But how does WordPress access that data? It uses a MySQL user account. Understanding what that user is, what it can do, and how to manage it is one of the most critical and overlooked aspects of website security and troubleshooting. You may have come here looking for a simple SHOW USERS command, but you’re about to unlock a core pillar of professional web creation.

Key Takeaways

  • SHOW USERS is Not the Command You’re Looking For: While it seems intuitive, SHOW USERS is not a standard SQL command. The correct, modern way to see all users in a MySQL database is by querying the mysql.user table directly with SELECT User, Host FROM mysql.user;.
  • User Management is Security: The user accounts in your database are the keys to your kingdom. If a user is compromised, your entire site data is at risk. Proper management is not just administrative, it’s a foundational security practice.
  • Embrace the “Principle of Least Privilege”: This core concept means a user should only have the exact permissions needed to do its job, and no more. Your WordPress user should never be the all-powerful root user.
  • Know Your wp-config.php: This WordPress file is the bridge between your website and your database. It literally tells WordPress which DB_USER, DB_PASSWORD, and DB_HOST to use for its connection.
  • Visual Tools are Your Friend: For most website creators, you won’t need to live in the command line. Tools like phpMyAdmin, which is included in most hosting panels, provide a visual interface to manage users and permissions.
  • Managed Platforms Simplify Everything: This level of database management can be complex and intimidating. This is a primary benefit of integrated platforms. A solution like Elementor Hosting manages this secure database environment for you, ensuring it’s optimized, secure, and backed up, letting you focus on design instead of database administration.

Why Should a Website Creator Even Care About MySQL Users?

It’s a fair question. Isn’t this the “server guy’s” job? In the modern web, the lines are blurred. As a professional creator, knowing your full stack makes you better at your job. Here’s why this matters to you.

  1. Fundamental Security: Your WordPress user is a potential attack vector. If a plugin has a vulnerability, an attacker could use it to execute database queries as your WordPress user.
    • Bad Scenario: You use the root user (which has god-mode) for your site. The attacker gets in and can now read data from all other databases on your server, or worse, DROP (delete) everything.
    • Good Scenario: You use a limited user, wp_user, that only has privileges for the wp_database. The attacker gets in. The damage is contained. They can mess with your site, but they can’t touch the server or your other sites.
  2. Serious Troubleshooting: The single most terrifying WordPress error is “Error establishing a database connection.” This message means your website is completely offline. Nine times out of ten, this is a database user problem.
    • Did the password in wp-config.php get changed?
    • Does the user listed in wp-config.php actually exist?
    • Does that user have permission to access the database?
    • Is the database host correct? Knowing how to check users and their permissions is the first step to fixing this critical error.
  3. Smooth Migrations: When you move a website from a staging environment to a live server, or from one host to another, you are moving the database. You must ensure that the new environment has a database, a user, and that the new user has been GRANTed permission to access the new database. You then update your wp-config.php to point to this new user.

The Command You Think You Want: SHOW USERS

Let’s address this head-on. If you type SHOW USERS; into your MySQL prompt, you will almost certainly get an error:

ERROR 1064 (42000): You have an error in your SQL syntax…

This is because SHOW USERS is not, and really never has been, a standard SQL command in MySQL. It’s a common-sense phrase that feels like it should work, and some third-party database clients may have implemented it as a helpful shortcut.

But it’s not the real command. The real command is much more powerful because it involves pulling data directly from the system’s master table of users.

The Right Way to See Users: Querying the mysql.user Table

All information about who can log in, from where, and with what password, is stored in a special database called mysql. Inside that database, there is a table called user.

To see all the users defined on your server, you need to query this table directly.

How to Connect to Your Database

Before you can run any commands, you need to get to a MySQL prompt. You have a few options.

Option 1: The Command Line Interface (CLI) (The “Pro” Way)

This is the fastest and most powerful method, but it requires “shell” or “SSH” access to your server.

  1. Log in to your server via SSH.

At the prompt, type the following to log in to MySQL as the root user:
mysql -u root -p

  2. It will ask for your root password. Enter it.
  3. You are now at the mysql> prompt and can run the commands below.

Option 2: phpMyAdmin (The “WordPress Creator” Way)

This is the most common method for anyone using cPanel or similar hosting dashboards.

