost on real time for what I saw so far.

            There are of course security advantages when you install from scratch.

            Now, I have been hacked several times... all except one were caused by outdated scripts, one was the hosting who was compromised. In 10 years I never was hacked because of a fantastico predictable database username.
            {{ DiscussionBoard.errors[7913048].message }}
  • Profile picture of the author Marketinghamster
    Yeah fantastico is pretty good. To be honest if someone wants to hack your site then not using fantastico isn't going to stop them. In my opinion just use it and save time
    {{ DiscussionBoard.errors[7913120].message }}
  • Profile picture of the author sbucciarel
    Banned
    I use it occasionally, but often just upload a Wordpress version in zip format to the domain and just extract it and then create the database and connect them.

    Of all the Fantastico installs I've done, never been hacked. I keep backups and use security plugins and complex user names and passwords, so maybe that's why I haven't been hacked so far.
    {{ DiscussionBoard.errors[7913389].message }}
  • Profile picture of the author MrMonetize
    It's not helping you learn how it works, its just a push button solution to speed up the process. Its so simple to install WP anyway that I never bother with Fantasico. Some hosts won't have it, so if you have to move your site and that's the case, then you're left scratching your head. I always develop the site in a local environment and upload it when its ready.

    Also like Butters mentions above, the prefix for every Fantasico WP install begins with wp_

    This presents a security problem because people who want to hack into your database know its a WP install, and they can perform SQL injections amongst other nasties. I always change that prefix to something obscure like 8y1hk2_. This can hide the fact that the database belongs to a WP site.
    {{ DiscussionBoard.errors[7913411].message }}
  • Profile picture of the author kpmedia
    It's not secure. The end.
    It's so 2005.
    {{ DiscussionBoard.errors[7923875].message }}
  • Profile picture of the author JosephMai
    I never use this unless it's for testing some new functions on WP.
    This makes organization in hosting directory not good. For example, it auto generated sql database with its name, we will have difficult to backup certain database or change the ways we want...
    {{ DiscussionBoard.errors[7924313].message }}

Trending Topics