Restrict the Remote Access to MySQL Server
For most users, the MySQL server does not need to be accessible through the insecure open network. You can limit the hosts by configuring the firewall or hardware or just forcing MySQL to listen to the localhost only. For remote access, SSH tunnels should be required.
If you want to limit users to establish connections only from localhost, add the following line in the configuration file.
Make Use of Logging
Enable logging allows you to monitor the activities on your server, so that you can analyze the failed login attempts and the access to sensitive files to know whether there are malicious activities launched toward your server and database. Logging can be enabled manually by adding the following command to the MySQL configuration file.
In terms of logging, there are two suggestions.
Enabling logging is only recommended for database servers with limited numbers of queries executed. For heavy production servers, it may cause high overload.
Only "root" and "mysql" should be granted the access to the log file "hostname.err" as this file includes much sensitive data like table names and passwords.