WordPress.org

Ready to get started?Download WordPress

Forums

Acunetix WP Security
[resolved] Global MySQL rights necessary to run this plugin? (3 posts)

  1. Acky
    Member
    Posted 10 months ago #

    Like I few others I had the problem to install the latest version of this plugin. The administration panel didn't show up. I turned out to be a problem with the rights of the WP user in the wp-config.php accessing the MySQL database. Acunetix pointed out, that it must be necessary for this user to create and alter the database.

    As a matter of fact my user had these rights and it still didn't work. I had to give the user the global rights to create and alter databases, then the plugin worked. Of course this is a big security issue and I'm not willing to grant a plugin access to all of the databases of my MySQL installation.

    @Acunetix Why does your plugin need global rights? Or is this simply a bug?

    P.S.: I run a couple of plugins who create and alter tables in the database of my blog. But only this single database!

    http://wordpress.org/plugins/wp-security-scan/

  2. Acky
    Member
    Posted 9 months ago #

    I'm actually wondering why the makers of a security plugin don't seem to bother to comment regarding a security concern of their plugin.

  3. Acunetix
    Member
    Plugin Author

    Posted 9 months ago #

    Hello Acky

    Thank you for your feedback.

    I'm sorry for the late reply but I somehow missed your thread...

    The plugin does not need access to your "all" databases, it uses the current user and pass to access the database defined in the config file.

    If the script didn't execute with that information it more likely seems like a bug, and we're going to investigate it.

    Thanks again for the feedback!

    Regards,
    Costin

Reply

You must log in to post.

About this Plugin

About this Topic

Tags

No tags yet.