[Ubuntu/Debian] How To Install And Secure phpMyAdmin
phpMyAdmin is a free and open source tool written in PHP intended to handle the administration of MySQL or MariaDB with the use of a web browser. It can perform various tasks such as creating, modifying or deleting databases, tables, fields or rows; executing SQL statements; or managing users and permissions.
Before working with phpMyAdmin, you need to have LAMP installed on your server. If you don't have the Linux, Apache, MySQL, PHP stack on your server, you can find the tutorial for setting it up here.
1. Updating Sytem
First of all you need to update your server. For this simple execute this command:
sudo apt-get update && sudo apt-get upgrade -y
2. Installing phpMyAdmin
Install the current version of phpMyAdmin:
sudo apt-get install phpmyadmin
During the installation, phpMyAdmin will walk you through a basic configuration. Once the process starts up, follow these steps:
- Select Apache2 for the server
- Choose YES when asked about whether to Configure the database for phpmyadmin with dbconfig-common
- Enter your MySQL password when prompted
- Enter the password that you want to use to log into phpmyadmin
3. Configuration of Apache
After the installation has completed, add phpmyadmin to the apache configuration.
sudo nano /etc/apache2/apache2.conf
Note: If nano is not installed install it with:
sudo apt-get install nano
Add the following to the bottom of the file:
Then exit and save the file. After this apache need to be restarted:
sudo service apache2 restart
Verify that phpMyAdmin is working by visiting:
Unfortunately, older versions of phpMyAdmin have had serious security vulnerabilities, including allowing remote users to eventually exploit root on the underlying virtual private server. One can prevent a majority of these attacks through a simple process: locking down the entire directory with Apache's native user/password restrictions which will prevent these remote users from even attempting to exploit older versions of phpMyAdmin.
Set Up the .htaccess File
Secure your phpMyAdmin directory using an .htaccess file that only allows specified IP addresses to access it. You can do this by creating an .htaccess file in your phpmyadmin directory. Substitute the proper paths and IP addresses for your particular configuration.
sudo nano /etc/phpmyadmin/apache.conf
Add the following lines:
allow from your_IP_address
To test phpMyAdmin, open your favorite browser and navigate to
You will be prompted for a username and password. Use the username “root” and the password you specified when you installed MySQL. Alternatively, you can log in using any MySQL user and retain their permissions.
If you can successfully log in, phpMyAdmin has been installed properly.