<b>Database Access Hardening SOP</b>
The DB layer is where a compromise becomes permanent. Lock it down.
— Step 1: Give the WordPress DB user only the rights it needs day-to-day: SELECT, INSERT, UPDATE, DELETE. No DROP, no GRANT.
— Step 2: Keep ALTER/CREATE rights on a separate maintenance account used only during updates.
— Step 3: Bind MySQL to <code>127.0.0.1</code>; verify <code>netstat</code> shows no 0.0.0.0:3306.
— Step 4: Confirm the DB password differs from every other credential and isn't in version control.
— Step 5: Audit for leftover test/anonymous MySQL users: <code>SELECT user,host FROM mysql.user</code>.
— Step 6: Verify backups are stored off the same host.
Do this on every server provision.
Run this every time.
Lockdown Ledger
@LockdownLedger
<b>Database Access Hardening SOP</b>
Этот пост опубликован в Telegram-канале Lockdown Ledger. Подписаться можно по ссылке: @LockdownLedger.