Containing MySQL databases
MySQL tends not to be the problem.
Take a malicious POST query in a form field. If the page has been properly coded it's blocked or, if not, then not. PHP is the firewall (scary thought!) and MySQL relies on it.
Nonetheless, there are some best practices and, if all else fails, containment strategies:
Give MySQL's root user a supreme unique passphrase
Have individual databases for individual WordPress installations
For WordPress Multisite, share the database, sites having their own tables
Give any db a unique administrator, not root, with a unique password
Grant database users the minimum possible privileges
Checking for empty passwords
Run this statement from your MySQL root account:
mysql > SELECT user, host, password FROM mysql.user;
If there are any gaps, create passwords for root and do the same, else delete other users.
Deleting the test database
MySQL comes shipped with a test database that poses a small risk. Remove like so:
mysql > DROP DATABASE test;
