This article is an answer to a question I got recently, which stated:

When you transfer your site from old domain or localhost to new domain, what are the steps to take and what errors do you need to look for?

Servers In Data Center

While this question is about transferring a domain it also applies to changing hosts. Coincidentally, I did that very thing this week. So to do this we are going to need to do 3 things:

  1. Backup the Files.
  2. Backup the Database.
  3. Point the domain to the proper IP address.
  4. Import the Files.
  5. Import the Database.

A quick note before I explain the procedures. The order of these things matters, not so much on the backup but on the import it can matter a bunch as you will see below.

Backup Files

The files in WordPress are of 2 types, there is WordPress core files which drives the WordPress system. We are not interested in those.  Core files are located in the root of the install. The user files are stored in a directory called wp-content.

Depending upon the setup you have you may see a variety of directories within this one. However, there are 3 directories that we are interested in:

  • Themes stores your theme files.
  • Plugins stores your plugin files.
  • Uploads stores your media files and documents.

I recommend that you make a copy of wp-content so you have everything you need. If you are on a local install, called localhost or (localhost IP address) you already have these on your system. Just navigate to the folder that contains you WordPress installation.

If you are on a host and you are moving to another one, use your FTP client to navigate to the wp-content folder and download everything to your computer. Once you have done this  you can more on to the next step, backup the database.

Backup Database

Backing up the database on WordPress is interesting because there are 2 ways to do this. One is far easier for the average user but it isn’t quite is thorough. The second is more thorough but it is harder and requires more technical knowledge. I am going to show you both methods and you pick which one you want to use.

Easy Way

The easy way uses functionality built into WordPress. This is the recommended way for most users. To access this functionality on the WordPress Dashboard -> Tools -> Export. The system will then ask you what to export and you want to click all content (this should be selected by default). This will download an xml file with all your content. Check your downloads folder and you will see it.

Hard (More Thorough) Way

If you want to do it the harder but more thorough way, then you will backup the entire database. The step we just did above only gave us the content, which is themes, plugins, posts, pages and media files. The database stores more than the content. It still stores all the content but it gives us the full system settings as well.

To backup the database go find PHPMyAdmin in your local server or your host’s cPanel. Once in there select the database you want and click the export button. In the dialog that appears select quick under export method and the dropdown should be SQL. Click Go and the file will download. You have just exported the full database.

PHPMyAdmin Export

Point the Domain To Your Host

Now you need to go point to the domain to your hosting provider via DNS. The DNS translates human readable domains like to an IP address like You are going to need to create an A record with your registrar.

Please note it is very common for your host to also be the registrar but this is not always the case. If your registrar and your host are different companies you need to login to your account with your registrar to point them to the host. However, you will need to first get the IP address from your host.

Once you have your host’s IP address login to your register and go to the DNS section for the domain you want to point. You are going to add 2 A records with the following values:

A@IP AddressTime
A*IP AddressTime

Depending upon your registrar’s system the TTL (Time to Live) value may be in minutes or seconds. Just select the shortest option.

Import The Files

Remember earlier I said the order mattered, well now I will explain. I want to you move the files first because the media library will not find the files (and thus will not add them) if you import the data before the files. So I recommend moving the files first. Please note you will need a WordPress install (or at least the file structure) up and running before you can move the files, which I discuss here.

Once the WordPress install is created and your FTP is setup with your host navigate into the wp-content directory both locally and on your host. Move the Themes, Plugins, and Uploads directories from you computer to the host.

Import The Database

Just like above there is an easy way, good for most users, and the harder more thorough way.  I will explain each method.

Easy Way

The easy way will use a feature of WordPress called the WordPress Importer. On the WordPress Dashboard go to Tools->Import. There you will see a bunch of options. At the end of the list is the WordPress importer. Click install and then run the tool. When you run it will ask for the export xml file we dowloaded earlier. This should import all the system data. When you import you may need to reassign content to a user.

Hard (More Thorough) Way

Before you import the database you need to get a fresh install. Using this method you will need to do it manually. Go to and download the files. Extracted the files from the zip and FTP them to your root directory on your host. Now you can move the database.

On your hosts cPanel go to the databases section. Create the exact same name as the database from your localhost or other host. Then go to your new host’s PHPMyAdmin and find the database you created and select it. It should not have tables. Click the import button and import your SQL file. Then install WordPress manually using that database as the database and the same table prefix as the prefix used in the database you are moving.


