How to Secure phpMyAdmin and install latest phpMyAdmin 4.4.14
Install and Secure phpMyAdmin 4.4.14 on CentOS, Red Hat, Fedora and Ubuntu
phpMyAdmin is tool to manage administration of MySQL or MariaDB , This tool is written in php language and it free and open source tool.We can create, modify and delete and run the mysql query in database.
Here this article will help in installation of latest phpMyAdmin tool version on different linux box like CentOS, Red Hat, Fedora and some points to secure phpMyAdmin from unnecessary activity. Latest phpMyAdmin version 126.96.36.199 is released on 2015-09-08 .
Find below steps to secure phpMyAdmin and Installation / Configuration of phpMyAdmin.
Install Remi Repository :
Currently phpMyAdmin latest version is updated on Remi Repository.So we are configuring through Remi repository.
We have already create steps to install Remi repository on our other post . Click on below link post to get installation of Remi repository on different version of Linux based OS.
Installing phpMyAdmin through remi :
After installing remi repository , run the below command to install phpMyAdmin .
# yum install phpMyAdmin –enablerepo=remi
Set up and Configure phpMyAdmin :
To configure phpMyAdmin , open the phpmyadmin configuration file thorugh below command.
My phpMyAdmin configuration file look like below.
Alias /phpMyAdmin /usr/share/phpMyAdmin Alias /phpmyadmin /usr/share/phpMyAdmin <Directory /usr/share/phpMyAdmin/> AddDefaultCharset UTF-8 <IfModule mod_authz_core.c> # Apache 2.4 Require local </IfModule> <IfModule !mod_authz_core.c> # Apache 2.2 Order Deny,Allow Deny from All Allow from 127.0.0.1 Allow from ::1 </IfModule> </Directory> <Directory /usr/share/phpMyAdmin/setup/> <IfModule mod_authz_core.c> # Apache 2.4 Require local </IfModule> <IfModule !mod_authz_core.c> # Apache 2.2 Order Deny,Allow Deny from All Allow from 127.0.0.1 Allow from ::1 </IfModule> </Directory>
You need to first know that which system should be allow to access that url , default phpMyAdmin is alllowed only from localhost or local server. We need to give our IP or network, which should allow to access phpmyadmin web url. Here I have check my public ip and allowed in configuratiion like below. We need to change on first part of section in /usr/share/phpMyAdmin .There will be Allow from 127.0.0.1 , replace your public ip or network with 127.0.0.1.
If you want to see your public IP , you can check through below online url.
Now edit the configuration file.
<Directory /usr/share/phpMyAdmin/> AddDefaultCharset UTF-8 <IfModule mod_authz_core.c> # Apache 2.4 Require local </IfModule> <IfModule !mod_authz_core.c> # Apache 2.2 Order Deny,Allow Deny from All # Replace here with your IP or Network.I have replace with 172.24.254.0/24 Allow from 172.24.254.0/24 Allow from ::1 </IfModule> </Directory>
After updating your phpMyAdmin configuration file you need to restart apache service on your server through below command.
# /etc/init.d/httpd restart
Access URL for phpMyAdmin :
You can access your phpMyAdmin url like below url , you need to replace with domain name with your domain name . Replace www.techtransit.org to your domain name.
How to Secure phpMyAdmin ?
As we have seen sometimes in server there were some unusual request to access phpMyAdmin like /phpmyadmin or /pma . To avoid uncecessary activity , we are sharing some points to secure phpMyAdmin.
- Change Alias name :
Edit your phpmyadmin configuration file and change alias access name like below.
From Alias /phpMyAdmin /usr/share/phpMyAdmin Alias /phpmyadmin /usr/share/phpMyAdmin To Alias /techdbadmin /usr/share/phpMyAdmin Alias /techdbadmin /usr/share/phpMyAdmin
- Not allow remote logins , important thing is if you need like root permissions, create a mysql user which have permission to add , create and drop privileges and don’t give grant or file_priv permission.
- Try to configure url with SSL or Self signed SSL .
- Try to allow through IP Address like we have set in installation configuration , that is allow from IP. Which should be trusted network.
- Firewall port 3306 is only allow for trusted network.
- Not allow to access phpMyAdmin through shared ip or predictable file location like http://Your-server-ip/phpmyadmin.