How 1-Click Script Installers Can Hurt Server Security
What is a One-click Script Installer?
A 1-click script installer is itself a script that installs other software on web servers. Most hosts offer these script installers because it helps people who are new website administrators get started faster and easier. For instance, if they want to run a WordPress site, they don’t have to spend a half hour learning how to get their hosting account setup and ready to run WordPress. They just click a button and it’s installed instantly and automatically.
Why We Don’t Use These at LazyLizard: While script installers make things very easy in the beginning they have a tendency to complicate things later on. Since the automated script installer is a script in itself, it also needs to be constantly maintained ,and if it isn’t it can become a source of serious problems.
Our first and foremost goal at LazyLizard is to maintain the secure environment possible for WordPress sites. In our experience with script installers, they can eventually become obstacles to that goal. When a script installer is used to install WordPress, the installer becomes the controlling “authority” over when WordPress itself can be updated. If WordPress issues an update, it can only be installed on your site when the script installer says it can.
And that’s where the problems begin. Two things have to work together for the script installer to always upgrade to the latest version of WordPress. One, the script installer must always know which version you’re currently on. And two, the installer must become aware whenever WordPress issues a new version.
It is in these two processes that script installers can make mistakes and start to cause problems. For instance, if you manually update WordPress yourself before the script installer has a chance to, the installer can become confused as to which version you have. It will think you have the latest version it installed – when in fact you now have a newer version. But the installer doesn’t have any way of knowing you’ve installed a new version on your own (through the automated WordPress update feature, found within WordPress itself) because it expects all upgrades to go through the installer itself.
The bottom line is, script installers are just another layer of software between you and WordPress. And every layer adds a new opportunity for complications and problems.
Key to Good Server Security: One of the prime keys to robust server security is to keep things as streamlined as possible. If a piece of software isn’t absolutely necessary, then it shouldn’t be used. Because all software that runs on servers has the potential to cause problems. So, our philosophy at LazyLizard is to use no software unless it is absolutely necessary to the smooth functioning of the server. And script installer software, simply isn’t necessary. Therefore, the potential it has to cause problems is greater than the few minutes of time it saves most website owners who are only going to use it once or twice anyway.
The Cons of 1-Click Installers
- Configuration settings may not be the most optimal or secure
- Dependence on update service may result in update delays
- Fewer customization options
A “script” is simply a bit of programming code, that is typically used on websites that provide a variety of functions for the site. A function may be a very simple one such as an interactive contact form. On a contact form, people can fill in their name and contact info, write a comment, click submit and have their info sent to whoever they’re trying to contact.
In that example, several interactive functions take place that require a “script” or some software code to run. People are presented with text boxes where they can type in a customized message. They may be presented with drop-down boxes where they can make various choices. Then, depending on what they choose, the programming code that runs the script will decide what to do with the results. Maybe the message will be sent to the website’s sales department or their tech support department.
Or perhaps, the script makes it possible for people to place orders for products and services on a website.
A script can be used in conjunction with other scripts to create a more complex function or website. For instance, WordPress could be called a script, although it’s normally called a “content management system” (CMS). The WordPress CMS is really a combination of hundreds of small scripts that are tied together to make a single functioning system.
A website owner may want to install a script that runs, say, a Content Management System (CMS) such as WordPress. While WordPress itself is technically a “script”, your web host may also provide another script called an Automated Installer script.
If your host provides an Automated Installer script and you want to install WordPress, all you have to do is login to your web control panel area and click the installer script and choose WordPress. The installer script will perform all the routines necessary to install WordPress. This will include uploading and unpacking the WordPress files, as well as creating the database that WordPress will need in order to run.
Yes, absolutely you can. And it’s not that difficult, especially if you’ve done it once or twice before. However, if you’ve never done it, it may be a bit intimidating. We at LazyLizard are more than happy to do this for you, if you’d like our help.
If you’d like us to install WordPress for your site that is hosted with us, just click here, fill out the form and we’ll take care of it for you.