[Ubuntu/Debian] How To Install And Secure phpMyAdmin

LawrenceLawrence Moderator
edited May 12 in Linux Applications


Introduction

phpMyAdmin is a free and open source tool written in PHP intended to handle the administration of MySQL or MariaDB with the use of a web browser. It can perform various tasks such as creating, modifying or deleting databases, tables, fields or rows; executing SQL statements; or managing users and permissions.


Setup

Before working with phpMyAdmin, you need to have LAMP installed on your server. If you don't have the Linux, Apache, MySQL, PHP stack on your server, you can find the tutorial for setting it up here.


1. Updating Sytem

First of all you need to update your server. For this simple execute this command:

sudo apt-get update && sudo apt-get upgrade -y


2. Installing phpMyAdmin

Install the current version of phpMyAdmin:

sudo apt-get install phpmyadmin

During the installation, phpMyAdmin will walk you through a basic configuration. Once the process starts up, follow these steps:

- Select Apache2 for the server
- Choose YES when asked about whether to Configure the database for phpmyadmin with dbconfig-common
- Enter your MySQL password when prompted
- Enter the password that you want to use to log into phpmyadmin


3. Configuration of Apache

After the installation has completed, add phpmyadmin to the apache configuration.

sudo nano /etc/apache2/apache2.conf

Note: If nano is not installed install it with:

sudo apt-get install nano

Add the following to the bottom of the file:

Include /etc/phpmyadmin/apache.conf

Then exit and save the file. After this apache need to be restarted:

sudo service apache2 restart

Verify that phpMyAdmin is working by visiting:

http://IP_of_the_server/phpmyadmin


4. Security

Unfortunately, older versions of phpMyAdmin have had serious security vulnerabilities, including allowing remote users to eventually exploit root on the underlying virtual private server. One can prevent a majority of these attacks through a simple process: locking down the entire directory with Apache's native user/password restrictions which will prevent these remote users from even attempting to exploit older versions of phpMyAdmin.

Set Up the .htaccess File

Secure your phpMyAdmin directory using an .htaccess file that only allows specified IP addresses to access it. You can do this by creating an .htaccess file in your phpmyadmin directory. Substitute the proper paths and IP addresses for your particular configuration.

sudo nano /etc/phpmyadmin/apache.conf

Add the following lines:
order allow,deny
allow from your_IP_address

Accessing phpMyAdmin

To test phpMyAdmin, open your favorite browser and navigate to

http://IP_of_the_server/phpmyadmin

You will be prompted for a username and password. Use the username “root” and the password you specified when you installed MySQL. Alternatively, you can log in using any MySQL user and retain their permissions.

If you can successfully log in, phpMyAdmin has been installed properly.
Sign In or Register to comment.