How to Secure phpMyAdmin

Like all applications and software that are popular, they expose points to exploit.  You can add a layer of security to your phpMyAdmin installation to prevent any unwanted guests.

Securing with Pop Up Login

Step 1: Edit Apache for .htaccess Overrides

vim /etc/apache2/conf-available/phpmyadmin.conf

Insert the code below into the file between the <Directory> </Directory> tags. , afterward save and exit by typing :wq hitting Enter

<Directory /usr/share/phpmyadmin>
  Options FollowSymLinks
  DirectoryIndex index.php
  AllowOverride All
</Directory>

Step 2: Create the .htaccess File

/usr/share/phpmyadmin/.htaccess

Paste in the code below:

AuthType Basic
AuthName "Restricted Files"
AuthUserFile /etc/phpmyadmin/.htpasswd
Require valid-user

Step 3: Create the .htpasswd File and Username

Pasting the code below conveniently makes a .htpasswd file while simultaneously creating a user.  Replace the username in this example with the username of your choice. I’m going to choose the username, tom, which we will use in Step 4.

sudo htpasswd -c /etc/phpmyadmin/.htpasswd username

 If we read this file we will find that it has added this user and has encrypted their password:

~# cat /etc/phpmyadmin/.htpasswd
tom:$apr1$fi4fis3.$oDVeDWxsp5eDhk.gc/DT991

Step 4: Verify Pop-Up Functionality

Visit http://yourhostname.com/phpmyadmin/ (replacing yourhostname.com with your server’s hostname or IP) to display a pop-up box where I will enter my username, tom, that I created in Step 3.

Securing by Changing URL to phpMyAdmin

Open the /etc/phpmyadmin/apache.conf file:

vim /etc/phpmyadmin/apache.conf

Comment out the lineAlias /phpmyadmin /usr/share/phpmyadmin with a # (as pictured below) and add in your the new URL you want to access your phpMyAdmin instance.

#Alias /phpmyadmin /usr/share/phpmyadmin
Alias /mynewurl /usr/share/phpmyadmin

Hit the ESC button and type :wq to save and quit.

Hope you find this blog post helpful.

Feel free to add comments and queries, that helps us to improve the quality of posts.

You can contact us at info@techcrm.in

Thank you.

Spread the love

Leave a Reply

Your email address will not be published. Required fields are marked *