"7. Secure MySQL by only allowing root logins from a
few management systems and not from localhost.
"This one sounds a bit strange, but by doing this it makes it
very hard for someone to root your mysql if all they have is a user
account on your LAMP server (hopefully some of you can see the
"Say for example all your admins sit behind a nat box that has
the ip 18.104.22.168 then the commands for mysql to lock it down
would be like this : update user set host = '22.214.171.124' where
user="root"; that will leave the root passwords intact and only
allow logins from a single management IP, but NOT localhost."