I just got WP running on my own server. I am not trying to lock things down more. What permissions should the db user have to my WP db?
Topic privileges mysql permissions security Wordpress
Category Web
For a secure database, selecting ALL PRIVILEGES is definitely NOT the answer.
See the Codex: http://codex.wordpress.org/Hardening_WordPress
> 10 Database Security
> 10.1 Restricting Database User Privileges
If you did want to lock things down.... a normal wordpress site will usually only require the database user to have SELECT, INSERT, UPDATE and DELETE.
If you want to use the automatic update feature it will also require CREATE and ALTER.
Some plugins may require other permissions but most won't.
The answer is all privileges. This is taken straight from the wordpress install page here Look at the phpMyAdmin section and it states "Click Check All to select all privileges.
I've asked a similar but a bit more detailed question lately: MySQL Database User: Which Privileges are needed?
The short installation instruction for WordPress ("5 Minutes") state that:
Create a database for WordPress on your web server, as well as a MySQL user who has all privileges for accessing and modifying it.
This is the minimum of privileges / permissions that are needed and next to those, others are not needed.
So if your user has more privileges than those, you can reduce them.
WordPress only uses one DB user for everything, and he'll need to have all permissions to the database. CREATE and ALTER are used when upgrading, sometimes. INSERT, UPDATE, and SELECT are used all the time.
Geeks Mental is a community that publishes articles and tutorials about Web, Android, Data Science, new techniques and Linux security.