WP Options Importer
Matthew Boynes By Matthew Boynes

March 03, 2023

WP Options Importer Plugin

Export and import WordPress Options.

WordPress can presently export all of its content via WXR, and then import that
through the WordPress Importer plugin. That process includes all posts, terms,
menus, comments, and users, but it doesn’t touch options. In addition to
general settings, options can include widget configurations, plugin settings,
theme settings, and lots more. This can be very time-consuming to migrate
manually. WP Options Importer aims to fill that void and save us all a lot of
time.

WP Options Importer allows you to export all options to a JSON file, and then
you can selectively import them into another WordPress installation. The import
process is very transparent, and it even shows you what data you’ll be
importing. Lastly, it gives you the option to override existing settings or to
skip options that already exist.

Installation

  1. Upload the plugin to the /wp-content/plugins/ directory
  2. Activate the plugin through the ‘Plugins’ menu in WordPress
  3. Navigate to Tools → Export and choose “Settings” to export options,
    or navigate to Tools → Import and choose “Settings” to import options.

Screenshots

  1. "Options" is seamlessly integrated as a choice when exporting.

    "Options" is seamlessly integrated as a choice when exporting.

  2. "Options" is seamlessly included in the list of importers.

    "Options" is seamlessly included in the list of importers.

  3. Once you upload the JSON file, you're presented with a choice of which options you want to import and if you want to override existing options.

    Once you upload the JSON file, you're presented with a choice of which options you want to import and if you want to override existing options.

  4. If you choose to import "Specific Options", you're provided with a list of everything in the JSON file. Check the box next to those you want included, or uncheck those which you don't want to include.

    If you choose to import "Specific Options", you're provided with a list of everything in the JSON file. Check the box next to those you want included, or uncheck those which you don't want to include.

FAQ

When I import the default options, [some plugin]’s settings don’t transfer. What gives?

The default options are core options, or those which a plugin has indicated
are safe to import. You can choose “Specific Options” when importing to
manually select those which you need to import.

I’m the author of [some plugin]. Can you add my settings to the default list?

No, but you can! We provide a filter, options_import_allowlist for you to add
your options to the default list. Here’s an example one might add to their
plugin:

function my_awesome_plugin_options( $options ) { $options[] = 'my_awesome_plugin'; return $options; } add_filter( 'options_import_allowlist', 'my_awesome_plugin_options' );

Similarly, if you don’t want someone to ever import an option, you can add it
to the denylist using the options_import_denylist filter. As above, it
would look something like this:

function my_awesome_plugin_denylist_options( $options ) { $options[] = 'my_awesome_plugin_edit_lock'; return $options; } add_filter( 'options_import_denylist', 'my_awesome_plugin_denylist_options' );

I operate a multisite network and some options should *never* be able to be exported or imported by the site owner. Can I prevent that?

You have two options for both exports and imports.

Imports

First, you can use the options_import_denylist filter
and add any options to that array (which is empty by default). If your users
have access to theme or plugin code, this isn’t 100% safe, because they could
override your denylist using the same filter. In those cases, there’s an
emergency ripcord where you can disable options from ever being imported. To
use this, define the constant WP_OPTION_IMPORT_DENYLIST_REGEX (you’ll
probably want to do this in an mu-plugin) and set it to a regular expression.
Anything matching this expression will be skipped. For example:

define( 'WP_OPTION_IMPORT_DENYLIST_REGEX', '/^(home|siteurl)$/' );

Exports

Exactly the same as with imports. The filter is options_export_denylist,
and the constant is WP_OPTION_EXPORT_DENYLIST_REGEX.

Changelog

7

  • SECURITY: Add proper escaping to all echo functions
  • SECURITY: Add nonce checks
  • SECURITY: Sanitize option name values during import
  • ENHANCEMENT: Use wp_remote_get instead of file_get_contents
  • INFO: Deprecate the use of blacklist and whitlelist in favor of denylist and allowlist
  • INFO: Move class into new file
  • INFO: Enable phpcs against the WordPress standard

6

  • Remove multisite site-specific exclusions

5

  • Added WP_OPTION_EXPORT_BLACKLIST_REGEX
  • Breaking: Changed the options_export_exclude filter to options_export_blacklist to be consistent with imports.

4

  • After file upload, store data in transient and immediately delete the file so it doesn’t linger on the server.

3

  • Added blacklists
  • Fixing bug where plugin wouldn’t show in multisite when WP Importer wasn’t active.
  • Misc bug fixes

2

  • Spit & polish
  • Improved error handling
  • Added file cleanup on completion
  • Misc bug fixes

1

  • Brand new!
Download

Details

  • Version: 7
  • Active installations: 9,000
  • WordPress Version: 3.8
  • Tested up to: 6.1.7

Ratings


5 Stars
4 Stars
3 Stars
2 Stars
1 Stars

Tags