  1. Log in to your web hosting control panel (cPanel, Plesk, etc.).
  2. Find and click the phpMyAdmin icon.
  3. This will open a new tab. On the left-hand sidebar, you will see a list of databases.
  4. Click on the database named mysql.
  5. In the list of tables, find and click on the user table.
  6. This will visually show you all the columns and rows in the user table. It’s the visual equivalent of running the command. You can also click the “SQL” tab at the top and run the commands manually.

The Master Command to List All Users

Once you are at a MySQL prompt (either via CLI or the phpMyAdmin SQL tab), run these two commands.

USE mysql;

SELECT User, Host FROM mysql.user;

  • USE mysql; tells the server you want to work with the mysql database.
  • SELECT User, Host FROM mysql.user; is the magic. It says “Go into the user table and show me the contents of the User column and the Host column for every row.”

You will get a result that looks something like this:

UserHost
debian-sys-maintlocalhost
mysql.infoschemalocalhost
mysql.sessionlocalhost
mysql.syslocalhost
rootlocalhost
wordpress_userlocalhost
backup_user%

What ‘User’ and ‘Host’ Really Mean (It’s a Pair!)

This output is the most important concept to grasp. A “user” in MySQL is not just a username. It’s a combination of User and Host.

  • User: This is the username, like wordpress_user or root.
  • Host: This is the location from which the user is allowed to connect.
    • localhost: This is the most common and most secure. It means this user can only connect from the server itself. Your wp-config.php file’s DB_HOST is almost always localhost because your website (the PHP code) is running on the same machine as your database.
    • % (Percent Sign): This is a wildcard that means “any host.” It allows the user to connect from anywhere on the internet. This is sometimes necessary for remote management but is a massive security risk. You should never use a user with a % host for your WordPress site.
    • 192.168.1.10: You can also use specific IP addresses.

So, root@localhost and root@% are two completely different users with different passwords and different permissions.

An Expert’s View: Deconstructing the mysql.user Table

Just seeing the User and Host is only scratching the surface. The user table is a complex security file. To see everything (which can be overwhelming), you could run:

SELECT * FROM mysql.user;

This will show you dozens of columns. As web professional Itamar Haim often notes, “Looking at the mysql.user table isn’t just about finding a username; it’s a full security audit of your server. The columns tell you who can do what, and how.”

Let’s break down the important columns.

Authentication Columns (The “Who” and “How”)

  • authentication_string: This column stores the user’s password. It will be a long, encrypted hash, not a plain-text password. You should never change this column directly.
  • plugin: This defines how the authentication_string is encrypted. You’ll see mysql_native_password (the old standard) or caching_sha2_password (the new, more secure standard in MySQL 8+). This is a common “gotcha” as older PHP versions can’t connect to users with caching_sha2_password.

Privilege Columns (The “What”)

These columns are all “Y” (for Yes) or “N” (for No). They define what a user is allowed to do on a global scale (i.e., to all databases on the server). For your WordPress user, these should all be ‘N’.

  • CRUD Privileges: Select_priv, Insert_priv, Update_priv, Delete_priv. These are the basic “read” and “write” permissions.
  • Structure Privileges: Create_priv, Alter_priv, Drop_priv. These allow a user to create, modify, or delete entire databases and tables.
  • Administrative Privileges (The Dangerous Ones):
    • Super_priv: A “god-mode” privilege. Can do almost anything.
    • Grant_priv: This user can GRANT (give) privileges to other users. This is extremely powerful and should be reserved for root only.
    • File_priv: This user can read and write files on the server’s local file system. A hacked user with this privilege is catastrophic.

Resource Limit Columns (The “How Much”)

These columns are usually set to 0 (unlimited) but can be used to “throttle” a user to prevent abuse.

  • max_questions: Max queries per hour.
  • max_updates: Max UPDATE commands per hour.
  • max_connections: Max simultaneous connections per hour.

Beyond Just Seeing Users: A Practical User Management Toolkit

Okay, so you can see the users. Now what? Your real-world job will involve managing these users. Here are the commands you actually need to know.

SHOW GRANTS: Seeing What a Specific User Can Do

This is arguably more important than SELECT * FROM mysql.user;. The user table shows global privileges, but most users (like your WordPress user) have privileges on specific databases.

SHOW GRANTS is the command to see those.

