Support article
How to protect databases in your hosting
Learn how to protect your MySQL or MariaDB databases in hosting and reduce the risk of unauthorised access with simple good practices.
Introduction
Databases are a core part of most websites. If you use WordPress, Joomla, PrestaShop or another CMS, your site probably stores important data such as users, content, orders, products or customer details in MySQL or MariaDB.
That is why protecting your databases is essential to reduce the risk of unauthorised access, data loss or malicious changes.
Why it is important to protect a database
A database can contain critical website information such as:
- Encrypted user passwords.
- Site posts, pages and settings.
- Customer email addresses.
- Products and orders.
- Forms, bookings and visitor-submitted information.
Steps to protect your hosting databases
1. Use strong and unique passwords
Avoid weak passwords and create strong credentials for every database user.
2. Create users with limited permissions
Do not give more privileges than the application really needs.
3. Remove unused databases and users
Old items left behind can become an unnecessary risk.
4. Avoid using administrator-level users for external connections
Create specific accounts for each purpose.
5. Restrict remote MySQL access
Only allow the exact IP addresses that really need access.
6. Protect your website configuration file
The database credentials stored in the site configuration must be kept secure.
7. Make backups regularly
Backups are essential if something goes wrong.
8. Keep your CMS and applications updated
Many attacks happen through outdated software.
9. Prevent SQL injection in custom developments
If you use custom code, validate input properly and use safe query practices.
Useful tips to improve security
- Review access periodically.
- Delete what you no longer use.
- Separate projects into different databases whenever possible.
Frequently asked questions
How do I know which database my site uses?
Usually by reviewing the website configuration file or the application setup.
Is it safe to use localhost as the database server?
For internal website connections inside the same hosting environment, it is common and can be appropriate.
Can I give remote access to a database?
Yes, but only when needed and with restricted IP access.
What if I forgot the password of a database user?
You can normally reset it from the hosting panel and then update the application configuration.
Should every site have its own database?
That is often a good practice for order and security.
What to do if you suspect unauthorised access
Review users, passwords, remote access rules, recent changes and backups as soon as possible, and contact support if you need help.
Conclusion
Database security should be part of your overall hosting security routine. Small good practices can prevent major problems later.