Secure MongoDB
Once you have created a new database and user credentials for your application, connect your applications to the MongoDB server using only that database and credentials.
If you don’t need remote access for the database, make the server listen only on the local machine by editing the mongodb.conf file and uncommenting the line below:
bind-address=127.0.0.1
If you don’t need remote access for the database, make sure the MongoDB server port (usually 27017) is closed. Refer to the FAQ for more information on closing server ports.
Don’t forget to change the root user password as explained in this section.
It is strongly recommended that you do not have empty passwords for any user accounts when using the server for any production work.