Learn How To Install and Secure phpMyAdmin on Ubuntu 14.04 and 16.04
Table of Contents
Prerequisites
- A new IT Web Services Ubuntu 14.04 or 16.04 server instance.
- A static server IP (this is your main IT Web Services server IP).
- A non-root server user with
sudoprivileges.
https://www.itweb.services/tutorials/linux-guides/how-to-install-apache-mysql-and-php-on-ubuntu”>this IT Web Services guide to get it installed)
Step 1: Downloading and Installing phpMyAdmin
Starting Installation
Update Ubuntu’s apt repository and install phpMyAdmin.
sudo apt-get update
sudo apt-get install phpmyadmin
Installation Process
Now, answer the prompts for the installation.
WARNING:
On the first prompt, you MUST press “
SPACE“, then “TAB“, and then “ENTER” to select Apache. (If you don’t, your install will be configured incorrectly. )
- Select
apache2 - Select
YESwhen prompted on whether or not to usedbconfig-commonfor database setup - Enter your MySQL/Database admin password
- Select your new
phpMyAdminpassword
Apache Setup and Restart
PhpMyAdmin automatically adds it’s config file to Apache, so it doesn’t require additional configuration.
However, you need to enable mcrypt for Apache.
sudo php5enmod mcrypt
Then, just restart apache.
sudo service apache2 restart
Finishing Install
The phpMyAdmin interface is now running, and you can access it at the URL below.
http://192.0.2.0/phpmyadmin
Log in with the root user, using the password you created earlier.
Step 2: Securing phpMyAdmin
PhpMyAdmin is very easy to install, but it’s a huge target for hackers and malicious people because of it’s popularity. We will now secure phpMyAdmin against most attacks.
Allow .htaccess Overrides
First, allow Apache to accept .htaccess permission overrides. Just edit the file that was placed in Apache’s config directory.
sudo nano /etc/apache2/conf-available/phpmyadmin.conf
Add AllowOverride All inside <Directory /usr/share/phpmyadmin> within the config file.
<Directory /usr/share/phpmyadmin>
Options FollowSymLinks
DirectoryIndex index.php
AllowOverride All
Now, save and close phpmyadmin.conf by pressing “CTRL+O“, then “ENTER” and finally “CTRL+X“.
As before, restart Apache.
sudo service apache2 restart
Create a .htaccess file
Now that overrides/.htaccess files are allowed, we’ll create one to provide the actual security.
Create and edit the file.
sudo nano /usr/share/phpmyadmin/.htaccess
Enter the following info.
AuthType Basic
AuthName "Restricted Files"
AuthUserFile /etc/phpmyadmin/.htpasswd
Require valid-user
Close and save the file.
Create a .htpasswd file
Now that we’ve told Apache we want to protect phpMyAdmin with a password, we need to create the file to tell Apache what password to accept.
Install an extra package to help us do this.
sudo apt-get install apache2-utils
We now have the htpasswd utility.
Create the .htpasswd file and the first user/login for it like this.
sudo htpasswd -c /etc/phpmyadmin/.htpasswd <username>
Replace <username> with the username you’d like to use. It will ask you to enter the password you would like to use for the user. Choose and confirm the password.
Now, access http://192.0.2.0/phpmyadmin. You will be asked for the username and password you just created. After entering the new username/password, you can then log in with your existing account from earlier.
Conclusion
You now have phpMyAdmin – one of the best, free web interfaces to manage your MySQL database without the command line.
Need help?
Do you need help setting up this on your own service?
Please contact us and we’ll provide you the best possible quote!