I’m working on configuring multiple WordPress installations and need to set up database access properly. Right now I’m creating dedicated MySQL users for each WordPress site to connect to their respective databases.
The official documentation suggests granting full database privileges to the WordPress user, but this seems like overkill from a security perspective. I’m wondering if anyone has experience with running WordPress on a more restricted set of database permissions.
What’s the absolute minimum set of MySQL privileges that WordPress actually requires to function correctly? I want to follow the principle of least privilege while ensuring the sites work without issues. Has anyone tested this or knows which specific database operations WordPress performs during normal operation?
You don’t need full database privileges for WordPress. I’ve found SELECT, INSERT, UPDATE, and DELETE work fine for day-to-day stuff. But you’ll also want CREATE and DROP since WordPress creates temp tables when installing plugins or updating. Don’t forget ALTER - core updates and plugins constantly tweak the database schema. INDEX privilege helps with plugin performance too. I’ve tried restricting things further but it just causes headaches. This setup works reliably across all the sites I’ve managed.
i’ve been running wordpress with minimal perms for years. you definitely need select, insert, update, delete plus create temporary tables - forgot that one once and certain queries broke. wordpress uses temp tables way more than you’d expect. dont forget index permissions either or some plugins will throw errors when they try to optimize things.
I’ve managed several WordPress setups, and you’ll need SELECT, INSERT, UPDATE, DELETE, CREATE, ALTER, and DROP privileges. But here’s what catches everyone - you also need LOCK TABLES. WordPress locks tables during maintenance and plugin installs, and without it you’ll get weird errors that’ll drive you crazy troubleshooting. Found this out the hard way when a client’s site kept crashing during auto-updates. Some backup plugins need FILE privilege for direct database exports, though most newer ones don’t. Honestly, restricting beyond these basic privileges isn’t worth the headache - you won’t gain much security but you’ll definitely run into compatibility problems.