WordPress MySQL Permissions

Having security in mind, I had some concerns granting all privileges to the WordPress MySQL user (see the instructions from WordPress):

GRANT ALL PRIVILEGES ON databasename.* TO "wordpressusername" [..]

After all, with these privileges the WordPress user would be able to access other databases on this server and do whatever he likes. WordPress has become very popular and is a known target for exploits and the like (as a quick search on milw0rm.com will confirm). I didn’t like that idea.

So here is what I did:

GRANT SELECT, INSERT, UPDATE, CREATE, DELETE ON wordpress.* TO 'wordpress' IDENTIFIED BY 'mypass';

This works fine so far and I don’t think my WordPress installation needs more privileges. Note that the ALTER and DROP statements are missing from my list, which could interfere with future updates. But we’ll see…

Hello world

My name is Simon Krenger, I am a Technical Account Manager (TAM) at Red Hat. I advise our customers in using Kubernetes, Containers, Linux and Open Source.

Elsewhere

  1. GitHub
  2. LinkedIn
  3. GitLab