8 Terrifying Reasons Hackers Love it When You Install WordPress Using 1-Click Methods

Posted by John Shaver on Jan 22, 2013 in
8 Terrifying Reasons Hackers Love it When You Install WordPress Using 1-Click Methods

I've seen a ton of people out there 'teaching' you how to setup a self-hosted WordPress website. If you're looking to start your own online venture, you may think you've found the Holy Grail. The problem is that using 1-click installers is a bad idea, as it leaves your website open to hackers.

Everyone is using 1-click installers that come with their hosting accounts simply because they don't know any better. It is indeed quicker, but can open up your website to a ton of security vulnerabilities, especially when compared to installing WordPress manually (which takes less than 5 minutes anyways).

A tutorial on using a 1-click installer is like teaching you how to open a jar of mayonnaise.

Step 1

Open mayonnaise.

Step 2


That's not something you need to be taught. If you want to learn the proper way to do it, read below.

What is a 1-Click Installer?

A 1-click installer is also known as an easy installation script. It's just like the name sounds. You login to your hosting account and click 'Install WordPress'. You now have a WordPress website live on the Internet. It sounds too good to be true, and it can be if you're unfamiliar with what's going on behind the scenes.

Below are the top 8 reasons why hackers love it when you install WordPress using a 1-click method. If you just want to take my word for it and get started the right way, you can see my post on how to install WordPress manually using cPanel here.

1. Out-of-Date WordPress Software

WordPress is constantly updated when new security holes are patched, and you should make sure to keep up-to-date with every new version that's released. 1-click installers need to be tested with new versions before they are released to the public. WordPress is updated very often and it's common that 1-click installations using Fantastico or Simple Scripts will install an older version of the software, leaving you susceptible to hackers.

Believe me when I say that WordPress hackers are constantly on the prowl. There are over 60 million WordPress sites worldwide, and a huge number of them are using unsafe, out-of-date versions of the software.

By installing WordPress manually, you'll have the most recent, and most secure, version from the very beginning.

2. Insecure Database Names

During my testing of 1-click installers, the databases are often given the same generic names as a million other websites. Fantastico created a database named 'wrdp1'. If I were to create another database, it would be named 'wrdp2'. A third named 'wrdp3', and so on. Hackers know that this is the default behavior and will use it against you.

One layer of defense against hackers is that they don't know your database names. By using an easy installation script, you're simply giving them information that helps them hack your website.

3. Insecure Database Usernames

Not only are your database names now compromised, but so is your database username. Hackers now have both your database name and your database username. All they need to guess now is your password, and far too many people have weak passwords already.

Would you rather they have to figure out all three items (database name, database username, and database password), or are you content giving them a 2/3 head start?

4. Insecure/Harder to Remember Database Passwords

For example, Fantastico generates a database user password that is 12 characters long and contains upper and lowercase letters and numbers. This isn't too bad, but is still not the most secure, or easiest to remember.

If you install WordPress manually, you'll be able to specify a more secure password — always use symbols too.

5. Insecure Database Table Prefixes

WordPress uses the default table prefix of 'wp_', and 1-click installers usually don't allow you to change this. By installing WordPress manually, you can (and should) specify a different prefix, giving your website another layer of protection from attack.

6. Insecure Installation Files

Fantastico created a file named 'fantversion.php' that contains information you may not want other people to have. If hackers learn how to break into these files and you have one sitting on your server, you're an easy target.

7. Unwanted/Insecure Addons

Some easy installation scripts will add things you don't want, or don't realize you have. Like a footer widget promoting the host you are signed up with, or other plugins that may be susceptible to hacking.

8. Unknown Problems

If you Google 'WordPress upgrade problem' you'll see tens, if not hundreds, of thousands of people who are having issues upgrading their WordPress installations after using 1-click installers. The recommended solution is almost always to reinstall WordPress manually from scratch because it's faster and more effective than trying to track down any issues caused by ever changing easy installation scripts.

Not being able to properly upgrade your website can be a huge security risk, but can also make you miss out on new, useful functionality.

Not only can 1-click installers cause issues that keep you from successfully upgrading, they can (and have) caused entire sites to crash. It's well worth the extra couple of minutes it takes to install WordPress manually to ensure this doesn't happen to you!

It's important to remember that not all 1-click installers are created equal. Some are better than others, but the only way to ensure the safety of your WordPress site is to install WordPress manually.

If you don't know what half the stuff I mentioned above really means, then that's all the more reason to heed my warnings.

What Makes a Good Web Host?

A good web host will not limit you to 1-click installations, but give you a ton of freedom in setting up your websites.

I have always used BlueHost and Hostmonster to set up new sites (which number in the hundreds) and have been more than satisfied with their service and support.

*The above recommendations are made using affiliate links. I only recommend things I use myself and am very satisfied with. If you sign up for a hosting account, please use the links above to support this blog.

Have you ever come across any problems using 1-click installations? Has your WordPress site ever been hacked before? Leave your stories and comments below.

Get Connected

Have an idea for a product? Want to learn something specific? We’d love to hear from you!

Send us an email or connect with us on social media.

Don't Miss Out

Enter your email address now for free updates on freebies, tutorials, and exclusive subscriber discounts.

Earn With Us

Collect some cash just by sharing the design articles and resources you love.

Become a Design Panoply affiliate and start earning now.

Start Making Money Now