WordPress MySQL Permissions

Having security in mind, I had some concerns granting all privileges to the WordPress MySQL user (see the instructions from WordPress):

GRANT ALL PRIVILEGES ON databasename.* TO "wordpressusername" [..]

After all, with these privileges the WordPress user would be able to access other databases on this server and do whatever he likes. WordPress has become very popular and is a known target for exploits and the like (as a quick search on milw0rm.com will confirm). I didn’t like that idea.

So here is what I did:

GRANT SELECT, INSERT, UPDATE, CREATE, DELETE ON wordpress.* TO 'wordpress' IDENTIFIED BY 'mypass';

This works fine so far and I don’t think my WordPress installation needs more privileges. Note that the ALTER and DROP statements are missing from my list, which could interfere with future updates. But we’ll see…