Secure MySQL
Once you have created a new database and user for your application, connect to your MySQL server and follow these recommendations:
Remove anonymous users:
mysql> DELETE FROM mysql.user WHERE User='';
Remove the test database and access to it:
mysql> DROP DATABASE test; mysql> DELETE FROM mysql.db WHERE Db='test' OR Db='test\\_%';
Disallow root login remotely:
mysql> DELETE FROM mysql.user WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1');
Don’t forget to reload the privileges tables to apply the changes:
mysql> FLUSH PRIVILEGES;
It is strongly recommended that you do not have empty passwords for any user accounts when using the server for any production work.
If you don’t need remote access, uncomment the line
#bind-address=127.0.0.1
in the MySQL configuration file to only listen for connections on the local machine. Restart the server once done.