Nowdays, most hosting companies offer 1-Click WordPress installation (automatic WordPress script installation) to help their users to create fast and simple WordPress installation, providing them with a ready to use functional website.
There are many 1-Click installer scripts available, depending on your host. One of the most popular are Softaculous, Fantastico and SimpleScripts. They provide the easiest and fastest way to install WordPress on a web server, especially useful for beginners. You don’t need to create database manually, nor upload any files as installer does everything for you.
But… Even though it’s a great feature for beginners without any technical knowledge required, unfortunately it has several weaknesses due to default installation settings. Database name can easily be guessed as well as database user and database prefix, because automatic installers are using the same database prefix for all WordPress installations. The pattern is easy to guess.
I’ve done countless WordPress installations so far and there is barely a host I haven’t worked with so far. Including Amazon 1-Click WordPress install as well Google Cloud Launcher.
Here are is why I think you should choose WordPress Manual install over 1-click installer:
Outdated Version of WordPress
Even though I never recommend updating your WordPress installation as soon as the new version is released because the current theme you’re using and the plugins might not be compatible with the latest WordPress version. You should always check theme/plugin documentation and change log to check compatibility. But still, if you are doing a fresh install, it is recommended to install the latest WordPress version.
However, most of the 1-Click installers will install an outdated copy of WordPress. To be clear, all installers will update your WordPress eventually, but this is what might happen – you will setup your whole site, purchase additional plugins and possibly make your site live. Then you’ll suddenly receive an email saying “Your WordPress installation has been updated” which may cause some parts of your website functionalities to stop working properly. This does’t happen every time, but this issue is worth considering to install your WordPress manually.
Issues with some plugins
One of the most used WordPress plugins “BuddyPress” recommends that WordPress should be installed manually via FTP, cPanel, etc. without using automatic webhost scripts. I have also experienced issues using WP Super Cache, even though I haven’t been able to troubleshoot where the problem was, installing the WordPress manually on the same troubled host, seemed to have fixed the issue. It may also caused some issues with some database related plugins.
Unwanted plugins and files
Most of the automatic WordPress installer scripts will also install some plugins that you don’t want or need and also add some files to your server root installation. Most widely installed plugins are Mojo Marketplace, Jetpack or some other Host related plugins. Files places in your public root directory are exposed to the public and many people believe that they will create another security risk for your website.
Default database table prefix
While some hosts don’t provide you with any option to change database prefix, some hosts offer a user to input their own database prefix, however this is not very useful as the input field is usually pre-populated with the default prefix.
Beginners will usually ignore the pre-populated table prefix and click the install button.
Not so strong database password
Even though the default passwords are strong enough, you could set your own password using a tool like Norton Password Generator to make your datebase password even stronger.
No Salt Keys
Using unique WordPress authentication keys and sales is very important to ensure a more secure WordPress. Also known as the WordPress security keys, they are used by WordPress to ensure better encryption of information stored in a user’s cookies when logged in to a WordPress website or blog. They also have better support for when visiting the WordPress dashboard over SSL.
More reasons why you should not use WordPress 1-Click installer
- WordPress security risks
- Export/Import issues with WordPress built in tools
- Outdated scripts
- Possible issues while upgrading
- Easy to guess database patterns
- Additional files installed inside your public root
- Auto created database user name and password
I have covered most examples by now. Once again, having the latest WordPress version is very important and 1-Click installers will update your version over time. However, I will once again point out that you should read all documentation before upgrading, to make sure your WordPress site continues to work as expected and to ensure maximum compatibility with your theme/plugins. With automatic host updates, you don’t have a control over it.