7

I have been searching on how to configure wordpress to connect to mysql db over ssl, however most of the example are about three to five years old e.g. this wordpress support topic

my wordpress version is 4.5.2 and obviusly the code and settings is nothing like what I in examples all over forums, is there a more relevant example on how to fix settings in wp-settings.php and wp-includes/wp-db.php to ensure secure connection to a remote MySql?

Anadi Misra
  • 527
  • 2
  • 9
  • 22
  • 2
    It seems to me like overkill to add an SSL layer on each database call. You'll regret it too soon to spend five more minutes on solving it this way. A much better solution would be to setup a VPN connection between both servers. This way, the MySQL connection is secured by directing it through the VPN, and all operations go much faster. – Julie Pelletier May 23 '16 at 04:24
  • @JuliePelletier the SSL handshake delay can be avoided by using persistent connections.But this cannot be done with some PHP setups, ie. using CGI SAPI. – sam_pan_mariusz May 23 '16 at 05:38
  • It's about trade offs, between moving parts of VPN & tunnels etc, and SSL, I would like to go with the latter :-) – Anadi Misra May 23 '16 at 14:05
  • I'm curious what is so criticial in your Wordpress install it needs SSL, and why you're using an untrusted network? This is a valid pattern for enterprise apps in shared data centers where confidential information is in play, but is overkill for many situations. – Tim May 23 '16 at 19:58
  • 1
    I am on cloud hosting, can't keep all eggs in single basket, we have PIIs in the database, hence the SSL part – Anadi Misra May 24 '16 at 04:48

4 Answers4

7

Edit wp-config.php

Add following line:

define('MYSQL_CLIENT_FLAGS', MYSQLI_CLIENT_SSL);

If your database(MySQL 5.6 or later) use a self-assigned certificate, you may try:

define('MYSQL_CLIENT_FLAGS', MYSQLI_CLIENT_SSL_DONT_VERIFY_SERVER_CERT);

Tested on WordPress version 5.2.

qin
  • 171
  • 1
  • 4
2

For those looking for a way to do this w/o hacking core or rolling your own plugin:

https://wordpress.org/plugins/secure-db-connection/

Created by the dev who initially reported the issue in WordPress: https://core.trac.wordpress.org/ticket/28625

9ete
  • 119
  • 4
0

here the solution: you have to add the ssl cert in a bin folder, then refer to the server with a variable https://atiqcs.wordpress.com/2018/07/22/enable-ssl-with-azure-web-app-for-mysql-database/#:~:text=Enabling%20SSL%20with%20Azure%20Web%20App%20for%20mysql,MySQL%20over%20SSL%20below%20mentions%20adding%20DB_SSL%2C%20

Christian Ortiz
  • 1
-1

Pretty sure this is answered best here you basically add a filter, and the details to the SSL certificate details in wp-config.php

There is also a plugin on the wordpress.org repository here

Community
  • 1
MrMesees
  • 127
  • 5
  • 1
    Whilst this may theoretically answer the question, [it would be preferable](//meta.stackoverflow.com/q/8259) to include the essential parts of the answer here, and provide the link for reference. – Jenny D Jun 02 '17 at 16:24
  • Are you suggesting I should duplicate content that may change based upon third-party decision making simply to boost StackOverflow keywords? I was merely trying to provide an answer that stood the test of time; feel free to make the edits you desire but the downvote and needlessly pedantic comment are not appreciated – MrMesees Jun 13 '17 at 11:45
  • 1
    Yes, that's what @JennyD is saying. Link-only answers become useless when the original content moves of goes away. – EEAA Jun 13 '17 at 11:55
  • I'm sorry but that ignores fundamentals of the web, such as being able to use archive.org, or the documentation author simply updating their links. I absolutely accept that if someone links to my personal site dead links may be a factor. If I link to MySQL 5.5 docs, or latest, it's less likely the URL will be broken than the duplicate content obsolete. You're arguing to create a network graph problem. – MrMesees Jun 14 '17 at 12:51
  • Put in a simpler way, if the link breaks there is one place to change it (on the site of the link). If SO answer + quora + every other platform has a change then there are N places to change that content. – MrMesees Jun 14 '17 at 12:52