Title: Security Issue? Last modified: August 19, 2016 --- # Security Issue? * [loller6661](https://wordpress.org/support/users/loller6661/) * (@loller6661) * [17 years, 2 months ago](https://wordpress.org/support/topic/security-issue-4/) * Can this be done?? * if so wouldnt it be necessary to remove install.php after wp instal? would it affect updates? * > Step 1. Excessively access /wp-admin/install.php to get mysql server temperorily > down because of too many parallel connections. > Step 2. Because mysql sever is down, the install.php will no longer show “You > appear to have already installed WordPress. To reinstall please clear your > old database tables first”, but will respond like a new installation with a > form to fill in domain and email, because the function is_blog_installed() > in the source codes of install.php will return “FALSE” for its failure in accessing > the database. > Step 3. Fill the form with new domain and new email and try to update the database > when mysql server has just recovered to work. If successful, they will get > a new admin account sent to their email, all the internal links of my blog > will become external links and they will steal lots of traffic and hardlinks. > If not successful, my site will be still down. > So, I should say I’m lucky that servage has a limitation in hits and my account > won’t recover until tomorrow. This is a very dangerous security hack. Viewing 5 replies - 1 through 5 (of 5 total) * [tomontoast](https://wordpress.org/support/users/tomontoast/) * (@tomontoast) * [17 years, 2 months ago](https://wordpress.org/support/topic/security-issue-4/#post-1047236) * Simple answer NO. * When the `wpdb` is loaded it checks that it can make a connection with the database. If this fails it calls the function `wp_die()` which will halt the script. The only way for you to carry out this hack would be either to modify the data travelling from the MySQL database or to in some way cause the database to shut down between the connection being made and wordpress requesting `is_blog_installed()`. * Having said that removing install.php after you have installed your blog might be a good idea and would improve the security of your blog. * Thread Starter [loller6661](https://wordpress.org/support/users/loller6661/) * (@loller6661) * [17 years, 2 months ago](https://wordpress.org/support/topic/security-issue-4/#post-1047300) * ok thx for the feedback. * Will it give issues when I upgrade the blog when having install.php removed? * [whooami](https://wordpress.org/support/users/whooami/) * (@whooami) * [17 years, 2 months ago](https://wordpress.org/support/topic/security-issue-4/#post-1047303) * who cares, remove it. I remove it. always. * even better for you maybe, just rename it. * [tomontoast](https://wordpress.org/support/users/tomontoast/) * (@tomontoast) * [17 years, 2 months ago](https://wordpress.org/support/topic/security-issue-4/#post-1047307) * No it won’t affect upgrading your blog. install.php is only for creating a completely new copy of wordpress. * Thread Starter [loller6661](https://wordpress.org/support/users/loller6661/) * (@loller6661) * [17 years, 2 months ago](https://wordpress.org/support/topic/security-issue-4/#post-1047332) * ok thanks guys Viewing 5 replies - 1 through 5 (of 5 total) The topic ‘Security Issue?’ is closed to new replies. * In: [Requests and Feedback](https://wordpress.org/support/forum/requests-and-feedback/) * 5 replies * 3 participants * Last reply from: [loller6661](https://wordpress.org/support/users/loller6661/) * Last activity: [17 years, 2 months ago](https://wordpress.org/support/topic/security-issue-4/#post-1047332) * Status: not resolved ## Topics ### Topics with no replies ### Non-support topics ### Resolved topics ### Unresolved topics ### All topics