Secure MongoDB
Before running the commands shown on this page, you should load the Bitnami stack environment by executing the installdir/use_APPNAME script (Linux and MacOS) or by clicking the shortcut in the Start Menu under “Start -> Bitnami APPNAME Stack -> Application console” (Windows). On OS X VMs, the installation directory is /opt/bitnami and OS X VM users can click the “Open Terminal” button to run commands. Learn more about the Bitnami stack environment and about OS X VMs.
Once you have created a new database and user credentials for your application, connect your applications to the MongoDB server using only that database and credentials.
If you don’t need remote access for the database, make the server listen only on the local machine by editing the mongodb.conf file and uncommenting the line below:
bind-address=127.0.0.1
If you don’t need remote access for the database, make sure the MongoDB server port (usually 27017) is closed. Refer to the FAQ for more information on closing server ports.
Don’t forget to change the root user password as explained in this section.
It is strongly recommended that you do not have empty passwords for any user accounts when using the server for any production work.