I am migrating my wordpress blogs to Linode from shared hosting.

I managed to use the command line to copy over my databases, and I have implemented the general security tips
- disallow password authentication
- fail2ban
- disallow root logins in my main apache config.
- changed the default SSH port (although I see that some people don't think this is necessary).
- ufw firewall only allowing my SSH port, 80, and 443.

But - what should I be doing in terms of MySql security specifically?

When I first set up my Linode using the LAMP stackscript, I used root as the user and I'm wondering if I need to change this, and how to do this safely.

I want to be able to use the automatic database backup plugin in Wordpress, and I have Linode backups turned on, but otherwise no one needs any access to my Linode other than me from my local machine at my home static IP.

I'm a supernewbie and I'd really appreciate some advice.

Thanks!

Probably the main thing is to make sure MySQL is not listening for outside connections. You can check like so:

# netstat -lvnut
Proto Recv-Q Send-Q Local Address               Foreign Address             State       PID/Program name
tcp        0      0 127.0.0.1:3306              0.0.0.0:*                   LISTEN      4821/mysqld
...

If you see 127.0.0.1:3306 (or the IPv6 equivalent, can't remember what it is right now) in the Local Address column, then MySQL is only listening on the loopback interface. If you see 0.0.0.0:3306 (or :::3306), it is accepting connections from the outside world and you should change bind-address.

If you don't see it in the netstat output, then MySQL is probably using a UNIX socket (you can check with netstat -lvpn --protocol=unix) which is not open to the outside.

Cool - thanks. I ran it and its not accepting outside connections so that's looking good.