Page History

...

Save the file and browser to file using a browser. You can use either the IP Address or the valid Domain Name. For example, http://173.194.75.94/info.php or http://www.krypton.com/info.php which should show a purple and grey PHP informational screen.

Secure the

...

PHP

The security posture is from an administrative perspective and not for shared hosting.

...

CREATE DATABASE wpkryptondb;
GRANT ALL PRIVILEGES ON wpkryptondb.* TO "'wpkryptonuser"'@"'localhost"' IDENTIFIED BY "'password"';
FLUSH PRIVILEGES;
EXIT

Adjust the variables for your application.

...

password - Change to password using algorithm based on name of the website domain, in this case krypton.

Setup WordPress

Install WordPress

...

• Create config file for database access
• Set URL
• ...

Secure WordPress

Restrict WordPress Database Account

As part of good application security, the WordPress database account should only be granted minimal privileges.

Connect into MySQL,

mysql -u root -p 

Enter the following MySQL commands,

REVOKE ALL PRIVILEGES, GRANT OPTION FROM 'wpkryptonuser'@'localhost';
GRANT SELECT, INSERT, UPDATE ON wpkryptondb.* TO 'wpkryptonuser'@'localhost' IDENTIFIED BY 'password';
FLUSH PRIVILEGES;
EXIT

Adjust the variables for your application.

wpkryptondb - Name of the database for the WordPress application instance. We use the domain name of the website.

wpkryptonuser - User account for accessing the database.

localhost - Address of the database server. In this example, the database is on the same server so use localhost.

password - Change to password using algorithm based on name of the website domain, in this case krypton.

Verify the changes took effect,

SHOW GRANTS FOR 'wpkryptonuser'@'localhost';

File Permissions

Adapted from the WordPress article Hardening WordPress we take the approach of creating accounts for select developers or release managers.

...