Install and Secure MySQL/MariaDB

What this is

This guide explains how to install MySQL/MariaDB and apply basic security hardening.

What it is for

Run databases for WordPress, apps, and websites
Protect the database server from common insecure defaults

Prerequisites

SSH access + sudo

Step-by-step by distribution

A) Ubuntu/Debian

A1) Install MySQL server (common choice)

sudo apt update
sudo apt install -y mysql-server

Expected output: Package installation messages.

A2) Enable and start

sudo systemctl enable --now mysql

B) CentOS/RHEL/Rocky/AlmaLinux

B1) Install MariaDB (common default on many RHEL-based)

sudo dnf install -y mariadb-server

B2) Enable and start

sudo systemctl enable --now mariadb

Step 2) Run the secure installation wizard

sudo mysql_secure_installation

What it does: Helps you set a root password (or authentication), remove anonymous users, disable remote root login, remove test DB, and reload privileges.

Expected result: You answer yes/no prompts. Recommended answers: enable password, remove anonymous users, disallow root remote login, remove test DB, reload privileges.

Step 3) Verify the database service is running

MySQL:

sudo systemctl status mysql --no-pager

MariaDB:

sudo systemctl status mariadb --no-pager

Step 4) Test login locally

sudo mysql

Expected output: MySQL shell prompt mysql>.

Warnings & notes

Do not expose the database port (3306) to the internet unless you absolutely must.
Prefer local connections (app + DB on same VPS) or private network/VPN.

Final verification

sudo ss -lntp | grep 3306 || true

Expected output: MySQL listens on localhost or on specific interfaces (depending config).

Conclusion

MySQL/MariaDB is installed and secured with basic hardening. Next steps: create a database and a dedicated user for each app.