You may also have been using phpbb2, we're on 3.  phpbb3's recommended hardening measures include nothing about the database and I'm skeptical as to your hypothetical recommendation in general.

A relational database engine can deny non-local authentication requests but this is default in MySQL.

You an also pre-populate the Banned IP list but this is spoofable and can prevent legitimate registrations from happening.

Please be more specific.  We still need help on the website which I've seen zero commits on.  Do you still plan on helping with the website? :)