How to fix mysql_native_password not loaded errors on MySQL 8.4

Published On15 May 2024

How to fix the SQLSTATE[HY000] [1524] Plugin mysql_native_password is not loaded errors caused in MySQL 8.4 no longer enabling the mysql_native_password plugin by default

One of the major changes introduced in MySQL 8.4 (the latest LTS release as of 2024) is that the "MySQL Native Password" plugin is no longer enabled by default. Further, MySQL 9.0 removes this plugin completely.

This change affects PHP and other applications that use MySQL database with the mysql_native_password authentication plugin. Because the mysql_native_password plugin is no longer loaded by default or not available at all, PHP PDO/MySQLi connections fail.

When attempting to connect to the database using the mysql_native_password plugin that is no longer loaded, PDO/MySQLi throws the error returned by MySQL:


PDO:

SQLSTATE[HY000] [1524] Plugin 'mysql_native_password' is not loaded

MySQLi:

 mysqli_sql_exception  Plugin 'mysql_native_password' is not loaded.

On MySQL 8.0.34 through 8.3, using the mysql_native_password plugin resulted in warnings logged in the MySQL error log:

[Warning] [MY-013360] [Server] Plugin mysql_native_password reported: ''mysql_native_password' is deprecated and will be removed in a future release. Please use caching_sha2_password instead'

MySQL 8.4 makes the change to not load the mysql_native_password plugin anymore, which results in the errors shown above. On MySQL 9.0, the mysql_native_password plugin is removed completely, which also results in the same errors.


PHP has support for caching_sha2_password authentication since PHP 7.4. To fix this error, change the authentication plugin of the MySQL user to caching_sha2_password.

List MySQL Users using mysql_native_password

On a MySQL console, run the following to list users using the deprecated authentication plugin:

SELECT user, host, plugin from mysql.user WHERE plugin='mysql_native_password';

Running the above command should list all users that use the mysql_native_password plugin:

MySQL 8.4 - users with mysql_native_password plugin

Update mysql_native_password users to caching_sha2_password

On a MySQL console with sufficient permissions, run the following command on each user using mysql_native_password plugin:

ALTER USER '<USERNAME>'@'<HOST>' IDENTIFIED WITH caching_sha2_password BY '<PASSWORD>';

Replace <USERNAME>, <HOST>, and <PASSWORD> with the MySQL user's username, host, and password.

After the authentication plugin is updated, PHP and other applications will be able to connect to the database over the caching_sha2_password plugin.

Re-enable MySQL Native Password Plugin

Although MySQL 8.4 no longer enables the mysql_native_password plugin by default, it is still possible to enable this plugin. It is not recommended to do it unless the PHP application is running PHP 7.3 or older versions, where it cannot use the caching_sha2_password plugin.

To enable the mysql_native_password plugin, add the following to the [mysqld] section of the MySQL configuration file and restart the MySQL server service.

On Debian/Ubuntu-based systems, this file is located in /etc/mysql/ directory. It is recommended to create a new file (named /etc/mysql/conf.d/enable-mysql-native-password.cnf, for example) for this.

# Enable mysql_native_password plugin
[mysqld]
mysql_native_password=ON

Note that the mysql_native_password plugin is removed in MySQL 9.0, so adding the configuration above does not work and can cause a configuration error because the mysql_native_password configuration is no longer valid on MySQL 9.0.

Recent Articles on PHP.Watch

All ArticlesFeed 
PHP 8.4 Installation and Upgrade guide for Ubuntu and Debian

PHP 8.4 Installation and Upgrade guide for Ubuntu and Debian

A guide for Debian and Ubuntu on how to install PHP 8.4 on a new server or how to upgrade an existing PHP setup to PHP 8.4.
How to fix PHP Curl HTTPS Certificate Authority issues on Windows

How to fix PHP Curl HTTPS Certificate Authority issues on Windows

On Windows, HTTPS requests made with the Curl extension can fail because Curl has no root certificate list to validate the server certificates. This article discusses the secure and effective solutions, and highlights bad advice that can leave PHP applications insecure.
AEGIS Encryption with PHP Sodium Extension

AEGIS Encryption with PHP Sodium Extension

The Sodium extension in PHP 8.4 now supports AEGIS-128L and AEGIS256 Authenticated Encryption ciphers. They are significantly faster than AES-GCM and CHACHA20-POLY1305. This article benchmarks them and explains how to securely encrypt and decrypt data using AEGIS-128L and AEGIS256 on PHP.
Subscribe to PHP.Watch newsletter for monthly updates

You will receive an email on last Wednesday of every month and on major PHP releases with new articles related to PHP, upcoming changes, new features and what's changing in the language. No marketing emails, no selling of your contacts, no click-tracking, and one-click instant unsubscribe from any email you receive.

Support PHP.Watch — If you find the articles, version information, Codex, and other PHP.Watch contributions useful, consider supporting through GitHub Sponsors. Your sponsorship helps dedicate more time to creating valuable content and improving the PHP community. Together, we can keep the momentum going — thank you for your support!

Thanks to the highest tier sponsor: @TomasVotruba for your generous support to keep PHP.Watch moving 💜