Why was my new WordPress installation’s config page publicly viewable when first installed?

This is a problem with dreamhost documentation/practice (and I assume with all “one click” installation of wordpress). They should have clarified that you should complete the installation in few minutes from creating the site. The wordpress installation, with its two parts, is assumed to be done at one go.

But then, realistically there is no reason for an attacker to try to hijack such a site as it will be wiped out once discovered and there is no way for the attacker to retain control.

Hata!: SQLSTATE[HY000] [1045] Access denied for user 'divattrend_liink'@'localhost' (using password: YES)