Question

How to secure phpmyadmin on Wordpress Droplet?

I followed the tutorial linked below to install phpmyadmin on my test wordpress droplet. However now when you go to the IP address for the droplet /phpmyadmin you can access the login screen for phpmyadmin (shown below). Is there a way to hide this in a sense? I don’t want anyone to be able to go to the IP address for the droplet /phpmyadmin and be able to access it. I followed the instructions in the tutorial on how to secure it so it requires extra login credentials but I still want to hide it in a sense from the public. How can I do this?

PHPmyadmin link: http://67.205.188.51/phpmyadmin/

Tutorial: https://www.digitalocean.com/community/tutorials/how-to-install-and-secure-phpmyadmin-on-ubuntu-18-04


Submit an answer

This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Want to learn more? Join the DigitalOcean Community!

Join our DigitalOcean community of over a million developers for free! Get help and share knowledge in Q&A, subscribe to topics of interest, and get courses and tools that will help you grow as a developer and scale your project or business.

There’s never enough security :) The tutorial walks you through the bare minimum as not doing that minimum will almost definitely lead to some kind of exploit being used against you.

I did have at least one more suggestion and that would be to change the URL from /phpmyadmin to /somethinglessobvious, that way itd be even less likely anyone would ever see that you had a protected page up and wonder about it.

Cheers and good luck!

Hi,

Good job getting as far as you have. I checked out the tutorial you linked and the very last step it illustrates is for something known generally as “http authentication.” This is the username/password login box that pops up in the browser:

https://assets.digitalocean.com/articles/phpmyadmin_1404/apache_auth.png Example graphic from tutorial

Were you able to follow all of the steps in the tutorial, including Step 3?

Step 3 — Securing Your phpMyAdmin Instance

This will provide a password prompt before the phpmyadmin page loads, effectively “hiding” it from the public.

If you did follow all the steps, sometimes your browser can cache or save the HTTP AUTH information you entered in previously - try accessing your phpmyadmin from a private or incognito browser window to test if you get a fresh login popup.

Hope this helps and good luck! Let us know how it goes.