Home » Quick Tips

Secure Database Connections in WordPress

Posted 6 Mar 2010 | Comments Off on Secure Database Connections in WordPress | 1,813 views

If you are setting up a WordPress site with an SSL certificate in a shared environment such as an ISP or hosting center, one of the things that you need to consider is the connectivity to your database. If you database is running locally on the server, then protecting your database is easy.  Configure it to listen on a socket, and configure your firewall appropriately.

If your database is running on another server, then the database connections should also use SSL. (Following the age old adage: Encryption in the front, encryption in the back.) This will ensure data in transit is protected end-to-end.

Edit the wp-includes/wp-db.php file.  Find this line:

$this->dbh = @mysql_connect($dbhost, $dbuser, $dbpassword);

And modify it to look like this:

$this->dbh = @mysql_connect($dbhost, $dbuser, $dbpassword, true, MYSQL_CLIENT_SSL);

As an added precaution, when setting up the database access, add REQUIRE SSL to the GRANTstatement.

Comments are closed.