How to Install and Secure PhpMyAdmin Ubuntu 20.04
PhpMyAdmin is a free, open-source, web-based tool for managing MySQL and MariaDB databases. It is written in PHP and supports 72+ languages. It is designed for those who can not interact with MySQL through a command-line interface. PhpMyAdmin allows you to perform several database operations including, create, copy, rename, alter and drop databases, perform table maintenance, add, edit and drop fields, browse through databases and tables, export data to SQL, CSV, XML, Word, Excel, PDF and LaTeX formats, manage MySQL users and privileges, execute any SQL-statement and many more.
In this post, we will show you how to install and secure PhpMyAdmin on Ubuntu 20.04.
Table Of Contents
- Requirements
- Install MariaDB Database
- Install PhpMyAdmin
- Access phpMyAdmin
- Secure phpMyAdmin
- Disable Root Login
- Allow From Specific IP
- Password Protect phpMyAdmin Web UI
- Conclusion
Requirements
A server running Ubuntu 20.04.
A root password is set up on your server.
Install MariaDB Database
Before starting, the MariaDB database server must be installed in your server. If not installed, you can install it with the following command:
apt-get install mariadb-serverOnce the MariaDB is installed, start the MariaDB service and enable it to start at system reboot:
systemctl start mariadb systemctl enable mariadbInstall PhpMyAdmin
By default, the PhpMyAdmin package is included in the Ubuntu 20.04 default repository. You can install it using the following command:
apt-get install phpmyadminDuring the installation, you will be asked to select a web server to configure as shown below:
Select apache2 as a webserver and click on the Ok button. You will be asked to configure a database for phpMyAdmin with dbconfig-common as shown below:
Select Yes and hit Enter. You will be asked to set a password for the phpmyadmin user in MariaDB as shown below:
Provide your desired password and hit Enter to start the installation.
Once the installation is completed, a new database and a user named phpmyadmin are created with all necessary privileges to manage this database.
To check the privileges, connect to the MariaDB with the following command:
mysqlOnce connected, check the privileges using the following command:
MariaDB [(none)]> show grants for phpmyadmin@localhost;You should get the following output:
+-------------------------------------------------------------------------------------------------------------------+ | Grants for phpmyadmin@localhost | +-------------------------------------------------------------------------------------------------------------------+ | GRANT USAGE ON *.* TO `phpmyadmin`@`localhost` IDENTIFIED BY PASSWORD '*89FA6EAF8B6264AC8D6E84759027252505A3EAEE' | | GRANT ALL PRIVILEGES ON `phpmyadmin`.* TO `phpmyadmin`@`localhost` | +-------------------------------------------------------------------------------------------------------------------+ 2 rows in set (0.000 sec)Next, exit from the MariaDB with the following command:
MariaDB [(none)]> exit;Access phpMyAdmin
Now, open your web browser and access the phpMyAdmin web interface using the URL http://your-server-ip/phpmyadmin. You will be redirected to the phpMyAdmin login page:
Provide your phpMyAdmin username, password and click on the Go button. You should see the phpMyAdmin dashboard in the following page:
Secure phpMyAdmin
If you are working in a live production environment then security is very important. In this section, we will show you how to secure phpMyAdmin.
Disable Root Login
If any user has a root credential then he will have to access all databases on the server and it is crutial in term of security. So it is recommended to disable the root login on phpMyAdmin and create a separate user for each database.
You can disable the root login by editing the file config.inc.php:
nano /etc/phpmyadmin/config.inc.phpAdd the following line in the Authentication section:
/* Authentication type */ $cfg['Servers'][$i]['AllowRoot'] = 'false';Save and close the file then restart the Apache service to apply the changes:
systemctl restart apache2Allow From Specific IP
For security purposes, it is a good idea to allow the phpMyAdmin web interface to be accessed only from a specific IP address. So only trusted users get access to the phpMyAdmin web interface.
To allow phpMyAdmin from specific IP, edit the phpmyadmin.conf file:
nano /etc/apache2/conf-enabled/phpmyadmin.confAdd the following line below "DirectoryIndex index.php":
Require ip specific_ip_addressSave and close the file then restart the Apache service to apply the changes:
systemctl restart apache2Now, the only user from the specified IP address can access the phpMyAdmin web interface.
Password Protect phpMyAdmin Web UI
It is also recommended to add password protection to the phpMyAdmin page. This will add an extra layer of security.
First, create a user and password for authentication using the following command:
htpasswd -c /etc/phpmyadmin/.htpasswd myadminYou will be asked to set a password as shown below:
New password: Re-type new password: Adding password for user myadminThe above command will create a user named myadmin, set a password and save all details in the file /etc/phpmyadmin/.htpasswd.
Next, edit the phpMyAdmin main configuration file:
nano /etc/apache2/conf-enabled/phpmyadmin.confAdd the following lines below the line "DirectoryIndex index.php":
AllowOverride None AuthType Basic AuthName "Authentication Required" AuthUserFile /etc/phpmyadmin/.htpasswd Require valid-userSave and close the file then restart the Apache service to apply the changes:
systemctl restart apache2Now, try to access your phpMyAdmin web interface. You should see an authentication box as shown below:
Provide your username, password and click on the Sign In button. To access the phpMyAdmin interface.
Conclusion
In the above guide, you learned how to install phpMyAdmin on Ubuntu 20.04. You also learned how to secure your phpMyAdmin with different methods. I hope this guide will help you to secure your phpMyAdmin.
Related
Thank you for helping us improve!