Hey guys, so I’m new to WP and been playing around with it hosting multiple wp sites on a raspberry pi, simulating Im manually installing WP on a linux server.
I’ve been reading about “privileges” that are given to Mysql users that connect to the wp website, and that ONLY give the necessary privileges and to NEVER use the root user.
QUESTIONS:
1. An article said that the new Mysql user (the user we include in wp-config.php) should ONLY require “Data Read” and “Data Write”. Is this correct?
2. Also, they say to always create and use a different MYSQL user for each wordpress site, meaning each database will have it’s own user with lmited privileges. Is this a must when you are the ONLY person with the server credentials? Can I use just 1 limited user for all 5 websites (5 databases)?
3. What are some security best practices you use when building wordpress sites and configuring the server settings?
Thanks.
[ad_2]
In general it is considered best practice to limit the permissions of any system to the minimum necessary:
That said – the wp db user needs all privileges.
From wp.org:
From wpse:
It is possible to lock things down a bit more, but it is likely to break the site (for example with new plugin installation or just an update) and require some troubleshooting:
And as for security best practices – start by reading the rest of the “hardening wordpress” page linked above.