Let’s see how we can secure MySQL for client access:
1. You should use different users for reading, writing, deleting and updating.
2. Always specify hostname, do not use %.
3. Never use ALL TO *.*
4. Change root to something else for ex. manager.
5. Set a password for root user.
6. Never give administrative permissions to users that you will use from your application to access database.
For ex if you have created a MySQL user ‘john’ for read/write and you connect with this user from your php application, don’t give administrative permissions, like creating or droping tables, to user john.