This article covers a version of Ubuntu that is no longer supported. If you are currently operate a server running Ubuntu 12.04, we highly recommend upgrading or migrating to a supported version of Ubuntu:
Reason: Ubuntu 12.04 reached end of life (EOL) on April 28, 2017 and no longer receives security patches or updates. This guide is no longer maintained.
This guide might still be useful as a reference, but may not work on other Ubuntu releases. If available, we strongly recommend using a guide written for the version of Ubuntu you are using. You can use the search functionality at the top of the page to find a more recent version.
phpMyAdmin is an free web software to work with MySQL on the web—it provides a convenient visual front end to the MySQL capabilities.
The steps in this tutorial require the user to have root privileges on your virtual private server. You can see how to set that up here in steps 3 and 4.
Before working with phpMyAdmin you need to have LAMP installed on your server. If you don't have the Linux, Apache, MySQL, PHP stack on your server, you can find the tutorial for setting it up here.
Once you have the user and required software, you can start installing phpMyAdmin on your VPS!
The easiest way to install phpmyadmin is through apt-get:
sudo apt-get install phpmyadmin apache2-utils
During the installation, phpMyAdmin will walk you through a basic configuration. Once the process starts up, follow these steps:
After the installation has completed, add phpmyadmin to the apache configuration.
sudo nano /etc/apache2/apache2.conf
Add the phpmyadmin config to the file.
sudo service apache2 restart
You can then access phpmyadmin by going to youripaddress/phpmyadmin. The screen should look like this
Unfortunately older versions of phpMyAdmin have had serious security vulnerabilities including allowing remote users to eventually exploit root on the underlying virtual private server. One can prevent a majority of these attacks through a simple process: locking down the entire directory with Apache's native user/password restrictions which will prevent these remote users from even attempting to exploit older versions of phpMyAdmin.
To set this up start off by allowing the .htaccess file to work within the phpmyadmin directory. You can accomplish this in the phpmyadmin configuration file:
sudo nano /etc/phpmyadmin/apache.conf
Under the directory section, add the line “AllowOverride All” under “Directory Index”, making the section look like this:
<Directory /usr/share/phpmyadmin> Options FollowSymLinks DirectoryIndex index.php AllowOverride All [...]
With the .htaccess file allowed, we can proceed to set up a native user whose login would be required to even access the phpmyadmin login page.
Start by creating the .htaccess page in the phpmyadmin directory:
sudo nano /usr/share/phpmyadmin/.htaccess
Follow up by setting up the user authorization within .htaccess file. Copy and paste the following text in:
AuthType Basic AuthName "Restricted Files" AuthUserFile /etc/apache2/.phpmyadmin.htpasswd Require valid-user
Below you’ll see a quick explanation of each line
Now we will go ahead and create the valid user information.
Start by creating a htpasswd file. Use the htpasswd command, and place the file in a directory of your choice as long as it is not accessible from a browser. Although you can name the password file whatever you prefer, the convention is to name it .htpasswd.
sudo htpasswd -c /etc/apache2/.phpmyadmin.htpasswd username
A prompt will ask you to provide and confirm your password.
Once the username and passwords pair are saved you can see that the password is encrypted in the file.
FInish up by restarting apache:
sudo service apache2 restart
phpMyAdmin will now be much more secure since only authorized users will be able to reach the login page. Accessing youripaddress/phpmyadmin should display a screen like this.
Fill it in with the username and password that you generated. After you login you can access phpmyadmin with the MySQL username and password.
Thanks for learning with the DigitalOcean Community. Check out our offerings for compute, storage, networking, and managed databases.
Join our DigitalOcean community of over a million developers for free! Get help and share knowledge in our Questions & Answers section, find tutorials and tools that will help you grow as a developer and scale your project or business, and subscribe to topics of interest.Sign up now
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
Just a few comments for anyone who might be struggling:
Configure the .htaccess file: AuthUserFile /path/to/passwords needs to be: AuthUserFile /path/to/passwords/.htpasswd
Create the htpasswd file: sudo htpasswd -c /path/to/passwords/.htpasswd username
Accessing phpMyAdmin: Before this will work, you need to restart the server again sudo service apache2 restart
Of all the guides on how to set this up out there, this one is GOLD! There was one point I got stuck on: when trying to make the password file for htpasswd I kept getting “sudo: htpasswd: command not found”. Turns out it was never installed with apache2. To fix this, install the utilities:
I’ve had an error “htpasswd command not found”. I fixed it by installing the apache2-utils package like so: sudo apt-get install apache2-utils
P.S. Thank you very much for great tutorials. It helps a lot
Hi, I recently wrote a pretty in depth guide for installing phpMyAdmin in Ubuntu.
Dunno if I can share it here or not but here goes. http://draalin.com/installing-phpmyadmin-in-ubuntu/
If you have any issues just send me a message.
Also get this : “cannot create file /path/to/passwords/.htpasswd”. while following exactly your steps
I have the same problem as austin, after doing the extra security steps I have a 500 error. Anyone who can explain? Thanks!
Hello! Whenever I go to my ip/phpmyadmin and login, I get a message. “Internal Server Error 500” Can someone please help me?
Try the username “root”
Adding “Include /etc/phpmyadmin/apache.conf” leads to the following error: “[warn] The Alias directive in /etc/phpmyadmin/apache.conf at line 3 will probably never match because it overlaps an earlier Alias.” when restarting Apache.
Commenting it out again resolves this issue.
after I use this “sudo htpasswd -c /path/to/passwords/.htpasswd username” I got this message “cannot create file /path/to/passwords/.htpasswd”. I thought I followed the steps.