Many WordPress developers face difficulties when trying to establish secure MySQL connections in modern WordPress installations (4.5.2+). While older tutorials exist, they often reference deprecated code structures in wp-db.php and wp-settings.php that no longer match current WordPress implementations.
Instead of modifying core files (which would break during updates), the correct method involves:
- Proper MySQL server SSL configuration
- Using WordPress constants in
wp-config.php - Implementing custom database class when needed
Add these constants to your WordPress configuration:
define('DB_SSL_KEY', '/path/to/client-key.pem');
define('DB_SSL_CERT', '/path/to/client-cert.pem');
define('DB_SSL_CA', '/path/to/ca-cert.pem');
define('DB_SSL_VERIFY', true);For advanced cases where default constants aren't sufficient:
class wpdb_ssl extends wpdb {
function __construct($dbuser, $dbpassword, $dbname, $dbhost) {
$this->ssl_key = DB_SSL_KEY;
$this->ssl_cert = DB_SSL_CERT;
$this->ssl_ca = DB_SSL_CA;
parent::__construct($dbuser, $dbpassword, $dbname, $dbhost);
}
function db_connect($allow_bail = true) {
$this->use_mysqli = true;
$this->dbh = mysqli_init();
mysqli_ssl_set(
$this->dbh,
$this->ssl_key,
$this->ssl_cert,
$this->ssl_ca,
null,
null
);
return parent::db_connect($allow_bail);
}
}Verify the connection status with:
global $wpdb;
$result = $wpdb->get_row("SHOW STATUS LIKE 'Ssl_cipher'");
var_dump($result);You should see output indicating the active encryption cipher if SSL is working properly.
- Ensure file permissions allow WordPress to read certificate files
- Verify MySQL user has REQUIRE SSL privilege
- Check PHP's OpenSSL extension is installed
- Test basic MySQL SSL connection outside WordPress first
Many WordPress developers face challenges when trying to establish secure connections between WordPress and remote MySQL databases. While numerous outdated tutorials exist (mostly from 2015-2017), modern WordPress installations (like version 4.5.2) require updated approaches due to significant codebase changes.
The primary files requiring attention are:
wp-settings.php
wp-includes/wp-db.php
wp-config.php
Here's the complete process for establishing SSL connections:
1. MySQL Server Preparation:
GRANT ALL PRIVILEGES ON wordpress.* TO 'wpuser'@'%'
REQUIRE SSL;
FLUSH PRIVILEGES;
2. wp-config.php Modifications:
define('DB_HOST', 'mysql.example.com:3306');
define('MYSQL_CLIENT_FLAGS', MYSQLI_CLIENT_SSL);
define('MYSQL_SSL_CA', '/path/to/ca-cert.pem');
define('MYSQL_SSL_CERT', '/path/to/client-cert.pem');
define('MYSQL_SSL_KEY', '/path/to/client-key.pem');
For WordPress 4.5.2, update the wpdb class in wp-includes/wp-db.php:
$ssl = array(
'key' => DB_SSL_KEY,
'cert' => DB_SSL_CERT,
'ca' => DB_SSL_CA,
'verify_cert' => true
);
$this->dbh = mysqli_init();
mysqli_ssl_set(
$this->dbh,
$ssl['key'],
$ssl['cert'],
$ssl['ca'],
null,
null
);
mysqli_real_connect(
$this->dbh,
DB_HOST,
DB_USER,
DB_PASSWORD,
DB_NAME,
null,
null,
MYSQLI_CLIENT_SSL
);
After implementation, verify the SSL connection:
$connection = mysqli_connect(DB_HOST, DB_USER, DB_PASSWORD);
$result = mysqli_query($connection, "SHOW STATUS LIKE 'Ssl_cipher'");
print_r(mysqli_fetch_assoc($result));
Certificate Validation Errors:
Ensure your CA certificate chain is complete. Modern PHP versions require proper certificate verification.
Connection Timeouts:
The SSL handshake adds overhead. Consider increasing these values in wp-config.php:
define('WP_DB_TIMEOUT', 10);
define('WP_DB_RETRIES', 3);
Protocol Mismatches:
MySQL 8.0+ may require explicit protocol specification:
define('MYSQL_CLIENT_FLAGS', MYSQLI_CLIENT_SSL | MYSQLI_CLIENT_SSL_DONT_VERIFY_SERVER_CERT);