WordPress Development Asked by Kristen Sepp on December 16, 2020
First of all I do not have a lot of experience with wordpress plugins, but I am developing a plugin which has to connect and send data to a remote database ( which it is already doing ). But at this point of time my connection is not secure at all because all the database info is shown for the admin of the site.
This is my code at the moment, it works and all but how can I make sure that noone will see the database data that is in this file?
<?php
function webARX_connect_to_db(){
$servername = "remote_host";
$username = "username";
$password = "password";
$dbname = "database_name";
// Create connection
$webARX_connection = new wpdb($username, $password, $dbname, $servername);
if (empty($webARX_connection->show_errors())){
return $webARX_connection;
} else {
return $webARX_connection->show_errors();
}
}
?>
I'd recommend setting up an API, and also ensuring the sites are HTTPS (have an SSL certificate) to encrypt communication between the servers.
If you don't have one already, there are free certifiers such as https://letsencrypt.org/
Answered by jake on December 16, 2020
Great question.
A couple of things:
First, best practices tell us to always keep these types of assets outside of our Web server’s document root. PHP isn't limited by the same restrictions as a Web server, from a permissions perspective, so you can make a directory on the same level as your document root and place all of your sensitive data and code there.
Second, create a new database user that is limited in what it can do. Use this account for calls, rather than a super-privileged user.
Using these two methods will greatly minimize your risks.
Hope I've offered some help.
Good luck.
Answered by wax on December 16, 2020
Get help from others!
Recent Answers
Recent Questions
© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP