WordPress one click or manual install?

11 replies
Hi all, someone on YouTube said that doing a manual install for WordPress gives you more control than the one click install on some hosting CPanels.


Is their a difference after both is installed in control, function, ease of use, security, etc.?


Your Thoughts and experience would be greatly appreciated on this topic.


Thanks,
GreenFTW
#click #install #manual #wordpress
  • Profile picture of the author Steve L
    Originally Posted by GreenFTW View Post

    Hi all, someone on YouTube said that doing a manual install for WordPress gives you more control than the one click install on some hosting CPanels.


    Is their a difference after both is installed in control, function, ease of use, security, etc.?


    Your Thoughts and experience would be greatly appreciated on this topic.


    Thanks,
    GreenFTW
    More control in what way? I find QuickInstall to be really useful. It will automatically update Wordpress when a new version is available.
    {{ DiscussionBoard.errors[10368259].message }}
    • Profile picture of the author FaBiz
      You are never wrong if you go for the old school Wordpress install and doesn't take that much anyway.

      FaBiz
      Signature
      Increase Your Social Exposure by 400%!
      {{ DiscussionBoard.errors[10368272].message }}
  • Profile picture of the author Marc Rodill
    I don't see the point. WordPress one click install takes no time at all and you can modify the hell out of it and like he said automatic updates. I mean it assigns you a DB but I don't see the downside.
    Signature
    Long Lost Warriors! The Secret Sales System! Act Now! Buy Now! Right Now!
    {{ DiscussionBoard.errors[10368274].message }}
    • Profile picture of the author JohnMcCabe
      Originally Posted by Marc Rodill View Post

      I don't see the point. WordPress one click install takes no time at all and you can modify the hell out of it and like he said automatic updates. I mean it assigns you a DB but I don't see the downside.
      Marc, the downside is security.

      The DB name assigned follows a recipe that is well-known to hackers. Most people use formulaic passwords as well. This makes it pretty easy to hack most WP installs that used the one-click installer.

      As long as you don't show up on some hacker's radar, there's no other real downside to using the installer.

      Now I'm an admitted control freak, especially when it comes to this kind of stuff.

      When I did my last installs, I used one of those secure password generators to create both the DB name and user/password. I wrote the data on a sheet of paper, which I keep in a secure place. The odds of someone hacking one of my WP installs is pretty insignificant, at least via the usual routes.

      It's another reason that I prefer to keep plugins to the bare minimum. The fewer doors and windows, metaphorically speaking, the less likelihood of a digital burglar getting in.
      {{ DiscussionBoard.errors[10368306].message }}
      • Profile picture of the author kilgore
        Originally Posted by JohnMcCabe View Post

        Marc, the downside is security.

        The DB name assigned follows a recipe that is well-known to hackers. Most people use formulaic passwords as well. This makes it pretty easy to hack most WP installs that used the one-click installer.
        While I'd be the first to admit that I know nothing about CPANEL, one-click installs or even shared hosting, based on what you described, I really don't see any security downside to the one-click install. If a user knows the name of a database that gets them absolutely nothing. They still need the appropriate credentials to log into the database to access it. And if a user has those credentials, he/she doesn't actually need to know the name of the database. Simply logging into the database and issuing a "SHOW DATABASES" command will list all the databases that he/she has access to.

        Originally Posted by JohnMcCabe View Post

        As long as you don't show up on some hacker's radar, there's no other real downside to using the installer.
        Unfortunately, the fact is everyone is always on some hacker's radar. I'm constantly looking at my log files and the amount of traffic we have from malicious bots (both scrapers and hackers) is mind-boggling. Hackers are constantly scouring the web looking for vulnerable sites and servers. Really, there's no way to stop being attacked -- you just have to make sure that you minimize your vulnerability and have a good plan in place should you get compromised.

        Originally Posted by JohnMcCabe View Post

        When I did my last installs, I used one of those secure password generators to create both the DB name and user/password. I wrote the data on a sheet of paper, which I keep in a secure place. The odds of someone hacking one of my WP installs is pretty insignificant, at least via the usual routes.
        This is a great point and a great idea. Since you're unlikely to need to type in your password to your database very often (if ever) there's really no downside to having a really complex password. (Though again, I don't see any upside to a complex DB name.)

        I'd also add that you should limit the hosts from which you can connect to your database, either through MySQL's privilege system, through a firewall, or ideally through both. This last point is why I really don't like things like PHPMyAdmin as it basically makes your database available everywhere.

