How to connect my wordpress plugin to a remote database securely?

First of all I do not have a lot of experience with wordpress plugins, but I am developing a plugin which has to connect and send data to a remote database ( which it is already doing ). But at this point of time my connection is not secure at all because all the database info is shown for the admin of the site.

This is my code at the moment, it works and all but how can I make sure that noone will see the database data that is in this file?

?php
function webARX_connect_to_db(){
  $servername = "remote_host";
  $username = "username";
  $password = "password";
  $dbname = "database_name";

  // Create connection
  $webARX_connection = new wpdb($username, $password, $dbname, $servername);

  if (empty($webARX_connection-show_errors())){
    return $webARX_connection;
  } else {
    return $webARX_connection-show_errors();
  }
}
?

Topic plugin-development security Wordpress

Category Web

1
answered at

I'd recommend setting up an API, and also ensuring the sites are HTTPS (have an SSL certificate) to encrypt communication between the servers.

If you don't have one already, there are free certifiers such as https://letsencrypt.org/

1
answered at

Great question.

A couple of things:

First, best practices tell us to always keep these types of assets outside of our Web server’s document root. PHP isn't limited by the same restrictions as a Web server, from a permissions perspective, so you can make a directory on the same level as your document root and place all of your sensitive data and code there.

Second, create a new database user that is limited in what it can do. Use this account for calls, rather than a super-privileged user.

Using these two methods will greatly minimize your risks.

Hope I've offered some help.

Good luck.

About

Geeks Mental is a community that publishes articles and tutorials about Web, Android, Data Science, new techniques and Linux security.