How to secure phpmyadmin in Ubuntu

Last updated : Dec 11, 2021

In this post you will know how to secure phpmyadmin in Apache server.


In todays world when everything is going online and has almost gone online, it is very important to secure web applications. Apache web server is the most common server used to serve resources such as entire website, music files, movies etc in web programming.

And as it is very well known that LAMP stack is a very famous and most used web app stack, so in this stack MYsql is the DBMS used commonly for managing database. So we will try to enlist some tips and tricks to save and secure phpmyadmin which is used to access the database.

Following are some points :

  1. Firstly and most important always use HTTPS in your website's url because it provides an extra layer of protection in addition of username and password.

  2. Secondly, always change the url of your phpmyadmin. By default it is always 'http://ip_address/phpmyadmin' so make sure you change and make it some appropriate url so that it is difficult to assume. Following are the steps to change phpmyadmin url in Linux :

    • Connect to your server via ssh utility.

    • edit /etc/phpmyadmin/apache.conf, for that type

      nano /etc/phpmyadmin/apache.conf

    • press Ctrl+W and type word Alias, after finding the statement you will see the default path /phpmyadmin, now comment that and you can change it whatever you want to but always an encrypted string because it is little long and difficult to assume. For eg. Alias /rwma1THi2WWC /usr/share/phpmyadmin

    • Done.

  3. While installing mysql always disallow root login, it means that you should never allow user name 'root' as you final username while your app is in production because it becomes very easy for malicious programmer to gain access

  4. Always use a strong password for login with a combination of alphabets, numbers, special chars and upper case letters.

  5. Always give permissions to users who are reliable. You can manage permissions like listed below :

    • Grant all permission to admin

    • Grant select, insert permission to programmers

    • Grant select permission to client while app is in development.

After all these steps, never forget to reload apache2 in Linux. For restarting type command

systemctl restart apache2

These were some tips and tricks you can use to protect database online. But you despite following these steps you should keep an eye on database actions and always update these things such as url, passwords, usernames after certain period of time as per the situation is.

In next article you will learn how you can setup server using PHP, Linux, MYSQL and Apache if you are planning to buy cloud hosting such as Digital Ocean.

Repository pattern in laravel wit...

How video streaming works on the ...

Setup react and express on same s...

How neurons in brain function

How to create custom router in PHP

Run C++ as CGI script in web brow...

Real time chat application using ...

How to setup lemp stack in ubuntu...

How to create real time notificat...

How to create simple api in node ...

Task scheduling with cron job in ...

How to use modules in Javascript

Create a multi language(lingual) ...

Create food ordering app - Foody ...

Linear Regression in machine lear...

Create simple web application in ...

Why algorithms can drive the indu...

Why Javascript frameworks are imp...

Create authenticated API in Larav...

Create simple and static website ...

Setup Pusher app

Laravel Installation and setting ...

Realtime chat application in Lara...

Working of neurons (the easy way)

Progressive web app

Sign in for comment. Sign in