        Originally Posted by JohnMcCabe View Post

        It's another reason that I prefer to keep plugins to the bare minimum. The fewer doors and windows, metaphorically speaking, the less likelihood of a digital burglar getting in.
        Also a good point. All it takes is one plugin to be vulnerable -- either because it was poorly coded or not kept up to date and your whole site could be at risk. Plugins can be really useful, but their not without risk.

        As to the OP's question, again, I'm not a CPANEL expert, but one potential downside I can see to a one-click install is that it might make it difficult to set up a development -> staging -> production workflow, something I think that few people bother setting up, but which I think is really, really important. Other than that, it seems that a manual install would give you more control, but probably not anything that you couldn't change after the fact with a one click install.
        {{ DiscussionBoard.errors[10368440].message }}
        • Profile picture of the author webmarketer
          You could get your DB name, MySQL user and password in your wp-config.php file. It's good to back-up this file on your desktop site folder. [EDIT: That is, if you did the quick install.]

          Whether I manually install or do a quick install, I make sure that the password is complex and more secure by mixing caps, numbers, characters and symbols.
          {{ DiscussionBoard.errors[10368469].message }}
  • Profile picture of the author Mark Singletary
    If nothing else, the one click installs adds the potential for problems because a third party handled the source before you got to use it. The code was on someone else's computer where they made changes to various things to fit the one click install process. You've probably read the advice to only download free themes from the WordPress site for safety reasons. The same applies here.

    There was a thread recently where a fellow discovered that a couple sites he used the automatic install on were hacked but others of his were not. Not sure if it has any relation or not.

    Many times the one click install version is NOT the most up-to-date. I was with a host within the last couple years where the WP version was a couple years old but still being installed daily by unsuspecting users.

    For me I always do the manual install.

    Mark
    {{ DiscussionBoard.errors[10368377].message }}
  • Profile picture of the author BenJackson
    There's no difference. Use a one-click installer because it's faster and easier - that's why it exists.

    The database name doesn't pose a security threat. Someone having access to your database is a threat, and that shouldn't ever happen. If you're worried about security, get a firewall like Sucuri or use hosting that has a firewall built in, like WP Engine.

    If you're using a reputable host, the installer will use the newest version of WordPress. If not, you can update to the newest version in about 30 seconds.

    You shouldn't be uncomfortable with an auto-installer simply because you don't understand or control it. If that's the case, then you should also be uncomfortable with WordPress itself, and the internet, and the computer you're using. Part of using the web is operating with a massive amount of functionality you don't understand or see, and that's just fine.
    {{ DiscussionBoard.errors[10368390].message }}
    • Profile picture of the author GreenFTW
      Originally Posted by BenJackson View Post

      There's no difference. Use a one-click installer because it's faster and easier - that's why it exists.

      The database name doesn't pose a security threat. Someone having access to your database is a threat, and that shouldn't ever happen. If you're worried about security, get a firewall like Sucuri or use hosting that has a firewall built in, like WP Engine.

      If you're using a reputable host, the installer will use the newest version of WordPress. If not, you can update to the newest version in about 30 seconds.

      You shouldn't be uncomfortable with an auto-installer simply because you don't understand or control it. If that's the case, then you should also be uncomfortable with WordPress itself, and the internet, and the computer you're using. Part of using the web is operating with a massive amount of functionality you don't understand or see, and that's just fine.


      Question is the WP Engine a WP plug-in? If so, is it downloadable for WordPress.com?
      And if I use one-click WP install where do I see the version number, so I can check vs. WordPress.com?
      {{ DiscussionBoard.errors[10368499].message }}
      • Profile picture of the author BenJackson
        Originally Posted by GreenFTW View Post

        Question is the WP Engine a WP plug-in? If so, is it downloadable for WordPress.com?
        And if I use one-click WP install where do I see the version number, so I can check vs. WordPress.com?
        WP Engine is a hosting company that caters to WordPress sites. They have a built-in firewall and are very keen on security. That said, it is expensive, so you could instead get Sucuri and a cheaper host if you're not okay with the price.

        You can use security plugins as well, but firewalls protect you from DDoS attacks and in other ways a plugin cannot.

        You can always check the version of Wordpress you're using at the bottom-right corner of any admin screen. The current version is 4.3.1.

        EDIT: I'm talking about your own installation of the WordPress CMS, so it has no connection to wordpress.com.
        {{ DiscussionBoard.errors[10368571].message }}
  • Profile picture of the author yukon
    Banned
    I've been running one click WP installs for years & never had a single hack on a database.
    Signature
    Hi
    {{ DiscussionBoard.errors[10368470].message }}

Trending Topics