I'm always annoyed when I register for a web site only to have my user ID mysteriously disappear. The "scouting.org" web site has recreated itself about four times in the past decade. Each time has led to re-registration by the entire user community.
Therefore I decided to make a strong effort to retain my user community while migrating my site. The easy part was to contact those who provided email addresses and tell them what was happening. The hard part was to deal with passwords.
WordPress is well designed for blogging. I got used to the TinyMCE editor and easy-to-reach features to import graphics when using WordPress. I also got used to less sophisticated things like paragraph breaks and section subheadings. And I like the email alert when there's something to moderate.
I was appalled to discover that these things are omitted by default in Drupal.
This process looks deceptively simple. WordPress happily exports all entries into a nicely formatted XML file. Drupal has a "WordPress Import" module that appears to do a comfortable import. What could possibly go wrong?
Well, in Drupal, everything comes down to a question of surprising choices for defaults. At least, if you are expecting ease of use, the default choices seem surprising.
I've been trying to get these two to play nicely together for a while, and it looks as if Will Norris may have finally slain this here dragon. Will is the principal author of the Wordpress OpenID plugin.
In an ideal world, people never, ever disclose passwords on unprotected Internet connections. In general this means the server has to provide SSL support. However, you can sort of sidestep the problem by using OpenID. It's not perfect, but it addresses that particular vulnerability. (Revised 1/28)
Will Norris is working on a revision to OpenID for WordPress. This is good, and I have some observations and suggestions. At the moment the OpenID plugin works pretty well - I have separate logins delegated through domains I own. I routinely log in through OpenID for both routine and administrative activities.
This is more of a reminder to myself - you can enable SSL on WordPress, but it's essentially an undocumented feature. This afternoon all I could find was a forum posting on enabling SSL.
There doesn't seem to be genuine documentation on it in the Codex, at least, not documentation that pops out when you do a search.