Title: Secure DB Connection Author: hypertextranch Published: 21 Ağustos 2016 Last modified: 8 Temmuz 2018 --- Eklentilerde ara Bu eklenti, **WordPress’in son 3 ana dağıtımı ile test edilmemiş**. Artık bakımı yapılmıyor veya desteklenmiyor olabilir ve WordPress’in daha güncel sürümleriyle birlikte kullanıldığında uyumluluk sorunları olabilir. ![](https://ps.w.org/secure-db-connection/assets/icon-256x256.png?rev=1905585) # Secure DB Connection [hypertextranch](https://profiles.wordpress.org/hypertextranch/) tarafından [İndir](https://downloads.wordpress.org/plugin/secure-db-connection.1.1.6.zip) * [Detaylar](https://tr.wordpress.org/plugins/secure-db-connection/#description) * [İncelemeler](https://tr.wordpress.org/plugins/secure-db-connection/#reviews) * [Kurulum](https://tr.wordpress.org/plugins/secure-db-connection/#installation) * [Geliştirme](https://tr.wordpress.org/plugins/secure-db-connection/#developers) [Destek](https://wordpress.org/support/plugin/secure-db-connection/) ## Açıklama Depending on the MySQL server setup the SSL certs used may not be in the trusted store, if that’s the case `mysqli_ssl_set()` needs to be called to set custom keys and certs before connect. This Plugin adds a custom DB class that allows these settings to be configured via custom constants. This plugin will also add a custom item on the “At a Glance” section of the Dashboard to show if the `$wpdb` connection is secure or not. Also find me on [GitHub](https://github.com/xyu/secure-db-connection). ## Ekran Görüntüleri * [[ * An at a glance item is added showing the status of the MySQL connection when this plugin is activated. If the connection is encrypted the SSL version and cipher used will also be shown. ## Yükleme For detailed installation instructions, please read the [standard installation procedure for WordPress plugins](https://codex.wordpress.org/Managing_Plugins#Installing_Plugins). 1. Install and activate plugin, if the filesystem is writable the Secure DB Connection dropin will be installed for you automatically. If not proceed to step 2 2. Symlink or copy the `db.php` file from the `/wp-content/plugins/secure-db-connection/ lib/` directory to the `/wp-content/` directory. 3. Set the relevant defines in your `wp-config.php` file. #### Configuration Parameters To adjust the configuration, define any of the following applicable constants in your `wp-config.php` file. * `MYSQL_SSL_KEY` [default: not set] * The path name to the key file. (RSA Key) * `MYSQL_SSL_CERT` [default: not set] * The path name to the certificate file. * `MYSQL_SSL_CA` [default: not set] * The path name to the certificate authority file in PEM format. * `MYSQL_SSL_CA_PATH` [default: not set] * The pathname to a directory that contains trusted SSL CA certificates in PEM format. * `MYSQL_SSL_CIPHER` [default: not set] * A list of allowable ciphers to use for SSL encryption. You can leave this blank if you want to just use the strongest available. #### Turning on SSL First please note, only the `mysqli` (MySQL Improved) extension is supported this is the default extension used by WordPress however if you do not have the extension installed WordPress will fallback on the much older mysql extension which does not support secure connections. Depending on your database configuration you may not need to set all the available options. For example when connecting to RDS Amazon helpfully provides a certificate bundle so once that’s downloaded to the server all that’s need is to set the CA option: ``` define( 'MYSQL_SSL_CA', '/path/to/rds-combined-ca-bundle.pem' ); ``` Once SSL keys / certs have been configured you via the defines above define an WP core constant to pass a use SSL flag to the mysqli client also in your `wp-config. php` file. ``` define( 'MYSQL_CLIENT_FLAGS', MYSQLI_CLIENT_SSL ); ``` If you are using the MySQL Native Driver and MySQL 5.6 or later `mysqli_real_connect()` will verify the server SSL certificate before connecting. If the SSL