— Replace ‘wordpress_user’@’localhost’ with your user and host

SHOW GRANTS FOR ‘wordpress_user’@’localhost’;

The output will look something like this:

GRANT USAGE ON *.* TO ‘wordpress_user’@’localhost’ GRANT ALL PRIVILEGES ON ‘wordpress_db’.* TO ‘wordpress_user’@’localhost’

Let’s translate this:

  • The first line (USAGE ON *.*) just means the user can log in. It’s the base-level permission.
  • The second line is the important one. It says “This user has ALL PRIVILEGES (SELECT, INSERT, CREATE, etc.) on the database named wordpress_db (and .* means all tables inside it).”

This is the perfect permission setup for a WordPress site. The user has full control of its own database but zero control over anything else.

CREATE USER: Making a New User

When you build a new website, you should always create a new database and a new user for it. Never re-use users.

Principle of Least Privilege in action:

— Step 1: Create the user and their password

CREATE USER ‘new_site_user’@’localhost’

IDENTIFIED BY ‘A-Very-Str0ng-P@ssword!’;

This user is now created, but it can’t do anything. It can log in, but it has no GRANTs. It can’t even see any databases.

GRANT: Giving Permissions to the New User

Now, you need to “grant” permissions to the new user on the database you created for it.

— Step 2: Grant the permissions

GRANT ALL PRIVILEGES ON ‘new_site_db’.* TO ‘new_site_user’@’localhost’;

This single command gives the new user all the permissions it needs to run WordPress (create tables, insert posts, etc.) but only on the new_site_db database.

FLUSH PRIVILEGES: Telling MySQL to Update

After you CREATE or GRANT, it’s good practice to tell MySQL to re-load its internal privilege tables.

— Step 3: Tell MySQL to refresh

FLUSH PRIVILEGES;

DROP USER: Deleting a User

When you decommission a site, don’t just delete the files. Delete the database and the user to keep your server clean and secure.

DROP USER ‘old_site_user’@’localhost’;

ALTER USER: Changing a Password

Forgot a password? Or need to rotate it for security? This is the command.

ALTER USER ‘wordpress_user’@’localhost’

IDENTIFIED BY ‘New-Super-Str0ng-P@ssword!’;

CRITICAL: The moment you run this, your website will go offline with an “Error establishing a database connection.” Why? Because your wp-config.php file still has the old password. You must immediately edit your wp-config.php and update the DB_PASSWORD constant to match.

The WordPress & Elementor Connection: Putting It All Together

Let’s bring this all back to your life as a web creator.

Dissecting Your wp-config.php

Open the wp-config.php file in the root of your WordPress installation. You will see this block:

/** The name of the database for WordPress */

define( ‘DB_NAME’, ‘wordpress_db’ );

/** MySQL database username */

define( ‘DB_USER’, ‘wordpress_user’ );

/** MySQL database password */

define( ‘DB_PASSWORD’, ‘user_password’ );

/** MySQL hostname */

define( ‘DB_HOST’, ‘localhost’ );

This is the “login form” that WordPress uses every single time a page is loaded.

  • It logs in to the DB_HOST server (localhost).
  • It logs in as the DB_USER (wordpress_user).
  • It uses the DB_PASSWORD (user_password).
  • It then tries to access the DB_NAME (wordpress_db).

Your “Error establishing a database connection” is this file’s way of saying, “One of these four things is wrong!”

How Managed Platforms Simplify This (The Elementor Pro Creator’s Focus)

As you can see, this is a lot of technical overhead. It’s a separate job from designing beautiful, functional websites. You want to be in the Elementor Library picking templates, not in a black-and-white command line worrying about GRANT_priv.

This is the core value proposition of a complete web creation platform.

When you use a solution like Elementor Hosting, this entire backend is provisioned and secured for you.

  • A secure, isolated database is created for your site.
  • A unique, unprivileged user is generated.
  • The correct GRANTs are applied.
  • The wp-config.php is written for you.
  • The entire environment is optimized for Elementor and WordPress performance.

It handles the database administration so you can focus on the web creation. Knowing what’s happening under the hood empowers you as a professional, but having a platform that handles it for you makes you efficient.

Troubleshooting Common User-Related Database Errors

Next time you hit a database error, you’ll be ready.

