MySQL is the most popular open-source relational database management system. It is fast, reliable, and a core part of both the LAMP and LEMP stacks. WordPress, Drupal, Joomla, and most PHP applications are built to work with MySQL out of the box.
This guide shows you how to install MySQL on Ubuntu 20.04, run the security script, and set up root access for both local and external connections.
<strong>Prerequisite:</strong> You need a user account with sudo access to follow these steps.
MySQL 8.0 is available in Ubuntu’s default repositories. Install it with:
bashsudo apt updatesudo apt install mysql-server
The service starts automatically after install. Confirm it is running:
bashsudo systemctl status mysql
Look for active (running) in the output. Your database server is up and ready.
MySQL includes a built-in script called mysql_secure_installation. It walks you through several settings that harden your server against common vulnerabilities.
Run it:
bashsudo mysql_secure_installation
The script will ask you to:
Go through all the prompts and answer y to each one. These steps are standard for any production database server. Skipping them leaves your server with default settings that are easy to exploit.
MySQL 8.0 uses the auth_socket plugin for the root user by default. This means root does not use a password to log in locally. Instead, MySQL checks that the Linux system user running the command matches the database user name.
Log in to the MySQL shell:
bashsudo mysql
You will see the MySQL prompt:
mysql>
Type exit or press CTRL+D to close the session.
You can run a few quick checks after logging in:
SELECT VERSION(); – shows the running MySQL versionSHOW DATABASES; – lists all databases on the serverThis default setup is secure for managing MySQL from the command line. However, it does not work with external tools like phpMyAdmin, which need a username and password to connect.
If you need to connect to MySQL from an external program, you have two options.
Option 1: Change root to use a password.
Run these commands from inside the MySQL shell:
sqlALTER USER 'root'@'localhost' IDENTIFIED WITH mysql_native_password BY 'your_strong_password';FLUSH PRIVILEGES;
Option 2 (recommended): Create a new admin user.
This keeps root on auth_socket and gives you a separate account for external tools:
sqlGRANT ALL PRIVILEGES ON *.* TO 'admin'@'localhost' IDENTIFIED BY 'your_strong_password';
You can name this user anything. Always use a strong, unique password for any admin account.
<strong>Tip:</strong> For each web application you run, create a dedicated MySQL user with access to only that application's database. Do not use the admin account for app connections.
MySQL is now installed and running on your Ubuntu server. The security script reduces your exposure to common database vulnerabilities, and the admin user setup gives you flexible access for different tools and applications. Got questions? Leave a comment below.