Tutorial

How To Install and Secure phpMyAdmin on Debian 7

Published on November 11, 2013
Default avatar

By Adam LaGreca

How To Install and Secure phpMyAdmin on Debian 7
Not using Debian 7?Choose a different version or distribution.
Debian 7

phpMyAdmin

phpMyAdmin is a free web software to work with MySQL on the web. It provides a convenient visual front end to the MySQL capabilities.

Setup

Before working with phpMyAdmin, you need to have LAMP installed on your server. If you don't have the Linux, Apache, MySQL, PHP stack on your server, you can find the tutorial for setting it up here.

Once you have the user and required software, you can start installing phpMyAdmin on your VPS!

Install phpMyAdmin

The easiest way to install phpmyadmin is through apt-get:

sudo apt-get install phpmyadmin

During the installation, phpMyAdmin will walk you through a basic configuration. Once the process starts up, follow these steps:

  • Select Apache2 for the server
  • Choose YES when asked about whether to Configure the database for phpmyadmin with dbconfig-common
  • Enter your MySQL password when prompted
  • Enter the password that you want to use to log into phpmyadmin

After the installation has completed, add phpmyadmin to the apache configuration.

sudo nano /etc/apache2/apache2.conf

Add the phpmyadmin config to the file.

Include /etc/phpmyadmin/apache.conf

Restart apache:

sudo service apache2 restart

You can then access phpmyadmin by going to youripaddress/phpmyadmin. The screen should look like this.

Security

Unfortunately, older versions of phpMyAdmin have had serious security vulnerabilities, including allowing remote users to eventually exploit root on the underlying virtual private server. One can prevent a majority of these attacks through a simple process: locking down the entire directory with Apache's native user/password restrictions which will prevent these remote users from even attempting to exploit older versions of phpMyAdmin.

Set Up the .htaccess File

To set this up, start off by allowing the .htaccess file to work within the phpmyadmin directory. You can accomplish this in the phpmyadmin configuration file:

sudo nano /etc/phpmyadmin/apache.conf 

Under the directory section, add the line “AllowOverride All” under “Directory Index”, making the section look like this:

<Directory /usr/share/phpmyadmin>
        Options FollowSymLinks
        DirectoryIndex index.php
        AllowOverride All
        [...]

Configure the .htaccess file

With the .htaccess file allowed, we can proceed to set up a native user whose login would be required to even access the phpmyadmin login page.

Start by creating the .htaccess page in the phpmyadmin directory:

sudo nano /usr/share/phpmyadmin/.htaccess

Follow up by setting up the user authorization within .htaccess file. Copy and paste the following text in:

AuthType Basic
AuthName "Restricted Files"
AuthUserFile /path/to/passwords/.htpasswd
Require valid-user

Below you’ll see a quick explanation of each line:

  • AuthType: This refers to the type of authentication that will be used to the check the passwords. The passwords are checked via HTTP and the keyword Basic should not be changed.
  • AuthName: This is text that will be displayed at the password prompt. You can put anything here.
  • AuthUserFile: This line designates the server path to the password file (which we will create in the next step.)
  • Require valid-user: This line tells the .htaccess file that only users defined in the password file can access the phpMyAdmin login screen.

Create the htpasswd file

Now we will go ahead and create the valid user information.

Start by creating a htpasswd file. Use the htpasswd command, and place the file in a directory of your choice as long as it is not accessible from a browser. Although you can name the password file whatever you prefer, the convention is to name it .htpasswd.

sudo htpasswd -c /path/to/passwords/.htpasswd username

A prompt will ask you to provide and confirm your password.

Once the username and passwords pair are saved you can see that the password is encrypted in the file.

Finish up by restarting apache:

sudo service apache2 restart

Accessing phpMyAdmin

phpMyAdmin will now be much more secure since only authorized users will be able to reach the login page. Accessing youripaddress/phpmyadmin should display a screen like this.

Fill it in with the username and password that you generated. After you login you can access phpmyadmin with the MySQL username and password.

By Adam LaGreca

Thanks for learning with the DigitalOcean Community. Check out our offerings for compute, storage, networking, and managed databases.

Learn more about us


About the authors
Default avatar
Adam LaGreca

author

Still looking for an answer?

Ask a questionSearch for more help

Was this helpful?
 
10 Comments


This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Hello. I have done this properly but I have an internal error 500. PHPMYADMIN has worked properly before this. How should I fix it ?

hello, i a, using this software : AlienSkin Software Photo Bundle any review it please !

Thanks for this. Fixed an issue I was having with phpMyAdmin in a Wordpress install on GCP.

I followed the remainder of the guide https://www.digitalocean.com/community/tutorials/how-to-install-and-secure-phpmyadmin-on-debian-7 When I go to the page myip/phpmyadmin/ it goes straight to the phpmyadmin login and not the login that was set up with the .htaccess and htpasswd file that were setup as described on the above page.

I followed this guide to install on Debian 8. It seemed to work, however I did not get asked for a password so I can log in to it or I somehow skipped that question. Do you know how I can go back and add the password to log in?

Hello, can anyone please help? I get this error aafter i add the include thing in the buttom. It saays i cant restart apache 2 and says there more info, but i cant see the info. :/ Help pleaase

Is there a way to update phpmyadmin to the latest version? the Version that gets installed is donkey years old!

Hi! Instead of getting to phpmyadmin page, browser starts download file… what it could be?

Hello I followed your steps above. However I am getting the error:

#1045 Cannot log in to the MySQL server

Can you advise how to fix this?

Error to create the htpasswd file

sudo htpasswd -c /var/www/.htpasswd root sudo: htpasswd: command not found

any solutions? thanks

Try DigitalOcean for free

Click below to sign up and get $200 of credit to try our products over 60 days!

Sign up

Join the Tech Talk
Success! Thank you! Please check your email for further details.

Please complete your information!

Get our biweekly newsletter

Sign up for Infrastructure as a Newsletter.

Hollie's Hub for Good

Working on improving health and education, reducing inequality, and spurring economic growth? We'd like to help.

Become a contributor

Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.

Welcome to the developer cloud

DigitalOcean makes it simple to launch in the cloud and scale up as you grow — whether you're running one virtual machine or ten thousand.

Learn more
DigitalOcean Cloud Control Panel