How to Fix the Security Advisor MySQL Alert

The WHM Security Advisor scans for possible changes to harden your VPS security. Below we cover how to clear the following error for VPS users not using remote MySQL:

The MySQL service is configured to listen on all interfaces: (bind-address=*)
Configure bind-address=127.0.0.1 in /etc/my.cnf, or close port 3306 in server’s firewall

Security Advisor Scan

  1. To check for the MySQL service warning, first Login WHM as root.
  2. Select Security Advisor from the menu to start the scan.
    Screenshot in WHM selecting Security Advisor
  3. Check for the MySQL service alert.
    MySQL port open Security Advisor alert

If the alert above does display, you can fix this using one, or both, of the following methods:

Edit Config File Close Port 3306

Note: This may prevent your VPS from using remote MySQL.

Edit Config File

  1. SSH into your server as root.
  2. Edit the /etc/my.cnf file and add bind-address=127.0.0.1 to the file. To do so using nano editor:
    1. Type nano /etc/my.cnf and press Enter ⤶ to open the file.
    2. Scroll to the bottom of the file using the Down arrow and add
      bind-address=127.0.0.1.
    3. Press Control and x for the save prompt before exiting.
    4. Press y, then Enter ⤶ to save the file.
      Screenshot adding code to my.cnf
  3. Afterwards, rescan with cPanel Security Advisor to ensure the error doesn’t recur.

Close Port 3306 using CSF

Another option is to close port 3306 using your firewall. Advanced Policy Firewall (APF) users can remove the port from the APF configuration file using SSH as root. ConfigServer & Firewall (CSF) users can do this within WHM as root using the steps below.

  1. Select ConfigServer Security & Firewall from the WHM menu.
  2. Under csf – ConfigServer Firewall select Firewall Configuration.
    CSF selecting Firewall Configuration
  3. Under IPv4 Port Settings and Allow incoming TCP ports, remove “3306” from the text field.
    Removing port 3306
  4. Select Change at the bottom, then Restart csf+lfd.
    Restarting CSF and LFD
  5. Afterwards, rescan with cPanel Security Advisor to ensure the error doesn’t recur.

Congratulations. You’ve further enhanced your VPS security. APF users can upgrade to CSF using our installation guide or via verified email request.

Thoughts on “How to Fix the Security Advisor MySQL Alert

Leave a Reply