Moving a WordPress website doesn’t always go smoothly. Below is a list of the most common issues I have run into and how to solve them:

  • Issues with the domain: DNS can take up to 72 hour to take effect across the internet. This is why we set the TTL to the lowest value possible. You may need to be patient. Also confirm that your records are pointing to the correct IP address that you got from your host.
  • Cannot install WordPress: This is more common in manual installations. Ensure that your database name is correct and that all the usernames and passwords match. Also ensure that your table prefixes match the previous version as well. If necessary delete all WordPress files get a fresh download and start over.
  • Settings are not correct: This happens when you use the WordPress Importer since it only affects content, not settings. Active your theme and plugins. Re-create your menu and configure your WordPress settings.

Final Results

So now you should know how to move a WordPress website from a localhost or from one hosting company to another. Also you particular host may have migration tools available, so check with them.

There is more to it than this, things like security, SEO, and domain email but this tutorial will get your WordPress website to the right location.


Root Directory


How DNS Works

WordPress Importer Plugin


In a previous post I alluded to addressing how to secure a website.  Well the day has come. In this post I will discuss how to secure your WordPress website using HTTPS and SSL.



So what is the difference between http and https?  Well the https version encrypts the traffic between the user and the server, so someone trying to spy on you (say at a public Wifi) wouldn’t see the data. Think of it like a cable that is plugged into some outlets. You can easily see the cable and what it looks like. That is http. Now take that same cable and run it though conduit, so you know its there you just don’t know anything about it. That is https, it prevents unauthorized users from seeing the data transfer.

Who Should Use HTTPS

If your site asks for any sensitive information (passwords, credit card numbers, birthdays, social security numbers, etc.) you should secure your website. I am of the school of thought that if any part of your website has sensitive data, you protect the entire site. So if you are on WordPress or some other CMS, you need it. This is because you will need to login and the fact that you have a username / password means you should run over https and use SSL.

In the last year or so the major browsers have also been cracking down. If a website loads over http instead of https the browsers are starting to flag them as insecure and this will hurt your SEO rankings. So for all practical purposes every site should use https and SSL, not just sites that pass sensitive information.

How To Do It

So how to you actually make that happen in WordPress? Open your WordPress dashboard, then under the settings click general. Under general you will find an area with your domain (2 versions actually). Ensure that this begins with https like the screenshot below.

WordPress HTTPS

In this screenshot you can see that both the WordPress Address and Site Address both begin with https. It works identically in both www and non-www versions.


The second layer of security is SSL or Secure Socket Layers. This you get from your hosting provider. SSL issues what is called a certificate, which has information about the site, the issuer, etc. that the user can view and confirm before they enter sensitive data. You can view the certificate by clicking the lock next to the url on your browser.

There are multiple levels of SSL and the product you need depends on how many sites you want to cover and how much detailed information you want it to show. For example, a major shopping site like Amazon would show a lot of details about the company on their certificate whereas a personal blog like this site has a certificate, but the details are mostly my domain and little else.

However, every certificate will have a bunch of info about the issuing agency like who they are, when the certificate is valid, etc. Just click the SSL or Security section of your hosting provider and they will assist you, it’s really not very hard to do.

I am of the school of thought that if any part of your website has sensitive data, you protect the entire site.

To summarize to run a website securely you need to both load the traffic and install a SSL certificate on your domain.  That will protect your users from getting their information stolen, which is in your best interest.


Security Fundamentals


If you are reading this, I am assuming you have a website and you want people to actually find it.  That is why you put it up after all.  In this article I will give an overview of how to do just that, get found by your target audience.  This process is called search engine optimization or SEO for short.

No Quick Solutions

Let me give you an example of good SEO strategy.  If you want want some really good food, are you able to cook it in 90 seconds?  No, really high quality food takes time to effectively prep and cook.  The quick solution may fill your belly but is will never taste as good as some slow cooked bar-b-que.

Quality SEO works the same way, it takes time, but done correctly will work better.  I say this because some people offering SEO services promise the world (we will make your brand new site #1 on Google in 24 hours).  Don’t hire them.  If you do hire an outside consultant or do it yourself know that for it to be effective it will take some time and effort.

Do Your Homework

This is the first step.  You need to know your ideal audience and the terms that you think they may be searching for to find you.   The better you know them, the better you can utilize target keywords.  Many ways exist to find the right keywords including customer surveys, names of products or services you offer, and keyword research tools.  So how do you use the keywords?  There are two ways, which I shall discuss in the next sections.

Keywords In Meta Tags

The first strategy is to use the keyword meta tags.  Meta tags are loaded by the web browser but are not seen be the end user unless they view the page’s code.  These tags include descriptive information about the page.  One of these is a keyword tag.  If your website runs on WordPress or some other CMS, chances are that you can use a plugin to add the required keywords.

But only use a few keywords and only keywords that are actually relevant.  That is because in the past some people tried to improve their ranking by using keyword spam where they would put dozens of keywords onto their webpage’s meta tag.  This is rarely done anymore because the search engines became aware of the tactic and now penalize websites that do this.

