Question

change db user password & restrict its privileges?

Hi one of my WordPress sites has been hacked. I want to change the db password and restrict its privileges. I am not sure how to do it. Please can someone advise?

I created the DB years ago via Putty SSH using this cmd -

sudo mysql-create-db abb_db abb_user db_password

I then use adminer.php to do database stuff (import SQL file) and I am not sure if I can change the db password in adminer.php or is it done via Putty SSH?

Another issue with this abb_user is it can see all the databases when logged into adminer.php (see screenshot) -

https://i.ibb.co/41XYVsx/db-user.jpg

I would also like this user to only have access to the abb_db. Please can someone advise how to fix that?

Thank you for help!


Submit an answer

This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Want to learn more? Join the DigitalOcean Community!

Join our DigitalOcean community of over a million developers for free! Get help and share knowledge in Q&A, subscribe to topics of interest, and get courses and tools that will help you grow as a developer and scale your project or business.

Hi @twc8ac35a8636,

First, you’ll need to be sure your MySQL version. You can find it out by using SSH to enter your Droplet and then typing:

  1. mysql --version

Depending on the version the syntax could be different however here is a example of how to proceed in cases where MySQL version is 8.

First enter MySQL with your root user. It should be as easy as

  1. mysql

Once in there type the following query to remove the user’s privileges:

  1. REVOKE ALL PRIVILEGES, GRANT OPTION FROM user [, user] ...
  2. FLUSH PRIVILEGES;

Once you’ve Revoked all the privileges you can now add privileges to the DBs you want:

  1. GRANT ALL PRIVILEGES ON testdb.* TO 'testuser'@'localhost';