Title: Security Issue?
Last modified: August 20, 2016

---

# Security Issue?

 *  Resolved [Pena47](https://wordpress.org/support/users/pena47/)
 * (@pena47)
 * [14 years, 10 months ago](https://wordpress.org/support/topic/security-issue-11/)
 * So, I can’t imagine this has gone completely unnoticed, but I found it very odd.
 * I set up WordPress (I uploaded it via ftp) and configured the wp-config.php file
   with the MySQL database info. Now it seems that when you go to the website, ANYONE
   can set up the initial username and password.
 * Of course I always go to the site immediately and set up my own username and 
   password, after which you get the login screen, but shouldn’t there be a more
   secure way?
 * _[Moved to Requests & Feedback]_

Viewing 6 replies - 1 through 6 (of 6 total)

 *  [esmi](https://wordpress.org/support/users/esmi/)
 * (@esmi)
 * [14 years, 10 months ago](https://wordpress.org/support/topic/security-issue-11/#post-2158050)
 * Such as?
 *  Thread Starter [Pena47](https://wordpress.org/support/users/pena47/)
 * (@pena47)
 * [14 years, 10 months ago](https://wordpress.org/support/topic/security-issue-11/#post-2158058)
 * Such as requiring a password in the wp-config file to be used as the default 
   password to log into WordPress. That way only the person with access to the wp-
   config file can set the password.
 *  [esmi](https://wordpress.org/support/users/esmi/)
 * (@esmi)
 * [14 years, 10 months ago](https://wordpress.org/support/topic/security-issue-11/#post-2158061)
 * > Such as requiring a password in the wp-config file
 * Eeek! Such a password would be exposed to anyone who hacks into the server.
 *  [Clayton James](https://wordpress.org/support/users/claytonjames/)
 * (@claytonjames)
 * [14 years, 10 months ago](https://wordpress.org/support/topic/security-issue-11/#post-2158087)
 * > I set up WordPress (I uploaded it via ftp) and configured the wp-config.php
   > file with the MySQL database info. Now it seems that when you go to the website,
   > ANYONE can set up the initial username and password.
 * That would be correct. You have just performed [steps 3, 4, and 5 of the Famous 5-Minute Install](http://codex.wordpress.org/Installing_WordPress#Famous_5-Minute_Install)
   routine. At this point, a reasonable assumption has to be made that your intent
   is to complete the installation. The only time it might become an issue is if
   you do exactly that which you have described, and then fail to complete the install
   process. But it makes no sense for that to be the case.
 *  Moderator [Ipstenu (Mika Epstein)](https://wordpress.org/support/users/ipstenu/)
 * (@ipstenu)
 * 🏳️‍🌈 Advisor and Activist
 * [14 years, 10 months ago](https://wordpress.org/support/topic/security-issue-11/#post-2158088)
 * It’s a security issue, yes, but there’s no reasonable way around it. Yes, it’s
   possible there are legit reasons you could get most of the way through and stop(
   local power outage, etc), but this is a risk you run with all web apps during
   installs.
 *  Thread Starter [Pena47](https://wordpress.org/support/users/pena47/)
 * (@pena47)
 * [14 years, 10 months ago](https://wordpress.org/support/topic/security-issue-11/#post-2158096)
 * > Eeek! Such a password would be exposed to anyone who hacks into the server.
 * If someone hack into the server you’ve probably got bigger issues…
 * > That would be correct. You have just performed steps 3, 4, and 5 of the Famous
   > 5-Minute Install routine. At this point, a reasonable assumption has to be 
   > made that your intent is to complete the installation. The only time it might
   > become an issue is if you do exactly that which you have described, and then
   > fail to complete the install process. But it makes no sense for that to be 
   > the case.
 * Fair enough, it wasn’t ever really an issue for me, I just wasn’t sure if this
   had been acknowledged (although I had a hard time imagining nobody noticing).

Viewing 6 replies - 1 through 6 (of 6 total)

The topic ‘Security Issue?’ is closed to new replies.

 * In: [Requests and Feedback](https://wordpress.org/support/forum/requests-and-feedback/)
 * 6 replies
 * 4 participants
 * Last reply from: [Pena47](https://wordpress.org/support/users/pena47/)
 * Last activity: [14 years, 10 months ago](https://wordpress.org/support/topic/security-issue-11/#post-2158096)
 * Status: resolved

## Topics

### Topics with no replies

### Non-support topics

### Resolved topics

### Unresolved topics

### All topics