But behind its simplicity lies several weaknesses due to the easy-guessed installation settings. Hackers can easily guess the database name, the database user and the database prefix because all the WordPress blogs that is installed using one-click auto installer like Fantastico would have the same database prefix, user and database name pattern. Here are some reasons why you should avoid 1-click WordPress installation:
Outdated Version of WordPress
WordPress as the most popular blogging software should be updated as soon as possible whenever an update comes out. But an automatic installer usually installs an outdated version of WordPress. Many Fantastico users reported this problem. WordPress in SimpleScripts is updated more often, but still, we have to wait a few hours before the latest version of WordPress available in SimpleScripts.
Same Pattern of Database Name
Automatic installer like Fantastico and SimpleScripts creates the same pattern for the database name for all WordPress blogs installed using these installers. SimpleScripts would create wor1 or username_wor1 (username here is your hosting account username) and if I create another one it would be wor2 or username_wor2. Fanstastico does the same, the only difference is the database name is wrdp1 or username_wrdp1. Because this is a standard, so everyone knows about this. Some people who called themselves hackers can use this information to do something bad to your site.
Same Pattern of Database Username
Yes!, if you use Fantastico or SimpleScripts to install your WordPress, these tools will give you the same database username as the database name itself. This is absolutely a security risk.
Default Table Prefix
There is no option available in WordPress pre-installation setting in Fantastico to change the table prefix, so it would use the standard prefix wp_.
SimpleScripts is better than Fantastico because it can create a random table prefix. As you can see from the picture below, Database _wor1 and _wor2 are have a different table prefix.
Numerous Issues With Some Plugin
For example, one of BuddyPress minimum requirements said that "WordPress should be installed manually i.e. via FTP, cpanel, etc. and NOT via webhost scripts (fantastico, softalicious, etc.) which bring about numerous issues when BuddyPress is activated."
Insecure Database Password
Well, actually the database password generated by one-click installer like Fantastico or simplescripts is a pretty secure password, but by installing WordPress manually you would be able to create a stronger password by using some symbol too.
Unwanted Installation Files
If you use Fantastico to install WordPress, it will create some unwanted files in your WordPress root directory like fantversion.php and fantastico_fileslist. txt. And if you use SimpleScripts, it will create MMrequirementProbe.php file in your WordPress root directory. Many people believe that since these files are exposed to the public, it will create another security risk for your website.
For the reasons listed above, we can take the conclusion that if we want to eliminate some security risks caused by one-click script installer, WordPress manual installation is the best solution. I'm not saying that you can't change the table prefix or remove any security risk caused by the automatic script installer after WordPress installed, but manual installation method definitely will save you a lot of time.