Tips and Tricks HQ Support

Support site for Tips and Tricks HQ premium products

What Are the Minimum Required WordPress Database User Permissions

by

Tips and Tricks HQ Support Portal Forums WP eMember WP eMember General Questions What Are the Minimum Required WordPress Database User Permissions

Viewing 3 posts - 1 through 3 (of 3 total)
  • Author
    Posts
  • April 8, 2016 at 5:15 am #13408
    Jerry9
    Member

    WordPress: v4.4.2

    WP eMember: v9.0.2

    QUESTION

    I would like to know what are the minimum WordPress Database User permissions we can use for eMember during operation. (Are different permissions required for install and update?)

    Here is what the CODEX says

    Codex: Hardening WordPress

    Scroll to: 10.1 Restricting Database User Privileges

    http://codex.wordpress.org/Hardening_WordPress

    > For data read/write only: SELECT, INSERT, UPDATE and DELETE

    > For Software Updates and non-minor WordPress updates, enable ALL, then revoke all but those listed above.

    Here is another link for reference

    Nice CHART of the TYPES (or Categories) of Permissions:

    Data, Structure, and Administration

    Scroll to: Assign the user privileges to the WordPress MySQL database

    [http://www.wpwhitesecurity.com/wordpress-security-hacks/secure-mysql-database-privileges-wordpress/]

    > SELECT, INSERT, UPDATE, DELETE

    April 8, 2016 at 3:07 pm #72991
    wzp
    Moderator

    The Codex also says…

    Note: Some plugins, themes and major WordPress updates might require to make database structural changes, such as add new tables or change the schema. In such case, before installing the plugin or updating a software, you will need to temporarily allow the database user the required privileges.

    WARNING: Attempting updates without having these privileges can cause problems when database schema changes occur. Thus, it is NOT recommended to revoke these privileges.

    Which means, whenever you perform an install, activation, update, reset, deactivation, or deletion of any of our plugin or addons; the full set of permissions is required.

    With that said:

    1. Unless you are an omnipotent & INFALLIBLE power user, you should not be fiddling with the MySQL server permissions.

       

    2. The “weakest link” is the clear-text MySQL user name and password, stored in your WordPress server’s wp-config.php file. Concentrate on securing your WordPress server, before looking at the MySQL server; which your hosting provider usually keeps on a separately secured machine.

     

    Have you looked at our All In One Security plugin yet?

    https://www.tipsandtricks-hq.com/wordpress-security-and-firewall-plugin

    April 9, 2016 at 3:44 am #72992
    admin
    Keymaster

    You should not be manually trying to fiddle with this stuff (it will give you grief).

    Few points:

    1) WordPress itself is very secure.

    2) If there is a security issue in a plugin or theme, get the developer to correct/fix it. We will always fix any security issue in the plugin in a timely manner (when needed)

    3) If you want to apply some extra security to your site, then use a security plugin like the following:

    https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/

  • Author
    Posts
Viewing 3 posts - 1 through 3 (of 3 total)
  • You must be logged in to reply to this topic.