Why was my new WordPress installation’s config page publicly viewable when first installed?

This is a problem with dreamhost documentation/practice (and I assume with all “one click” installation of wordpress). They should have clarified that you should complete the installation in few minutes from creating the site. The wordpress installation, with its two parts, is assumed to be done at one go.

But then, realistically there is no reason for an attacker to try to hijack such a site as it will be wiped out once discovered and there is no way for the attacker to retain control.

Related Posts:

  1. Best practice for versioning wp-config.php?
  2. Password in wp-config. Dangerous?
  3. What’s the difference between WP_MEMORY_LIMIT and WP_MAX_MEMORY_LIMIT?
  4. Turn Off Automatic Trash Deletion?
  5. How can I change preview URL?
  6. Override the wp_siteurl and wp_home not work
  7. Changing WP_CONTENT_DIR and WP_CONTENT_URL in wp-config.php does not register?
  8. Missing a temporary folder despite settings in wp-config.php
  9. How to use live images on local install?
  10. Syntax of FS_CHMOD_DIR and FS_CHMOD_FILE
  11. WordPress PHP error handling and reporting in production environment
  12. Declaratively Configuring WordPress in XML or JSON or YAML
  13. Fatal error: Allowed memory size of 41943040 bytes exhausted (tried to allocate 20480 bytes)
  14. How to set up gmail SMTP in WordPress
  15. error:-Cannot modify header information – headers already sent by
  16. Changing HTTP URL Port
  17. How to update WordPress from the latest trunk
  18. how to use is_admin in wp-config.php
  19. Locked out of WordPress Site Admin after enabling Force SSL on WordPress Https (SSL)
  20. Set wp-content folder to Dropbox folder
  21. Including a 3rd party library in WordPress which needs to be accessible by wp-config
  22. wp-config.php being deleted
  23. Get WP CLI to hide debug warnings and notices in JSON output, same setting as website
  24. Installation Issue WordPress locally – The file ‘wp-config.php’ already exists
  25. What is this file: wp-config-wpe.php?
  26. enable SFTP via SSH keys in wordpress
  27. html lang=”” instead of lang=”en-us” – why?
  28. Why do I get a WAMP homepage when clicking on specific website’s URL on LocalHost?
  29. Creating the wp-config.php file manually
  30. What Does this Code Snippet Do?
  31. Can I delete `wp-config-sample.php` after installing and configuring WordPress?
  32. How to reliably set file/folder permissions?
  33. Multiple wp-config.php files in one home directory
  34. Why edits to wp-config.php must come before “That’s all” comment
  35. error log cluttered with undefined DB_USER wp-admin/setup-config.php
  36. Is it possible to override the ABSPATH constant
  37. How to stop fatal error when loading theme template file directly
  38. Should I change wp-config for SSL?
  39. Out of memory errors : how best to track them down
  40. Redefine cookie domain for subdomains
  41. multiple language directories
  42. Error in database connection [closed]
  43. Update wp-config.php and lost pages
  44. Conflict with wp_homeurl, wp_siteurl and admin interface settings
  45. error messages in dashboard login
  46. where should I write constants in wordpress?
  47. Issues copying site into local machine
  48. Autosave interval remains default despite wp-config.php defines
  49. Carriage Return control character (^M) found in wp-config-sample.php
  50. Are the wordpress settings (abspath, disable core updates) added by SiteGround of any use after I’ve migrated to a different host?
  51. Need help fixing my wp-config file [closed]
  52. WP_MEMORY_LIMIT didn’t work in wp-config, only within default-constants.php
  53. Cookie set without HttpOnly flag
  54. Changing the wp-config.php broke the site
  55. Publishing WordPress from stage to production server
  56. Define option outside wp-config.php (on WordPress.com)
  57. Site lost all formatting when I attempted to migrate to Bluehost [closed]
  58. Moving wp-config.php one level up – 500 error – Nginx [closed]
  59. What should index.php contain on Synology NAS to get external access to WordPress to work?
  60. Remote server does not read `WP_HOME` from wp-config.php when local server does
  61. IP addresses to block to stop WP auto-update?
  62. Concerns over wp-config file [closed]
  63. Not showing old migrated content in website
  64. How to rename the wp-config.php file once under version control?
  65. Read wp-config without loading the rest of WordPress – i.e. wp-settings, etc
  66. Proper way to have multiple installs with a single database
  67. How turn on error reporting without reset?
  68. WordPress installed on a Sub-directory
  69. Editing wp-config.php file asks for another installation
  70. $post->id vs $post->ID problem after using WordPress config bootstrap
  71. ABSPATH not defined?
  72. How to stage a redesigned site on a new webhost while the original site is still live? [closed]
  73. WordPress login redirection not working on Nginx root directory
  74. Plesk login inaccessible after changing site URL
  75. Need help re-connecting local WP-config file to local database
  76. Change of “home” results in timeouts (only on index.php)
  77. wp-config.php randomly will reset to wp-config-sample.php
  78. WP_SITEURL vs WP_HOME link output
  79. What can an attacker do if he has access to my wp-config file?
  80. How to fix wp-login.php gives error 500 after migration?
  81. Change default wordpress FS owner
  82. Define new constants in wp-config
  83. sudden changing of host IP result in crash of the site
  84. Move wp-content outside root
  85. Can you define readability settings in wp-config.php?
  86. Can wp-config move cause dashboard not to load?
  87. Unable to change WordPress language (WordPress 4.2.2)
  88. PressPi (WordPress) Broken Layout
  89. How to change WordPress theme file path to a remote server?
  90. Why is WordPress not using $_SERVER[‘SERVER_NAME’] for ‘WP_SITEURL’ and ‘WP_HOME’ as default?
  91. WordPress Redirect on Name Change
  92. Is there any reason why using the same wp-config file might not work in MAMP?
  93. Best function/method to access wp-config?
  94. WordPress still requires FTP information
  95. Why would changing ports from 80 to 8080 cause wordpress to act unexpectedly?
  96. Change URL when visiting wordpress site
  97. max_input_vars not updating through wp-config
  98. Disabling zlib compression and enforcing gzip
  99. Can WP-CLI modify database connection details in existing wp-config file?
  100. How to specify server path in code?