cert installed on the MySQL server your are connecting to is not valid PHP will refuse to connect. A flag was added to disable server certificate validation. If your server has an invalid certificate turn on SSL and turn off validation like so: ``` define( 'MYSQL_CLIENT_FLAGS', MYSQLI_CLIENT_SSL | MYSQLI_CLIENT_SSL_DONT_VERIFY_SERVER_CERT ); ``` #### Example Config Aside from setting the normal MySQL connection parameters the minimum configs to get SSL connections to the database will look something like this in `wp-config. php`: ``` define( 'MYSQL_SSL_CA', '/path/to/ca-bundle.pem' ); define( 'MYSQL_CLIENT_FLAGS', MYSQLI_CLIENT_SSL ); ``` ## SSS Installation Instructions For detailed installation instructions, please read the [standard installation procedure for WordPress plugins](https://codex.wordpress.org/Managing_Plugins#Installing_Plugins). 1. Install and activate plugin, if the filesystem is writable the Secure DB Connection dropin will be installed for you automatically. If not proceed to step 2 2. Symlink or copy the `db.php` file from the `/wp-content/plugins/secure-db-connection/ lib/` directory to the `/wp-content/` directory. 3. Set the relevant defines in your `wp-config.php` file. #### Configuration Parameters To adjust the configuration, define any of the following applicable constants in your `wp-config.php` file. * `MYSQL_SSL_KEY` [default: not set] * The path name to the key file. (RSA Key) * `MYSQL_SSL_CERT` [default: not set] * The path name to the certificate file. * `MYSQL_SSL_CA` [default: not set] * The path name to the certificate authority file in PEM format. * `MYSQL_SSL_CA_PATH` [default: not set] * The pathname to a directory that contains trusted SSL CA certificates in PEM format. * `MYSQL_SSL_CIPHER` [default: not set] * A list of allowable ciphers to use for SSL encryption. You can leave this blank if you want to just use the strongest available. #### Turning on SSL First please note, only the `mysqli` (MySQL Improved) extension is supported this is the default extension used by WordPress however if you do not have the extension installed WordPress will fallback on the much older mysql extension which does not support secure connections. Depending on your database configuration you may not need to set all the available options. For example when connecting to RDS Amazon helpfully provides a certificate bundle so once that’s downloaded to the server all that’s need is to set the CA option: ``` define( 'MYSQL_SSL_CA', '/path/to/rds-combined-ca-bundle.pem' ); ``` Once SSL keys / certs have been configured you via the defines above define an WP core constant to pass a use SSL flag to the mysqli client also in your `wp-config. php` file. ``` define( 'MYSQL_CLIENT_FLAGS', MYSQLI_CLIENT_SSL ); ``` If you are using the MySQL Native Driver and MySQL 5.6 or later `mysqli_real_connect()` will verify the server SSL certificate before connecting. If the SSL cert installed on the MySQL server your are connecting to is not valid PHP will refuse to connect. A flag was added to disable server certificate validation. If your server has an invalid certificate turn on SSL and turn off validation like so: ``` define( 'MYSQL_CLIENT_FLAGS', MYSQLI_CLIENT_SSL | MYSQLI_CLIENT_SSL_DONT_VERIFY_SERVER_CERT ); ``` #### Example Config Aside from setting the normal MySQL connection parameters the minimum configs to get SSL connections to the database will look something like this in `wp-config. php`: ``` define( 'MYSQL_SSL_CA', '/path/to/ca-bundle.pem' ); define( 'MYSQL_CLIENT_FLAGS', MYSQLI_CLIENT_SSL ); ``` ## İncelemeler ![](https://secure.gravatar.com/avatar/57c0527248cb033a796a4c05c147127d6e4ec01c397ee3e2ded7ddfa4b2f9d2a? s=60&d=retro&r=g) ### 󠀁[Still working in 2023](https://wordpress.org/support/topic/still-working-in-2023-2/)󠁿 [drinkmaker](https://profiles.wordpress.org/drinkmaker/) 9 Ocak 2023 The plugin has not been updated for a long time, but it still