Database user privileges

  • While installing WordPress, I created a new DB user and I was wondering about something: do I really need to give him all the user privileges after the installation is done? Do he requires to have all of them or just some of them such as CREATE, ALTER and DELETE? If so, which ones? By default, I left him all the privileges, but would I create some kind of vulnerability? I know php files makes it harder to see db parameters, but that question was on my mind.

Viewing 1 replies (of 1 total)

  • It would be reasonable to only have select, insert, update, delete on the objects for normal operation. Structures should not be changing unless you are doing an upgrade or a fresh install. So you can quite legitimately remove the ability to alter create or remove objects once things are set up.

Viewing 1 replies (of 1 total)
  • The topic ‘Database user privileges’ is closed to new replies.