As an example if you have a website for a hot dog stand you might have keywords such as: hot dog, corn dog, ketchup, mustard and relish.  But notice all of these are relevant to a hot dog stand.

Keywords In Your Content

The second method for using the keywords is to work them into the content of the website.  That is a best practice and is one of the recommended strategies by Google’s SEO guide.  To demonstrate this using our hot dog stand example, the website for our hot dog stand may have pages where they talk about serving hot dogs and corn dogs as well as their condiments of ketchup, mustard and relish.  All of the keywords they want people to use to find them are included in the content of the website.

One quick note about content.  I am a big believer that creating fresh content helps your website.  If you have quality content, it gives your users reasons to come back.  The search engines really like fresh content too.  So fresh content is good for both existing users and the users that have not yet discover you.


To recap we discussed why SEO takes some time, how to use keywords in meta tags and how to use keywords in your content will all help your SEO rankings.  There is a lot more to your SEO strategy but this should get you started.

So what do you think?  Leave your comments below.  If you enjoyed this article and would like to get more content, please follow me on Twitter and like my Facebook page.


Google SEO Starter Guide

Keyword Research Tool


The bad news is that your organization’s website is at risk, because they all are. There are plenty of people out there with devious intentions whose aim is to embarrass you and steal you and your users information.  I have seen many variations of this in my time as a developer, some of them due to my lack of experience at the time.  In this article I will give you an overview of the most common ways you can protect yourself from threats.  I will expand on all of these topics in later posts but I wanted to start with an overview.  So lets begin.

Threat #1: Passwords

You have passwords for your website (if you are using a CMS like WordPress), email accounts, computers, FTP, social media accounts and more.  The easiest way to protect yourself is to have strong passwords.  An example of a weak password is something like: password123.  Now I have not personally seen a password this week, but in my time I have seen passwords almost as week.  What you are aiming for is a strong combination of Uppercase, lowercase, digits and special characters.  The longer the better.  As an example our week password from above, password123 could be made much more secure if it were pa$sWord123.  However, I still wouldn’t use that.  It’s still too obvious.

Threat #2: Insecure Sites

The second threat is an insecure site, specifically yours.  What you need to do is to never enter any sensitive date into a website that is not running on HTTPS with a  valid security certificate.  And by sensitive date I mean passwords, credit card numbers, driver license number, social security number or anything you don’t want to be made public.  Your should be running your site over HTTPS vs HTTP because HTTPS encrypts the data between the client (your device) and the server, which makes it much more difficult to steal.  Fortunety, running over HTTPS is not hard too do and I’ll show you how in a later post.

Threat #3: External Threat

The external threat are those individuals with malicious intent, that intend to cause harm on your website and to your organization.  There are too many varieties of this to mention but the best things I recommend are related to your website setup. The first is to purchase and run anti-malware software on your web host.  This is essentially the hosting equivalent of anti-virus software for your computer.  The second is to run security plugins on your website that are finely tuned to detect threats such a brute force attack.

Threat #4: Internal Threat

The internal threat are those individuals in your organization that can harm your site but do so unintentionally and not out of malicious intent.  Typically these people accidentally break something they should not have been given access to in the first place.  This is an easy one to prevent.  Your administrator should limit user permissions so that users can edit what is necessary for them to perform their role and nothing more.  For example, if someone in your organization is only responsibility is for posting articles they should not have the ability to add and remove plugins, update themes, etc.


WordPress is the most popular CMS in the world.  Approximately 25% of all websites use WordPress.  However, there are two varieties of WordPress.  In this article I explain both and why one of them is far preferential to the other.

Two Versions of WordPress is the first version of WordPress I shall discuss.  Using the .com version of WordPress the WordPress organization takes care of all the hosting and all you have to do is login and create your site.  The result of this will give you a URL that looks like on the other hand is also called self hosted.  Using this type of WordPress you would download the latest version from and install it on your web host, which you choose, using a domain that you own.  Since it is so popular, almost any host offers WordPress hosting.  Using the self hosted version, would give your site a URL such as

Oh and both versions are 100% free to use. So there is no cost to get WordPress (either version).  That is one of the primary versions it is so popular (that and its really good).


My recommendation is to always use the self hosted version.  It will give you the most professional representation for your organization.  Think about it.  What sound more professional or

Also if you use the self hosted version it will scale much better.  For example, suppose your just starting out and you choose the version (  Then you experience some growth.  How long are you going to want your website to be instead of

So do yourself and your organization a favor.  If you are going to use WordPress to build your website, use the self hosted version on your own domain.  And don’t think that hosting is going to break the bank.  You can get some really great hosting packages for little more than a hundred dollars a year.  If this is a concern to you, then you probably can’t afford a website anyhow because you will have many other costs beyond hosting such as development fees, stock photography, email hosting and more.