works! ![](https://secure.gravatar.com/avatar/50df8a4e9adf58d3e403176b9052a16ce23fa5a938e348942cb537f7e64770e3? s=60&d=retro&r=g) ### 󠀁[Fantastic, works like a charm.](https://wordpress.org/support/topic/fantastic-works-like-a-charm/)󠁿 [aberbenni](https://profiles.wordpress.org/aberbenni/) 23 Mayıs 2018 Please add this to WP Core in 5.x! ![](https://secure.gravatar.com/avatar/f8d05a49b3a1b0d559c137f3355125b376f4b3e06d54810ff9929762b88a998f? s=60&d=retro&r=g) ### 󠀁[Works Well](https://wordpress.org/support/topic/works-well-1094/)󠁿 [Cato](https://profiles.wordpress.org/wp-cato/) 23 Haziran 2017 This works well and avoids the need to directly modify wp-db.php. Code is also well written. [ 2 incelemeyi oku ](https://wordpress.org/support/plugin/secure-db-connection/reviews/) ## Katkıda Bulunanlar ve Geliştiriciler “Secure DB Connection” açık kaynaklı yazılımdır. Aşağıdaki kişiler bu eklentiye katkıda bulunmuşlardır. Katkıda bulunanlar * [ hypertextranch ](https://profiles.wordpress.org/hypertextranch/) [“Secure DB Connection” eklentisini dilinize çevirin.](https://translate.wordpress.org/projects/wp-plugins/secure-db-connection) ### Geliştirmeyle ilgilenir misiniz? [Kodu görüntüleyin](https://plugins.trac.wordpress.org/browser/secure-db-connection/), [SVN deposuna](https://plugins.svn.wordpress.org/secure-db-connection/) göz atın ya da [RSS](https://plugins.trac.wordpress.org/log/secure-db-connection/?limit=100&mode=stop_on_copy&format=rss) ile [geliştirme günlüğüne](https://plugins.trac.wordpress.org/log/secure-db-connection/) abone olun. ## Değişiklik Kaydı #### 1.1.6 * Cleanup GitHub repo, remove screenshot image * Minor code cleanup #### 1.1.5 * PHP backwards compatibility with versions prior to 5.5 * Syncs DB connect code with WP Core 4.9 (Fixes https://core.trac.wordpress.org/ ticket/41722) #### 1.1.4 * Update version numbers in file headers. #### 1.1.3 * Better PHP backwards compatibility. #### 1.1.2 * Only set MySQL SSL opts if secure connections are requested. #### 1.1.1 * Retag release to fix version inconsistency #### 1.1.0 * Fix status message for when DB connection is not SSL enabled * Automatically install and remove db.php dropin on activate / deactivate * Check and report status of dropin * Add i18n support #### 1.0 * Initial release ## Meta * Sürüm **1.1.5** * Son güncelleme **8 yıl önce** * Etkin kurulumlar **100+** * WordPress sürümü ** 4.9 veya üstü ** * Test edilen sürüm **4.9.29** * PHP sürümü ** 5.2.4 veya üstü ** * Dil * [English (US)](https://wordpress.org/plugins/secure-db-connection/) * Etiketler * [db](https://tr.wordpress.org/plugins/tags/db/)[encrypted](https://tr.wordpress.org/plugins/tags/encrypted/) [mysql](https://tr.wordpress.org/plugins/tags/mysql/)[secure](https://tr.wordpress.org/plugins/tags/secure/) [ssl](https://tr.wordpress.org/plugins/tags/ssl/) * [Gelişmiş görünüm](https://tr.wordpress.org/plugins/secure-db-connection/advanced/) ## Puanlar 5 üzerinden 5 yıldız. * [ 3 5 yıldızlı inceleme ](https://wordpress.org/support/plugin/secure-db-connection/reviews/?filter=5) * [ 0 4 yıldızlı inceleme ](https://wordpress.org/support/plugin/secure-db-connection/reviews/?filter=4) * [ 0 3 yıldızlı inceleme ](https://wordpress.org/support/plugin/secure-db-connection/reviews/?filter=3) * [ 0 2 yıldızlı inceleme ](https://wordpress.org/support/plugin/secure-db-connection/reviews/?filter=2) * [ 0 1 yıldızlı inceleme ](https://wordpress.org/support/plugin/secure-db-connection/reviews/?filter=1) [Your review](https://wordpress.org/support/plugin/secure-db-connection/reviews/#new-post) [Tüm değerlendirmeleri görün](https://wordpress.org/support/plugin/secure-db-connection/reviews/) ## Katkıda bulunanlar * [ hypertextranch ](https://profiles.wordpress.org/hypertextranch/) ## Destek Söyleyeceğiniz bir şey mi var? Yardım mı lazım? [Destek forumunu görüntüle](https://wordpress.org/support/plugin/secure-db-connection/) ## Bağış yap Bu eklentinin geliştirilmesini desteklemek ister misiniz? [ Bu eklentiye bağış yap ](https://cash.me/$xyu)