I just got WP running on my own server. I am not trying to lock things down more. What permissions should the db user have to my WP db?
What are the recommended database permissions for WordPress?
Leave a Reply
You must be logged in to post a comment.
If you did want to lock things down…. a normal wordpress site will usually only require the database user to have SELECT, INSERT, UPDATE and DELETE.
If you want to use the automatic update feature it will also require CREATE and ALTER.
Some plugins may require other permissions but most won’t.
WordPress only uses one DB user for everything, and he’ll need to have all permissions to the database. CREATE and ALTER are used when upgrading, sometimes. INSERT, UPDATE, and SELECT are used all the time.
I’ve asked a similar but a bit more detailed question lately: MySQL Database User: Which Privileges are needed?
The short installation instruction for WordPress (“5 Minutes”) state that:
This is the minimum of privileges / permissions that are needed and next to those, others are not needed.
So if your user has more privileges than those, you can reduce them.
For a secure database, selecting ALL PRIVILEGES is definitely NOT the answer.
See the Codex: http://codex.wordpress.org/Hardening_WordPress
The answer is all privileges. This is taken straight from the wordpress install page here
Look at the phpMyAdmin section and it states “Click Check All to select all privileges.