Why WordPress manual installation is better than one click installation

Yes, you will fall at the mid-ocean, trust me!

Well, most of the bloggers just maintain a simple blog so usually they don’t need to worry. They just need to keep a regular backup. But if you are planning to run a business site in wordpress and if that site is your everything, never ever use one click installer to install wordpress! You’d be better off installing it manually which may take you a few minutes longer to install.

Here you can get an idea about manually installing wordpress:

If you want to install manually, download wordpress from here. Then you can upload this through ftp. You can use several ftp client such as – filezilla, coreftp, fireftp (a firefox add-on) etc. You can know about uses of filezilla here.

Why you should not use One-click installer

  • Big WordPress Security Risks
  • Exporting and importing content with WordPress’s built in export tools
  • They use old scripts. Updated versions of WordPress or any script are not immediately released on those services. They install an outdated version of WordPress. It’s not a good start with outdated one.
  • They bypasses almost all settings used for installing
  • Sometimes it has issues while you want to upgrade.
  • Suppose first created database is wpdb1 and the next one is wpdb2 and so on. Malicious hackers know this is how they’re created and it gives them more ammo.
  • Created a file named fantversion.php (or something similar), which is common for all auto installers. This is a security risk if crackers know how to break into it.
  • The auto created database name and the database username is same in most cases.

So what to do if you have already installed?

  • First of all, keep a backup of whole site and the database.
  • Download latest wordpress from WP rep. (see above for link)
  • Delete wp_admin and wp_includes folder via ftp.
  • Extract the zip and upload only wp_admin and wp_includes folder via ftp.
  • Change (alter) the database name, db username and password.
  • Put the changed db name, db username and db password in wp-config.php.
  • Get new auth key, salt etc from https://api.wordpress.org/secret-key/1.1/salt
  • Copy and replace the keys in wp-config.php
  • Uninstall the plugins that come with default one-click installation

It should work.

WordPress is a 15min install when completely secured and optimized through htaccess. So it’s your decision what will be your route. I just showed you some examples, if you do a little research over google you will get lots of ideas about it.

1 reply
  1. Ulterios
    Ulterios says:

    Very nice article. I especially liked how you pointed out the security risks that are present with one-click installers.

    What I liked even more is that you gave some pointers on how to secure up a WordPress site if someone already has installed WordPress using one-click.

    It’s nice to have a good informative article like this, thank for sharing this. 🙂


Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *