Title: Install WordPress security question Last modified: August 19, 2016 --- # Install WordPress security question * Resolved [newguyhere](https://wordpress.org/support/users/newguyhere/) * (@newguyhere) * [17 years, 6 months ago](https://wordpress.org/support/topic/install-wordpress-security-question/) * If I delete my old WordPress blog and put a new WordPress installation on, can anyone in the world go to the blog and do the installation? The reason I ask is because when I upload the file through ftp, I can go to the site through my browser and go through the installation process. It does not ask for a username and/or password or anything for that matter. So, I wondered how it knows that it is the actual admin that is going through the process. Therefore, it seems that I can upload it, and leave it there. Furthermore, anyone in the world can access the site and complete the installation. Does that sound correct, or is there some security there? Viewing 7 replies - 1 through 7 (of 7 total) * [krembo99](https://wordpress.org/support/users/krembo99/) * (@krembo99) * [17 years, 6 months ago](https://wordpress.org/support/topic/install-wordpress-security-question/#post-904951) * Have you dropped your database as well ? Did you closed your browser window ? or did you stayed logged in ? there is no security problem in the install process of WordPress, not that I know of.. AND NO ONE else can log in for you, or finish installation for you … (IMHO) The problems occur (usually) when a user, for lack of knowledge, Is doing some operation that is not entering the correct workflow. But that is why this support forum exists. So, the first question .. did you dropped the database as well ? Did you changed the config file ? new prefix ? new security key >? * Thread Starter [newguyhere](https://wordpress.org/support/users/newguyhere/) * (@newguyhere) * [17 years, 6 months ago](https://wordpress.org/support/topic/install-wordpress-security-question/#post-904954) * All the old files got deleted. I copied the config file from the old to the new WordPress installation. Changed the secret key to define(‘AUTH_KEY’, ”); define(‘ SECURE_AUTH_KEY’, ”); define(‘LOGGED_IN_KEY’, ”); As suggested by the website for random key generation. * _(Never actually post your secret keys anywhere… – mod)_ * Database and table is still the same. Using the same browser window to do the installation and the uploading of the WordPress installation files. So, from what I am guessing, there is a cookie stored on my computer that will verify that it is actually me going through the installation process. I worry because if I have to upgrade to 2.7 or higher, but I need to clean the directory and upload the files, Google will still have the cached site in its search. Therefore, if someone goes to my site, I worry that the first thing they will see is the installation page. When I do the installation, I go to aprivatebeach.com/blog. This is where the blog is installed. * [thisisedie](https://wordpress.org/support/users/thisisedie/) * (@thisisedie) * [17 years, 6 months ago](https://wordpress.org/support/topic/install-wordpress-security-question/#post-904956) * Yes, if you upload the files and don’t install, ANYONE going to whatever.com/ wp-admin/install.php could install. But why would you upload and not install? Once you’ve installed if someone went there they’d get a screen that says it’s been installed. * Thread Starter [newguyhere](https://wordpress.org/support/users/newguyhere/) * (@newguyhere) * [17 years, 6 months ago](https://wordpress.org/support/topic/install-wordpress-security-question/#post-904959) * It is the time difference. After the uploading, it only takes an instant to get to the install.php. Therefore, if a site gets say 10000 hits a day, he/she could be upgrading, but unable to install because someone got there before he/she did. This seems to be a security issue to me. * [krembo99](https://wordpress.org/support/users/krembo99/) * (@krembo99) * [17 years, 6 months ago](https://wordpress.org/support/topic/install-wordpress-security-question/#post-904963) * > Database and table is still the same. * like I said, If you did not touched the DB , and stayed with the same browser window, so actually, you never logged out, and by the DB check, you are still a valid user, and logged. There is no security issue, no one else can go inside. However, like I mentioned before, this is NOT THE CORRECT WAY of doing this process.. The correct way would be to put another INDEX file , telling people that you are UPGRADING and be back in no time.. There is even a plugin to do that .. search for it . * Thread Starter [newguyhere](https://wordpress.org/support/users/newguyhere/) * (@newguyhere) * [17 years, 6 months ago](https://wordpress.org/support/topic/install-wordpress-security-question/#post-904964) * I thought it may be a security issue. I was wrong. Thanks for the help. * Now, I can actually sleep without getting grey hairs. * Thread Starter [newguyhere](https://wordpress.org/support/users/newguyhere/) * (@newguyhere) * [17 years, 6 months ago](https://wordpress.org/support/topic/install-wordpress-security-question/#post-904970) * Sorry, I thought the secret key website was generator code. I did not realize it was an actual key. I assumed that it was source code that would randomly generate the key in the config file. I changed it again. Viewing 7 replies - 1 through 7 (of 7 total) The topic ‘Install WordPress security question’ is closed to new replies. * In: [Installing WordPress](https://wordpress.org/support/forum/installation/) * 7 replies * 3 participants * Last reply from: [newguyhere](https://wordpress.org/support/users/newguyhere/) * Last activity: [17 years, 6 months ago](https://wordpress.org/support/topic/install-wordpress-security-question/#post-904970) * Status: resolved ## Topics ### Topics with no replies ### Non-support topics ### Resolved topics ### Unresolved topics ### All topics