frame
Howdy, Stranger!
It looks like you're new here. If you want to get involved, click one of these buttons!
Sign In RegisterHowdy, Stranger!
It looks like you're new here. If you want to get involved, click one of these buttons!
Quick Links
Categories
- 1.3K All Categories
- 7.2K General
- 6.2K General Discussions
- 406 Feature Request/Bug Report
- 541 Sales Questions and Answers
- 53 Time4VPS Life
- 237 Help requests
- 239 Server management
- 332 Tutorials
- 56 Various Tutorials
- 44 Web hosting control panels
- 130 Performance and Security
- 27 Web Applications
- 53 Linux Applications
- 22 Windows VPS
[Ubuntu/Debian] How To Install And Secure phpMyAdmin
Lawrence
Member
Introduction
phpMyAdmin is a free and open source tool written in PHP intended to handle the administration of MySQL or MariaDB with the use of a web browser. It can perform various tasks such as creating, modifying or deleting databases, tables, fields or rows; executing SQL statements; or managing users and permissions.
Setup
Before working with phpMyAdmin, you need to have LAMP installed on your server. If you don't have the Linux, Apache, MySQL, PHP stack on your server, you can find the tutorial for setting it up here.
1. Updating Sytem
First of all you need to update your server. For this simple execute this command:
sudo apt-get update && sudo apt-get upgrade -y2. Installing phpMyAdmin
Install the current version of phpMyAdmin:
sudo apt-get install phpmyadminDuring the installation, phpMyAdmin will walk you through a basic configuration. Once the process starts up, follow these steps:
- Select Apache2 for the server
- Choose YES when asked about whether to Configure the database for phpmyadmin with dbconfig-common
- Enter your MySQL password when prompted
- Enter the password that you want to use to log into phpmyadmin
3. Configuration of Apache
After the installation has completed, add phpmyadmin to the apache configuration.
sudo nano /etc/apache2/apache2.confNote: If nano is not installed install it with:
sudo apt-get install nanoAdd the following to the bottom of the file:
Include /etc/phpmyadmin/apache.confThen exit and save the file. After this apache need to be restarted:
sudo service apache2 restartVerify that phpMyAdmin is working by visiting:
http://IP_of_the_server/phpmyadmin
4. Security
Unfortunately, older versions of phpMyAdmin have had serious security vulnerabilities, including allowing remote users to eventually exploit root on the underlying virtual private server. One can prevent a majority of these attacks through a simple process: locking down the entire directory with Apache's native user/password restrictions which will prevent these remote users from even attempting to exploit older versions of phpMyAdmin.
Set Up the .htaccess File
Secure your phpMyAdmin directory using an .htaccess file that only allows specified IP addresses to access it. You can do this by creating an .htaccess file in your phpmyadmin directory. Substitute the proper paths and IP addresses for your particular configuration.
sudo nano /etc/phpmyadmin/apache.conf Add the following lines:
order allow,deny
allow from your_IP_addressAccessing phpMyAdmin
To test phpMyAdmin, open your favorite browser and navigate to
http://IP_of_the_server/phpmyadmin
You will be prompted for a username and password. Use the username “root” and the password you specified when you installed MySQL. Alternatively, you can log in using any MySQL user and retain their permissions.
If you can successfully log in, phpMyAdmin has been installed properly.
foot
Feel free to join our constantly expanding community, participate in discussions, strengthen your knowledge on Linux and Windows server management!
© 2013 - 2024 Time4VPS. All rights reserved.