It's always bothered me how Wordpress basically forces the user to provide their hosting credentials to install themes and plugins. How do know for sure the data is not being saved, intercepted and being provided backdoor access to the NSA or other agencies or even just being misused by others with access?
Here's how to close the security hole above and if you're already given Wordpress your credentials make sure you change everything associated it with it. Eg. change your ftp username and password, database password and if the same login gives you access to your hosting account/control panel you'll need to change all of your e-mail passwords too.
Yes the above takes a few extra steps but is well worth the peace of mind.
wordpress, manually, installing, themes, pluginsit, user, hosting, credentials, install, plugins, intercepted, provided, backdoor, nsa, agencies, misused, associated, eg, ftp, username, password, database, login, panel, ll, passwords, website, download, extract, zip, upload, extracted, directory, quot, wp, content, domain, activate,