Restricting User Privileges on WordPress Databases

20140916070050971_easyicon_net_128If you are running multiple WordPress setups on the same web server, it is wise to keep them in separate databases each managed by a different database user. It is recommended to accomplish this when setting up the initial Wordpress installation. This is a restraint strategy: if hackers successfully crack one WordPress installation, this makes it that much harder to alter your other setups.

If you are managing your MySQL database server yourself, ensure that you understand your MySQL configuration and that unneeded features (such as accepting remote TCP connections) are disabled.

For normal WordPress operations, such as posting blog posts, uploading media files, posting comments, creating new WordPress users and installing WordPress plugins, the MySQL database user only needs data read and data write privileges to the MySQL database; SELECT, INSERT, UPDATE and DELETE.

Therefore any other database structure and administration privileges, such as DROP, ALTER and GRANT can be revoked. By revoking such privileges you are also improving the containment policies.

Note: Some plugins, themes and major WordPress updates might require to make database structural changes, such as add new tables or change the schema. In such case, before installing the plugin or updating software, you will need to temporarily allow the database user the required privileges.

WARNING: Attempting updates without having these privileges can cause problems when database schema changes occur. Thus, it is NOT recommended to revoke these privileges. If you do feel the need to do this for security reasons, and then please make sure that you have a solid backup system of your database with regular backing up the database for easy restores. A failed database upgrade can usually be solved by restoring the database back to an old version, granting the proper permissions, and then letting WordPress try the database update again. Most WordPress upgrades do not change the schema, but some do.

[zoho_form]