MySQL tends not to be the problem.
Take a malicious POST query in a form field. If the page has been properly coded it's blocked or, if not, then not. PHP is the firewall (scary thought!) and MySQL relies on it.
Nonetheless, there are some best practices and, if all else fails, containment strategies:
Give MySQL's root user a supreme unique passphrase
Have individual databases for individual WordPress installations
For WordPress Multisite, share the database, sites having their own tables
Give any db a unique administrator, not root, with a unique password
Grant database users the minimum possible privileges
Run this statement from your MySQL root account:
mysql > SELECT user, host, password FROM mysql.user;
If there are any gaps, create passwords for root and do the same, else delete other users.