Found php.ini file using /todo/info.php.
The location of php.ini is /etc/php/7.2/apache2/php.ini
Altered the default username and password to match the settings in my html file.
Removed the plaintext from the html file for index.php.
Restored users to original authentication settings.
Website runs correctly now without needing the username and password stored in the index.php file.
Undid those changes as it was still a security flaw. The flaw had simply moved from index.php to php.ini.
So, I thought of another solution. This is not a data sensitive file, the only sensitive information would be the default password being used. So, instead, I made a new user with limited permissions called todoguest with the password todo and that is the user used to access the database.
I experimented with different permissions to see how few permissions would be needed.
Settled on: GRANT SELECT, INSERT, DELETE ON todo.tasks TO 'todoguest'@'localhost';
This restricts the user from Create and Drop permissions as well as only allows them access to tasks within the todo database.
All of this would have been avoided had this been a website where people created a user and then logged in with their own info, using POST to send that to the username/password values. In hindsight, likely would have been faster to set that up too. This gave me some familiarity using nano with the php config files though along with a lot of practice with mysql so it seems like a worthwhile venture.
Added a functioning delete button.
Deleting tasks messed with number, fixed that so the numbers remain correct despite deletions. It used to pull from the id tag, now it uses i++ (post increment, i=i+1. Use the value of i first, then increment).
Was working on a side project inspired by something you showed. http://45.79.134.85/scrolling/ . In general, being able to make modern looking websites has always interested me so I'm mostly messing around with different CSS styles. Haven't tried the scrolling image look before this.