Secure MariaDB
Once you have created a new database and user for your application, connect to your MariaDB server and follow these recommendations:
Remove anonymous users:
MariaDB> DELETE FROM mysql.user WHERE User='';
Remove the test database and access to it:
MariaDB> DROP DATABASE test; MariaDB> DELETE FROM mysql.db WHERE Db='test' OR Db='test\\_%';
Disallow root login remotely:
MariaDB> DELETE FROM mysql.user WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1');
Don’t forget to reload the privileges tables to apply the changes:
MariaDB> FLUSH PRIVILEGES;
It is strongly recommended that you do not have empty passwords for any user accounts when using the server for any production work.
If you don’t need remote access, uncomment the line
#bind-address=127.0.0.1
in the MariaDB configuration file to only listen for connections on the local machine. Restart the server once done.