MySQL databasesSpanish version

Support article

How to protect databases in your hosting

Learn how to protect your MySQL or MariaDB databases in hosting and reduce the risk of unauthorised access with simple good practices.

Published: 24/06/2026Updated: 24/06/2026

Introduction

Databases are a core part of most websites. If you use WordPress, Joomla, PrestaShop or another CMS, your site probably stores important data such as users, content, orders, products or customer details in MySQL or MariaDB.

That is why protecting your databases is essential to reduce the risk of unauthorised access, data loss or malicious changes.

Why it is important to protect a database

A database can contain critical website information such as:

  • Encrypted user passwords.
  • Site posts, pages and settings.
  • Customer email addresses.
  • Products and orders.
  • Forms, bookings and visitor-submitted information.

Steps to protect your hosting databases

1. Use strong and unique passwords

Avoid weak passwords and create strong credentials for every database user.

2. Create users with limited permissions

Do not give more privileges than the application really needs.

3. Remove unused databases and users

Old items left behind can become an unnecessary risk.

4. Avoid using administrator-level users for external connections

Create specific accounts for each purpose.

5. Restrict remote MySQL access

Only allow the exact IP addresses that really need access.

6. Protect your website configuration file

The database credentials stored in the site configuration must be kept secure.

7. Make backups regularly

Backups are essential if something goes wrong.

8. Keep your CMS and applications updated

Many attacks happen through outdated software.

9. Prevent SQL injection in custom developments

If you use custom code, validate input properly and use safe query practices.

Useful tips to improve security

  • Review access periodically.
  • Delete what you no longer use.
  • Separate projects into different databases whenever possible.

Frequently asked questions

How do I know which database my site uses?

Usually by reviewing the website configuration file or the application setup.

Is it safe to use localhost as the database server?

For internal website connections inside the same hosting environment, it is common and can be appropriate.

Can I give remote access to a database?

Yes, but only when needed and with restricted IP access.

What if I forgot the password of a database user?

You can normally reset it from the hosting panel and then update the application configuration.

Should every site have its own database?

That is often a good practice for order and security.

What to do if you suspect unauthorised access

Review users, passwords, remote access rules, recent changes and backups as soon as possible, and contact support if you need help.

Conclusion

Database security should be part of your overall hosting security routine. Small good practices can prevent major problems later.