Learn How To Install and Secure phpMyAdmin on Ubuntu 14.04 and 16.04

April 4, 2020

Table of Contents

Prerequisites

  • A new IT Web Services Ubuntu 14.04 or 16.04 server instance.
  • A static server IP (this is your main IT Web Services server IP).
  • A non-root server user with sudo privileges.
  • https://www.itweb.services/tutorials/linux-guides/how-to-install-apache-mysql-and-php-on-ubuntu”>this IT Web Services guide to get it installed)

Step 1: Downloading and Installing phpMyAdmin

Starting Installation

Update Ubuntu’s apt repository and install phpMyAdmin.

sudo apt-get update
sudo apt-get install phpmyadmin

Installation Process

Now, answer the prompts for the installation.

WARNING:

On the first prompt, you MUST press “SPACE“, then “TAB“, and then “ENTER” to select Apache. (If you don’t, your install will be configured incorrectly. )

  • Select apache2
  • Select YES when prompted on whether or not to use dbconfig-common for database setup
  • Enter your MySQL/Database admin password
  • Select your new phpMyAdmin password

Apache Setup and Restart

PhpMyAdmin automatically adds it’s config file to Apache, so it doesn’t require additional configuration.

However, you need to enable mcrypt for Apache.

sudo php5enmod mcrypt

Then, just restart apache.

sudo service apache2 restart

Finishing Install

The phpMyAdmin interface is now running, and you can access it at the URL below.

http://192.0.2.0/phpmyadmin

Log in with the root user, using the password you created earlier.


Step 2: Securing phpMyAdmin

PhpMyAdmin is very easy to install, but it’s a huge target for hackers and malicious people because of it’s popularity. We will now secure phpMyAdmin against most attacks.

Allow .htaccess Overrides

First, allow Apache to accept .htaccess permission overrides. Just edit the file that was placed in Apache’s config directory.

sudo nano /etc/apache2/conf-available/phpmyadmin.conf

Add AllowOverride All inside <Directory /usr/share/phpmyadmin> within the config file.

<Directory /usr/share/phpmyadmin>
    Options FollowSymLinks
    DirectoryIndex index.php
    AllowOverride All

Now, save and close phpmyadmin.conf by pressing “CTRL+O“, then “ENTER” and finally “CTRL+X“.

As before, restart Apache.

sudo service apache2 restart

Create a .htaccess file

Now that overrides/.htaccess files are allowed, we’ll create one to provide the actual security.

Create and edit the file.

sudo nano /usr/share/phpmyadmin/.htaccess

Enter the following info.

AuthType Basic
AuthName "Restricted Files"
AuthUserFile /etc/phpmyadmin/.htpasswd
Require valid-user

Close and save the file.

Create a .htpasswd file

Now that we’ve told Apache we want to protect phpMyAdmin with a password, we need to create the file to tell Apache what password to accept.

Install an extra package to help us do this.

sudo apt-get install apache2-utils

We now have the htpasswd utility.

Create the .htpasswd file and the first user/login for it like this.

sudo htpasswd -c /etc/phpmyadmin/.htpasswd <username>

Replace <username> with the username you’d like to use. It will ask you to enter the password you would like to use for the user. Choose and confirm the password.

Now, access http://192.0.2.0/phpmyadmin. You will be asked for the username and password you just created. After entering the new username/password, you can then log in with your existing account from earlier.

Conclusion

You now have phpMyAdmin – one of the best, free web interfaces to manage your MySQL database without the command line.

Need help?

Do you need help setting up this on your own service?
Please contact us and we’ll provide you the best possible quote!