← All Guides
🗄️
How to Secure Exposed MongoDB
Secure your exposed MongoDB database
Port 27017 · Databases
Step 1.Enable authentication
MongoDB ships with no auth by default. Create an admin user immediately.
use admin
db.createUser({user:'admin', pwd:'STRONG_PASSWORD', roles:['root']})Step 2.Bind to localhost
Change bindIp from 0.0.0.0 to 127.0.0.1 in mongod.conf.
# /etc/mongod.conf net: bindIp: 127.0.0.1
Step 3.Enable authorization
Add the security.authorization setting and restart MongoDB.
# /etc/mongod.conf security: authorization: enabled
Step 4.Firewall the port
Block port 27017 from the internet.
sudo ufw deny 27017
After fixing:Use our Self-Check Tool to verify the port is no longer exposed.