I believe I’m well practiced in website security these days, especially having had to manage hundreds of client WordPress sites for years now! So I’m familiar with the standard security precautions of having everything kept up to date (WordPress core, plugins and themes), deleting any unused plugins or themes, having the correct file permissions on the site etc.. But one thing I normally discount is “Database Privileges” which is basically the allowances you give the database user to interact with the database that WordPress needs to run on.
Having done some research on the matter it appears that WordPress itself only requires the following privileges to run properly:
And possibly the following if you plan on using the auto updater or installing plugins etc:
Some plugins or themes might require more privileges but you’ll quickly find that out on install and you can change privileges to suit.
Here’s the privileges I’ve settled on anyway. You can set these up while creating a new database and adding a user to it in Cpanel or go back and re-add the user to the database to change privileges if everything is already setup:
Here’s a fairly comprehensive article on WordPress security from WordPress themselves: