• Prompts you to change your MySQL root password, especially if you haven’t set a root password yet.
• Removes anonymous access to your database server.
• Restricts root access to localhost only.
• Drops the ‘test’ table that’s installed automatically.
• Flushes the privileges so that all changes are taken immediately without having to restart the database server.

Here’s the output when running the mysql_secure_installation in one of my servers.

In all, it’s something that I’ve been doing manually for a while. And I bet that there are many, many developers out there who, even on production servers, don’t even bother to remove these things. Obviously, this isn’t the “be-all and end-all” of MySQL security, but it’s a big step away from the default installation. Go run this script now! Well, unless you’re a security expert who already did this, either manually or with the script. If so, then I salute you.