How to Install and Secure phpMyAdmin on Ubuntu 14.04 and 16.04
- A new Vultr Ubuntu 14.04 or 16.04 server instance.
- A static server IP (this is your main Vultr server IP).
- A non-root server user with
- A full LAMP stack install (follow this Vultr guide to get it installed)
Step 1: Downloading and Installing phpMyAdmin
apt repository and install phpMyAdmin.
sudo apt-get update sudo apt-get install phpmyadmin
Now, answer the prompts for the installation.
On the first prompt, you MUST press "
SPACE", then "
TAB", and then "
ENTER" to select Apache. (If you don't, your install will be configured incorrectly. )
YESwhen prompted on whether or not to use
dbconfig-commonfor database setup
- Enter your MySQL/Database admin password
- Select your new
Apache Setup and Restart
PhpMyAdmin automatically adds it's config file to Apache, so it doesn't require additional configuration.
However, you need to enable
mcrypt for Apache.
sudo php5enmod mcrypt
Then, just restart apache.
sudo service apache2 restart
The phpMyAdmin interface is now running, and you can access it at the URL below.
Log in with the
root user, using the password you created earlier.
Step 2: Securing phpMyAdmin
PhpMyAdmin is very easy to install, but it's a huge target for hackers and malicious people because of it's popularity. We will now secure phpMyAdmin against most attacks.
First, allow Apache to accept
.htaccess permission overrides. Just edit the file that was placed in Apache's config directory.
sudo nano /etc/apache2/conf-available/phpmyadmin.conf
AllowOverride All inside
<Directory /usr/share/phpmyadmin> within the config file.
<Directory /usr/share/phpmyadmin> Options FollowSymLinks DirectoryIndex index.php AllowOverride All
Now, save and close
phpmyadmin.conf by pressing "
CTRL+O", then "
ENTER" and finally "
As before, restart Apache.
sudo service apache2 restart
overrides/.htaccess files are allowed, we'll create one to provide the actual security.
Create and edit the file.
sudo nano /usr/share/phpmyadmin/.htaccess
Enter the following info.
AuthType Basic AuthName "Restricted Files" AuthUserFile /etc/phpmyadmin/.htpasswd Require valid-user
Close and save the file.
Now that we've told Apache we want to protect phpMyAdmin with a password, we need to create the file to tell Apache what password to accept.
Install an extra package to help us do this.
sudo apt-get install apache2-utils
We now have the
.htpasswd file and the first user/login for it like this.
sudo htpasswd -c /etc/phpmyadmin/.htpasswd <username>
<username> with the username you'd like to use. It will ask you to enter the password you would like to use for the user. Choose and confirm the password.
http://192.0.2.0/phpmyadmin. You will be asked for the username and password you just created. After entering the new username/password, you can then log in with your existing account from earlier.
You now have phpMyAdmin - one of the best, free web interfaces to manage your MySQL database without the command line.