“Error Establishing a Database Connection”

Your troubleshooting checklist:

  1. Check wp-config.php: Open the file. Are the DB_NAME, DB_USER, DB_PASSWORD, and DB_HOST 100% correct? Check for typos.
  2. Check the User: Log in to phpMyAdmin or the CLI.
    • Run SELECT User, Host FROM mysql.user;
    • Does the DB_USER from your config file exist at that DB_HOST?
  3. Check the Grants:
    • Run SHOW GRANTS FOR ‘DB_USER’@’DB_HOST’;
    • Does that user have ALL PRIVILEGES on the DB_NAME?
  4. Reset the Password: If all else fails, reset the password.
    • Run ALTER USER ‘DB_USER’@’DB_HOST’ IDENTIFIED BY ‘some_new_password’;
    • Update your wp-config.php with some_new_password.
    • Test the site.

“Access Denied for User ‘user’@’host’ to database ‘somedb'”

This is different. This means the user connected successfully, but then tried to do something they weren’t allowed to do.

  • Cause: The user’s GRANTs are too restrictive.
  • Example: A new plugin might try to CREATE TABLE, but the user only has SELECT, INSERT, UPDATE privileges.
  • Fix: You need to add the missing privilege. GRANT CREATE ON ‘wordpress_db’.* TO ‘wordpress_user’@’localhost’;

Conclusion: From Database User to Database Expert

You started by asking for a simple command: SHOW USERS. What you’ve unlocked is the entire field of database user management, a core pillar of website security, performance, and troubleshooting.

You now know not only how to list users but how to audit their permissions, create them, delete them, and grant them the exact privileges they need to do their job—and no more.

This knowledge makes you a more complete, more capable, and more professional web creator. While the trend is toward managed platforms like Elementor Hosting that handle this complexity for you, understanding what is being handled is the mark of a true expert. You are now empowered to not only build the beautiful “frontend” but to understand and secure the powerful “backend” that runs it all.

Frequently Asked Questions (FAQ)

1. What is the command to show all users in MySQL? There is no standard SHOW USERS command. The correct way is to query the mysql.user table directly by running SELECT User, Host FROM mysql.user; after logging in to MySQL.

2. Why doesn’t SHOW USERS work? It’s not a standard SQL command recognized by the MySQL server. It’s a common-sense phrase, but the official method is to query the system’s user table, which stores all user information.

3. What is the mysql.user table? It’s the master table within the mysql system database that stores all user accounts. It contains not only their usernames and hosts but also their encrypted passwords, global privileges, and resource limits.

4. What’s the difference between User and Host? A user account in MySQL is a combination of both. User is the username (e.g., root). Host is the location (IP address or hostname) they are allowed to connect from (e.g., localhost). user@localhost and [email protected] are two separate users.

5. What does the host % mean and is it safe? The % is a wildcard character that means “any host.” It allows a user to connect from anywhere on the internet. It is not safe and should be avoided. For your WordPress user, the host should always be localhost.

6. How do I see the permissions for a specific user? Use the SHOW GRANTS command. The command SHOW GRANTS FOR ‘username’@’hostname’; will show you exactly what privileges that user has on which databases.

7. Why shouldn’t I use the root user for my WordPress site? This is the most important security rule. The root user is all-powerful. If your website is hacked (e.g., through a plugin vulnerability), the attacker gains the full powers of your database user. If that user is root, they can destroy your entire server. If it’s a limited user, the damage is contained to just that one website’s database.

8. How do I change a MySQL user’s password? Use the ALTER USER command: ALTER USER ‘username’@’hostname’ IDENTIFIED BY ‘my-new-strong-password!’; Remember to update your wp-config.php file immediately after.

9. What do I do if I get an “Error establishing a database connection”? This is a 4-step checklist:

  1. Confirm the DB_NAME, DB_USER, DB_PASSWORD, and DB_HOST in your wp-config.php file are correct.
  2. Log in to your database and check that the user exists.
  3. Use SHOW GRANTS to ensure the user has privileges on the database.
  4. If needed, reset the user’s password with ALTER USER and update your wp-config.php again.

10. How does Elementor Hosting help with database management? Elementor Hosting is a managed platform. It handles all the complex database administration for you. It automatically creates a secure database, generates a unique user with the correct “least privilege” permissions, and configures WordPress to use it, all in an environment optimized for speed and security. It lets you focus on building your site, not on database security.