I am setting up a few Wordpress blog sites. I have created a user in mysql that wordpress will use to access its database. The docs say to give this user all privileges on the database.
Does it really need full privileges? I expect not, so does anyone know the min set of privileges that it really needs?
I'm no Wordpress expert, but I would recommend it does actually have all privileges apart from GRANT. It will need to be able to create tables and insert/update etc. Several plugins use their own tables, which they create on the fly if they do not exist.
If you keep good backups, you really do not need to worry about what permissions the wordpress user has. At most your looking at half an hour of downtime if something malicious happens. Otherwise you won't really gain anything by changing the permissions.