Have you ever wondered how hackers find their targets? It isn't always through complex brute-force attacks; sometimes, they just use Google. A simple search like inurl:index.php?id=1 shop install acts as a homing beacon for vulnerable websites. What is a Google Dork?
If your installation scripts are still accessible after setup, you're leaving the keys in the front door. Leaving 'install' directories live can lead to database exposure or unauthorized re-configuration. inurl index php id 1 shop install