How to secure phpmyadmin in Ubuntu

In this post you will know how to secure phpmyadmin in Apache server.

In todays world when everything is going online and has almost gone online, it is very important to secure web applications. Apache web server is the most common server used to serve resources such as entire website, music files, movies etc in web programming.

And as it is very well known that LAMP stack is a very famous and most used web app stack, so in this stack MYsql is the DBMS used commonly for managing database. So we will try to enlist some tips and tricks to save and secure phpmyadmin which is used to access the database.

Following are some points :

1. Firstly and most important always use HTTPS in your website's url because it provides an extra layer of protection in addition of username and password.

2. Secondly, always change the url of your phpmyadmin. By default it is always 'http://ip_address/phpmyadmin' so make sure you change and make it some appropriate url so that it is difficult to assume. Following are the steps to change phpmyadmin url in Linux :

   • Connect to your server via ssh utility.

   • edit /etc/phpmyadmin/apache.conf, for that type

     nano /etc/phpmyadmin/apache.conf

   • press Ctrl+W and type word Alias, after finding the statement you will see the default path /phpmyadmin, now comment that and you can change it whatever you want to but always an encrypted string because it is little long and difficult to assume. For eg. Alias /rwma1THi2WWC /usr/share/phpmyadmin

   • Done.

3. While installing mysql always disallow root login, it means that you should never allow user name 'root' as you final username while your app is in production because it becomes very easy for malicious programmer to gain access

4. Always use a strong password for login with a combination of alphabets, numbers, special chars and upper case letters.

5. Always give permissions to users who are reliable. You can manage permissions like listed below :

   • Grant all permission to admin

   • Grant select, insert permission to programmers

   • Grant select permission to client while app is in development.

After all these steps, never forget to reload apache2 in Linux. For restarting type command

systemctl restart apache2

These were some tips and tricks you can use to protect database online. But you despite following these steps you should keep an eye on database actions and always update these things such as url, passwords, usernames after certain period of time as per the situation is.

In next article you will learn how you can setup server using PHP, Linux, MYSQL and Apache if you are planning to buy cloud hosting such as Digital Ocean.