Why is One Click Blog Installation the Dangerous Way to Install Wordpress?

Why is One Click Blog Installation the Dangerous Way to Install Wordpress?
By [http://ezinearticles.com/?expert=Micheal_Savoie]Micheal Savoie

It scares me to think that experts all over the world are telling people that they can easily install Wordpress from their control panel using a "One Click Install" of the Fantastico Wordpress Icon. They are setting up a lot of people to a life of frustration and vulnerability.

Fantastico is a very useful resource for a new webmaster who just purchased a domain and hosting account and now wants to put something on his or her website instead of the little logo from the hosting company. Usually there is a minimum of 10 to as many as 30 different scripts set up to be installed by just entering a few forms and BAM! Your script is installed.

Unfortunately, the same script that makes these program installations so simple for the user, also makes it much simpler for a hacker to make figure out 2 of the 3 keys that can open the blog (or any of the other scripts like Joomla) up for complete control. The only line of defense you have is a strong password, which means it must be written down, and by default makes it insecure.

How can I make such an outlandish claim? As a webmaster, I often worked with databases in the server and I began to notice a pattern among all of the Wordpress Installations that had been installed by the Fantastico script: all of the database names and usernames were nearly identical!

I wrote a manual to teach my clients how to repair this security flaw themselves, and I have been giving it away for free. Soon I started hearing others talking about Fantastico negatively, but for a different reason. When they tried to upgrade Wordpress after a Fantastico installation, some of the files would not allow the installer to overwrite them and many users were left having to completely reinstall their blogs from scratch.

What happens is that when Fantastico installs the files, some of the permissions of the files belong to the server instead of the user, which means that the user cannot make changes to those files unless the administrator actually takes control of the files. One of my clients had that happen to his blog, and it was not until I opened up a support ticket with his hosting provider that I managed to get them to give me control of those files.

When installing blogs, it is important to create a database name that is not easily guessed. It is also important to use a user name that is different from the database name (unless you do not have a choice). Then you can use a hard to guess password to round out the strength of your installation.

So you can see that the very convenience of the One Click Blog Install is also the reason you should stay away from it, because it is just as easy for a hacker. For people who are afraid to do blog installations themselves, I have created the guide to allow you to repair the blog installation and patch the security holes. It will not help you with the file permissions, but it will take care of the hacker situation.

With a secure blog, you are more likely to spend your time writing articles and earning money from it, instead of having to worry that all of your hard work is stolen from you by hackers.

Micheal Savoie teaches blogging, blog installations and making money from blogs at My Blogging School where you can also get a [http://mybloggingschool.com/freebloginstall/]free Wordpress installation for trying his [http://mybloggingschool.com/maint/]blog maintenance program for a month. Use the helpdesk link at the bottom of either of these pages to request my free Fantastico Fix guide!

Article Source: http://EzineArticles.com/?expert=Micheal_Savoie http://EzineArticles.com/?Why-is-One-Click-Blog-Installation-the-Dangerous-Way-to-Install-Wordpress?&id=2209312