How to secure your mysql server installation

1 min read

Mysql Server is the most popular database in the planet , its stable and free and well documents and has a wide support in the community, but what about its security , the database by default is kinda secure but needs some configurations to ensure that its safe

we will begin by installing it in fresh server


sudo apt-get install mysql-server



sudo yum install mysql-server
/etc/init.d/mysqld start


the second thing to do is to run ” mysql_secure_installation” script which is come with mysql



This setup will take you through a series of steps.

First, you’ll need to enter the root password to connect to your database.
The first question will ask if you want to change the root password, but because you just set it, enter n for no.
Then it will ask you as series of questions if you want to remove anonymous users or not and remove information table or not, press ENTER to accept the default response.

The configuration file for MySQL is called “my.cnf” that is located in the “/etc/mysql/” or “/etc/”.


cd /etc/mysql/
sudo nano my.cnf

search for bind-address and make sure the ip is set to your local loopback network device which is “”

bind-address =

this make sure that mysql will not accpet any remote connection from other ips

In the same file we will add one more line to disable the ability to load local files, which is some time used in advanced sql-injection




mysql security recommendations:-

there is some security recommendations for mysql we will go through them quickly
1- change root username

in mysql console type


rename user 'root'@'localhost' to 'newAdminUser'@'localhost';




note: you can access mysql console by typing mysql -u USERNAME -p the hit ENTER and enter your password and hit ENTER again

2- use different user with every database with limited privileges

when you create a new database


create database ExampleDB;


create a new user for it


CREATE USER 'exampleuser'@'localhost' IDENTIFIED BY 'password';

and grant the new user privileges on the new database


GRANT SELECT,UPDATE,DELETE ON ExampleDB.* TO 'exampleuser'@'localhost';


and then




now the user exampleuser has only select and update and delete permissions on the database ExampleDB , so we ensure even if this account is hacked no other databases will be damaged

finally dont use any installation by default always look for tuning or security hints because every default installation be general to work in every situation, so customized it and secure it.