If you are a web developer or administrator, aside from administering your web server, you should also be administering your MySQL database in terms of security. This database is open source and is commonly used with the PHP web server scripting language; tons of useful applications are being developed with this kind of setup. This is good, but it opens up issues, which we'll discuss here along with their solutions.
Do not ever try to store passwords in plain text. It is highly recommended to encrypt the password when it is stored in a MySQL database. If your database has been compromised, the passwords in plain text can be used to log in to the CMS panel, further compromising your website.
This is why, if you are using WordPress, by default they are stored as MD5, which is a one-way encryption and cannot be reversed. In this method, there is no way for a hacker to reverse engineer a password encrypted using MD5.
It is also extremely important that all users in the database have strong passwords that are stored in encrypted form the MySQL database.
MySQL injection issue
This is so far the biggest MySQL security problem. A lot of websites get compromised because of hackers using SQL injection methods. The root cause is improper validation of user inputs. It is always important to NEVER trust user data coming from forms or URLs.
You can easily prevent MySQL injection. Just follow four simple steps.
First, designing the database in such a way that it will only accept valid data entries for storing. If hackers inject code which fails to validate in the database fields design, it will be rejected and fail to be stored to the database. You can read more about MySQL database design.
Second, make sure you validate form user inputs. If you have strong validation of user inputs, it will be very hard to compromise the forms by entering malicious scripts. You can read more about PHP form validation.
Third, monitor your logs for MySQL injection entries. If you see an IP address engaging in possible MySQL injection, block the IP. That will make it harder for hackers to break into your website.
Fourth, prefer POST over using GET for common form submission. Although this is not a strict requirement, using POST will hide variables from being shown in the URL. GET will expose the variables and other values in the URL, making it very easy for hackers to look for possible exploits.