I want to create a new database user for my WordPress installation. Usually on localhost, i can just use root, but it is good practice to use a user with as little rights as possible.
What are those rights? I was wondering if WordPress needed to have installed plugins etc.
It may require CREATE
& DROP
privileges as well.
If your database is set up to deny remote connections (i.e. only applications on the same server can interact with the database) then there’s no danger in giving your WordPress user full access. As a matter of fact, most automated installation scripts used by web hosts grant full access to their WordPress user by default.
Keep in mind that your database “user” is not actually a site user … and unless you’re manually administering your database via phpMyAdmin, the login credentials will never be used by anything but WordPress.
That said, there’s no guarantee that future versions of WordPress won’t need the features you’re disabling. If you use your WordPress user to manually administer the database, you might need these features as well. My recommendation would be to grant full access to your WordPress user, but use a highly complex password for the user.