WordPress.org

Support

Support » Plugins and Hacks » Acunetix WP Security » [Resolved] Global MySQL rights necessary to run this plugin?

[Resolved] Global MySQL rights necessary to run this plugin?

  • Like I few others I had the problem to install the latest version of this plugin. The administration panel didn’t show up. I turned out to be a problem with the rights of the WP user in the wp-config.php accessing the MySQL database. Acunetix pointed out, that it must be necessary for this user to create and alter the database.

    As a matter of fact my user had these rights and it still didn’t work. I had to give the user the global rights to create and alter databases, then the plugin worked. Of course this is a big security issue and I’m not willing to grant a plugin access to all of the databases of my MySQL installation.

    @acunetix Why does your plugin need global rights? Or is this simply a bug?

    P.S.: I run a couple of plugins who create and alter tables in the database of my blog. But only this single database!

    http://wordpress.org/plugins/wp-security-scan/

Viewing 2 replies - 1 through 2 (of 2 total)
  • I’m actually wondering why the makers of a security plugin don’t seem to bother to comment regarding a security concern of their plugin.

    Plugin Author Acunetix

    @acunetix

    Hello Acky

    Thank you for your feedback.

    I’m sorry for the late reply but I somehow missed your thread…

    The plugin does not need access to your “all” databases, it uses the current user and pass to access the database defined in the config file.

    If the script didn’t execute with that information it more likely seems like a bug, and we’re going to investigate it.

    Thanks again for the feedback!

    Regards,
    Costin

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘[Resolved] Global MySQL rights necessary to run this plugin?’ is closed to new replies.
Skip to toolbar