Review feedback

Co-authored-by: Tomasz Dąbrowski <[email protected]>

Author: glye

docs/infrastructure_and_maintenance/security/security_checklist.md

@@ -191,7 +191,10 @@ Once you have properly configured secure user roles and permissions, to avoid ex
 - Avoid exposing servers on the open internet when not strictly required.
 - Ensure any servers, services, ports and virtual hosts that were opened for testing purposes are shut down before going live.
 - Ensure file system permissions are set up such that the web server or PHP user can't access files it shouldn't be able to read.
-- Secure the database with a good password, keys, firewall, etc. Optionally, ensure that the database user used by the web app only has access to do the operations needed by [[= product_name =]]. The Data Definition Language (DDL) commands (create, alter, drop, truncate, comment) are not needed for running [[= product_name =]], only for installing and upgrading it. If the web app user does not have these rights, then that reduces the damage that can be done if there is a security breach.
+- Secure the database with a good password, keys, firewall, etc.
+Optionally, ensure that the database user used by the web app only has permissions to do the operations needed by [[= product_name =]].
+The Data Definition Language (DDL) commands (create, alter, drop, truncate, comment) are only needed for installing and upgrading [[= product_name =]], and not for running it.
+Not granting these rights to web app users reduces the damage that can result from a security breach.
 
 Those steps aren't needed when using [[= product_name_cloud =]], where the provider handles them.