MySQL security

aaP_hello0

Hello, can someone point me in the right direction.

do I need to release port 3306, if so it wouldn't affect the websites! also how it is done.
to use my IP address?
don't know how to use this one

So whichever solution, I would appreciate the help. Thanks

Solution:
1、If not necessary, remove the MySQL port release from the [Security] page
2、Restrict IP access to MySQL port through the [System firewall] plug-in to enhance security
3、Use [ Fail2ban ] plug-in to protect MySQL service

aapanel_sniper

Good morning, Sir.

If you must open the public port access of MySQL, in addition to what you mentioned above, I would like to give you the following security advice, I hope it can help you.

If you do not have to use 3306, please replace port 3306 with other port, such as 33356? Or some other port that's not so easy to guess.
It is recommended that you only allow non-root users to access your MySQL through the public network. You may have a number of users running MySQL. It is recommended that you open only the users you need, not the root user running MySQL. This is quite dangerous.
More complex passwords that are longer than 16 bits. Complex passwords are useful for all kinds of security.

aaP_hello0

Morning, Thanks for the reply, I appreciate your help! where I can change the port within aapanel, within the sys firewall?

aapanel_sniper

aaP_hello0
setup is here.

and here.

aaP_hello0

Thanks! ive blocked the port and also added fail2ban on that port as-well

obbzy

Hey,
Sorry this may sound dumb, but is it fine to close public access to this port for Wordpress sites?
I presume them being hosted on the server itself, they will have 'local' access anyway?

Thanks! 🙂

aapanel_sniper

obbzy
Hello, Sir
The thing is, WordPress only uses the database account of its current site. It doesn't affect other accounts.
If you disable its access, your website will not work properly.