MySQL is a commonly used database server seen on Linux operating systems. It is strong technically and many modern applications like WordPress, Joomla, Magento, or eCommerce work well with MySQL. When MySQL integrates with Cpanel, it becomes easy to manage the database.
Security is a concern for all applications. MySQL gets installed automatically at the time of cPanel installation. Through this article, let us discuss the various ways to secure MySQL server on cPanel.
Setting up a strong password
Strong passwords are best solutions to many common problems. MySQL server saves password for every user and the server should restrict entry of a non-administrative user to access the user table. Authentication should be carried out for every user in MySQL.
For cPanel server management, strong password policies must be in place for MySQL database users. The length of the password must also be well set.
To set the password length configuration, we recommend doing the following steps.
Login to Web Host Manager and click on Security Center.
Click on Password strength configuration.
Here, set the default password strength to 40 or more characters.
System Variables affecting security
If a global scope variable local-in file is disabled, a client cannot use LOCAL in the LOAD DATA statements. Security issues with LOAD DATA statement will not permit to load a file placed on the server host. Neither can it load a file located on the client host. The command gets disabled by setting the variable value to 0.
Skip-name-resolve is a global scope variable. It will resolve the hostname while checking the client connections. Though it is an optional parameter, it can help to improve the performance by disabling the DNS lookups when you have a slow DNS. All you need is to do is to add skip-name-resolve to the [mysqld] section of my.cnf.
Skip-show-database is a global scope variable. It controls the users of the SHOW database statement. Rejecting remote attackers with their information gathering capabilities is quite critical. For this reason, delete the command SHOW DATABASES. For this, you need to add skip-show-database to the [mysqld] section of my.cnf.
MySQL Server security
cPanel has a script called as secure MySQL. This script can support in securing the structure of cPanel server's MySQL with their commands.
Apart from setting the base password of cPanel MySQL, the script will also ensure that the user of MySQL owns the database directory of MySQL /var/lib/MySQL. By this, the server will be secure.
If there is still any clarification with MySQL configuration, have a back-up of the /var/lib/MySQL directory. Once the backup is ready, execute the secure MySQL script to ensure that the system is safe.
Restrict the system's compilers
For securing the server, we also recommend that you disable the compilers for all users who are not in the compilers group in the file /etc/group.
Disable unused domains and servers
Any service that permits connections to your server may also allow hackers to obtain access. To reduce the security risks, disable all the services and domains that you do not use.
Many organizations provide cPanel server management, but CloudEgg stands out in providing the best support to its clients. If you make use of our cPanel server management services, we monitor maintain and review your server 24*7.