Another layer of Cyber Security protocol when hosting WordPress owners sites. System administrators and owners may need to login to a particular database to do maintenance. There is never a need to be able to see all the databases at once. Mistakes can happen, and causing an failure in a single database is more easily restored.
Breaking them all at once as root could be a real headache. More importantly, if the username/password were compromised for root then it wouldn’t be much trouble for a hacker to rifle all the data on all the sites. Bigger headache. We’ll discuss more hardening of the machine in a future post.
Each instance of the username & password for individual phpMyAdmin logins should be extremely unique and complicated. When creating a new install we highly recommend 12-14 characters and no, you would never expect to remember them. Just paste them in a notepad folder and provide a copy to your client if they are able and want to work in the DB. Here’s a good combo (don’t use it) that would take much longer to penetrate, if ever. It’s exponentially wise to add numerical, upper/lower case and symbol characters.
Username: 8428k7u!QAf^[email protected]
Password: [email protected]$6
Now, how to prevent root logins to the databases.
SSH into your server and sudo/edit the file in folder (typical install) /etc/phpmyadmin/config.inc.php and search the string: