Mailing List Archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [tlug] Home LAMP webserver update- passwords, users, MySQL, phpmyadmin, Wordpress, oh my



Thanks for the reply. Concerning "database" is only one necessary? When MySQL installed, it created -one-database for "root" with password.
PHPmyadmin also (?maybe?) wanted -to me anyway- another? database.
Now wordpress... of which I would like to rename/delete/create another database named more like my website.

Then we have the restricted access .htaccess files with passwords for the admin areas of wordpress and phpmyadmin, etc.

Maybe getting better, thanks.

Kevin

On 6/26/2015 5:09 PM, Raymond Wan wrote:
On Fri, Jun 26, 2015 at 3:20 PM, Kevin Sullivan <csr-kts@example.com> wrote:
-Installing MySQL, it wants a user, password, and a database name, user
password

-Installing phpmyadmin, it also wants user, password, database name

-Wordpress wants mysql superuser name and password, then apparently
another wordpress user name, and pw....

What reasonably secure way to handle this myriad of users? Can/should I
stick to just one user/pw for each component? deal with remembering
different users/pws? What makes sense here for a
single-user-administered website serving (for now) one Wordpress
installation?


I have very little experience with WordPress and a bit more (but not
much) of Joomla.

MySQL will have to have a root user.  Some people create a separate
database administrator account with less access than root to do most
tasks.

Whichever you choose (a root or DBA account), phpmyadmin will need
access to it.  And, unless you want your users to be issuing SQL
commands (probably not), you should probably ensure access is only via
localhost, given your "single-user-administered" system.

As for WordPress, it needs access to the database.  You can give it
the same DBA password or create a separate one with even less access
than the DBA.  But across WordPress installations, I think you can
just change the underlying database for each user, but keep the
account to be the same?

Indeed, at each level you mentioned, you can create another account
such that each one has less (limited) access compared to the one above
it.  But, I'm not sure if that's needed.  You probably want to invest
your time in keeping WordPress up-to-date by applying the latest
patches, instead...  And/or putting yourself on the security mailing
list of WordPress to keep you informed of important updates.

All IMHO, of course...

Ray




Home | Main Index | Thread Index

Home Page Mailing List Linux and Japan TLUG Members Links