But behind its simplicity lies several weaknesses due to the easy-guessed installation settings. Hackers can easily guess the database name, the database user and the database prefix because all the WordPress blogs that is installed using one-click auto installer like Fantastico would have the same database prefix, user and database name pattern. Here are some reasons why you should avoid 1-click WordPress installation:
Outdated Version of WordPress
WordPress as the most popular blogging software should be updated as soon as possible whenever an update comes out. But an automatic installer usually installs an outdated version of WordPress. Many Fantastico users reported this problem. WordPress in SimpleScripts is updated more often, but still, we have to wait a few hours before the latest version of WordPress available in SimpleScripts.
Same Pattern of Database Name
Automatic installer like Fantastico and SimpleScripts creates the same pattern for the database name for all WordPress blogs installed using these installers. SimpleScripts would create wor1 or username_wor1 (username here is your hosting account username) and if I create another one it would be wor2 or username_wor2. Fanstastico does the same, the only difference is the database name is wrdp1 or username_wrdp1. Because this is a standard, so everyone knows about this. Some people who called themselves hackers can use this information to do something bad to your site.
Same Pattern of Database Username
Yes!, if you use Fantastico or SimpleScripts to install your WordPress, these tools will give you the same database username as the database name itself. This is absolutely a security risk.