Skip to content
Help Center

How to protect my databases on hosting

Learn how to protect your MySQL database against unauthorised access. A practical guide to securing your website from cPanel or DirectAdmin.

Databases are the heart of most websites (especially if you use WordPress, Joomla, PrestaShop, etc.), so it is essential to protect them properly from your Bacan.com hosting account.

Here is a clear, step-by-step guide on how to protect your MySQL or MariaDB databases to prevent unauthorised access and keep your site secure.


Why protect your database?

Your database stores sensitive information such as:

  • Usernames and passwords (encrypted or not)

  • Site content

  • Email addresses

  • Orders, products, or customer data

If an attacker gains access to it, they could steal, modify, or delete everything.


7 steps to protect your databases on hosting


1. Use strong, unique passwords for your database users

Avoid easy passwords like admin123 or 123456.

Use combinations of letters, numbers, and symbols.
Example: D4t@B@s3!2024

You can use the password generator in the panel when creating a user.


2. Delete unused users and databases

Each database user has specific permissions. If you no longer use one, delete it to reduce potential entry points.


3. Never share your «root» or admin database user

If you have SSH or admin access on a VPS, never use the root user for external connections. Create users with limited permissions instead.


4. Restrict access from unknown IP addresses

By default, in shared hosting, MySQL connections are only allowed from the server itself (localhost), which is an excellent security measure.

If you need to allow remote access (for example, from an external app), do so only for a specific IP address from:

  • cPanel: Databases > Remote MySQL

  • DirectAdmin: MySQL Management > Host Access

Do not use % as a host (access from any IP) unless strictly necessary.

 


5. Protect your configuration file

Your CMS stores database access credentials in a file such as:

  • wp-config.php (WordPress)

  • configuration.php (Joomla)

  • .env or config.php in other systems

Verify that this file is not accessible from the web and has correct permissions (e.g., 400 or 440).


6. Perform regular backups

You can back up your databases from:

  • phpMyAdmin

  • Backup tools in cPanel / DirectAdmin

  • Plugins such as UpdraftPlus (in WordPress)

Always keep a local copy on your computer or in the cloud.


7. Prevent SQL injection with good coding practices

If you develop your own forms or SQL queries:

  • Use prepared statements

  • Validate and sanitise all input data

  • Never use raw user input directly in your queries

This helps prevent SQL injection attacks, one of the most common vulnerabilities in poorly protected sites.


What if I suspect someone accessed my database?

At Bacan.com we can help you:

  • Review activity logs

  • Change credentials and permissions

  • Restore a backup

Just open a ticket from your client area and we will resolve it together.