I have a home-hosted Spigot and MySQL server behind a Bungee hosted from BisectHosting, connected to TCPShield. On the Spigot server, I have BungeeGuard installed. On the MySQL server, I have the root user restricted to localhost with this command I found online: GRANT ALL PRIVILEGES ON *.* TO db_user @'localhost' IDENTIFIED BY 'db_passwd'; GRANT ALL PRIVILEGES ON *.* TO db_user @'127.0.0.1' IDENTIFIED BY 'db_passwd'; (I'm a complete MySQL noob, is there any advice on what I can do to secure my MySQL server?) My Bungee is on a different machine than my Spigot/MySQL server. I have Bitdefender firewall that only allows ports and IP addresses that plugins require (The server runs Windows, so no iptables. However, the Bungee server runs Linux). I have plugins on my Bungee that is also connected to my MySQL server, using port 3306, but the firewall only allows connections from port 3306 coming from my Bungee server. Is there anything wrong or unsecure about my setup? What can I do to further improve this setup?