How to Install phpMyAdmin Securely on Linux

choubertsprojects

VPN offers!

1. NordVPN

2. Surfshark

3. ExpressVPN

You should always install anything you’re using on a hosting account and as such, if your website is hosted by our Linux server, then phpMyAdmin must be installed. But where does it go? To the Apache web directory (/var/www/html) or to another directory (like /usr)?

The “how to install phpmyadmin ubuntu” is a guide that provides information on how to install phpMyAdmin securely on Linux. The article also includes instructions for installing the software in other Linux distributions such as Debian, Ubuntu, and CentOS.

How to Install phpMyAdmin Securely on Linux

[*]

Do you administer MySQL servers and databases on Linux, and do you agree that command-line administration isn’t for everyone? Wouldn’t it be good to spend less time working out MySQL commands and more time using a front-end administration GUI? For you, phpMyAdmin would be an ideal choice. Continue reading to find out how to set up phpMyAdmin!

phpMyAdmin is a web-based interface for MySQL that makes database maintenance simple and accessible with only a few clicks. To get you started, you’ll learn how to install and setup phpMyAdmin in this article.

By the Conclusion of this course, you’ll no longer be dropping database tables by mistake! Let’s find out how to rescue your employment, shall we?

Prerequisites

You’ll need the following materials to follow along with this guide:

  • You’ll need Ubuntu Server 18.04 to get started (or higher).

Related: [Step-by-Step] How to Install Ubuntu 20.04

How to Configure the SSH Google Chrome Extension

phpMyAdmin installation

On Ubuntu, there are various methods to install phpMyAdmin. The default advanced package program, or apt, is the fastest and most popular way of installation. Install phpMyAdmin by following the instructions below.

1. Log in to the Ubuntu server using your SSH client.

2. Then, to refresh your server’s package repository sources cache, perform the following command. You’ll be installing the most recent available versions of the program afterwards if you do this.

The update command may take several minutes to execute depending on your server’s internet connection and system load.

The package repository sources cache has been updated. The package repository sources cache has been updated.

3. Next, use the apt install command to install the phpmyadmin, php-mbstring, and php-gettext packages, as well as the phpmyadmin package.

apt install sudo phpmyadmin php-mbstring php-gettext -y phpmyadmin php-mbstring php-gettext -y phpmyadmin php

4. During the installation of phpMyAdmin, you will be asked a series of questions that are required for the phpMyAdmin configuration.

On the webserver setup screen, use the arrow keys to move the cursor to apache2 and then hit the SPACE bar to select it. An asterisk [*] character should display next to your pick. After you’ve made your choice, hit Enter.

The webserver is set to apache2. The webserver is set to apache2.

5. The next screen asks you to install and configure the phpMyAdmin database, make sure that <Yes> is highlighted, and press Enter to confirm.

Confirming the installation of the phpMyAdmin database Confirming the installation of the phpMyAdmin database

6. The installation procedure generates a new MySQL user account called phpMyAdmin; enter the new account password at the password prompt and hit Enter. Consider using a strong password for further protection.

Creating a new password for phpMyAdmin Creating a new password for phpMyAdmin

7. Re-type the phpMyAdmin password and hit Enter on the next Password confirmation box. Allow for the settings to finish and the command prompt to appear.

Creating a new password and verifying it Creating a new password and verifying it

8. After the installation completes, verify that the phpMyAdmin Apache configuration file /etc/apache2/conf-enabled/phpmyadmin.conf exists by running the command below.

ls /etc/apache2/conf-enabled/ /etc/apache2/conf-enabled/ /etc/apache2/conf-en

The phpMyAdmin settings are stored in the phpmyadmin.conf file, which includes the installation directory and the database server to use. In most circumstances, you won’t need to manually change this file.

Listing the contents of the /etc/apache2/conf-enabled directory Listing the contents of the /etc/apache2/conf-enabled directory

9. To verify that the phpMyAdmin configuration is properly interpreted by the webserver, use the command below to activate the mbstring PHP extension.

10. To make the modifications take effect, use the following command to restart the webserver service.

sudo systemctl apache2 restart

Controlling Systemd services using Ubuntu systemctl is a related topic.

11. Finally, execute the command below to verify that the webserver is up and functioning.

sudo systemctl apache2 status

You’ll receive something like the screenshot below. The Apache webserver service is operational, as you can see (running).

Checking your web server's status Checking your web server’s status

Creating a Privileged Account for phpMyAdmin

The setup procedure for phpMyAdmin generates a default MySQL user account named phpmyadmin as part of the installation process. However, this user has just privileged access to the phpMyAdmin database and no global administrator privileges.

Creating a new privileged account with a specific username is more practical than upgrading the ordinary user’s access. Why? Because hackers are more likely to target default user accounts.

Follow these steps to establish a new dedicated privileged management account.

1. Run the following command from the terminal to access the MySQL shell.

Alternatively, you may use the following command to connect to MySQL as the root user:

2. On MySQL> prompt, run the CREATE USER statement below to create a new user with the name ata and the password is pa$$word. Feel free to replace the username and password as you see fit.

CREATE USER ‘ata’@’localhost’ WITH ‘pa$word’ AS IDENTIFIER;

The user creation was successful, as seen in the image below.

Creating a MySQL user account for the first time Creating a MySQL user account for the first time

3. Finally, execute the GRANT ALL PRIVILEGES command. This command grants full access to all databases to the user ata. The WITH GRANT OPTION clause adds the possibility for this user to grant rights to other users.

GRANT ‘ata’@’localhost’ ALL PRIVILEGES ON *.* WITH THE GRANT OPTION;

A user's global privileges are granted to them. A user’s global privileges are granted to them.

4. Exit the MySQL shell now that the user has been established and the rights have been provided.

Using the phpMyAdmin Web Portal to Login

Now that you’ve completed all of the installation and setup chores, it’s time to see whether everything works as planned.

1. On your PC, open a new browser window.

2. Go to http://your domain or IP/phpmyadmin, where your domain or IP is the IP address of your phpMyAdmin server or the DNS record pointing to it.

3. On the Welcome to phpMyAdmin screen that appears, key in the username and password you established before and click Go.

Using phpMyAdmin to log in Using phpMyAdmin to log in

You should now see the phpMyAdmin interface, as seen below, after you’ve signed in.

The phpMyAdmin web interface The phpMyAdmin web interface

4. Click the Database tab to get a list of all the databases on the server and verify the account’s rights. Then, to the right of any database name, select the Check privileges link.

Examining the account's capabilities Examining the account’s capabilities

As you can see in the screenshot below, the ata account has full access to this database. As a result of that permission, this user account has access to the Add user account feature, which allows you to provide rights to other users.

Viewing the list of people who have access to the database Viewing the list of people who have access to the database

Protecting the phpMyAdmin Site with a Password

phpMyAdmin is a common target for hackers due to its widespread usage. It’s critical to put certain safeguards in place to secure your installation.

Placing a gateway in front of the whole program is one of the easiest methods to secure access to the phpMyAdmin installation. And doing so necessitates using the AllowOverride directive to implement Apache’s built-in.htaccess authentication and authorisation mechanisms.

By putting the necessary directives in a.htaccess file, you may boost security even further by blocking non-existent users from accessing the phpMyAdmin page. Follow these steps to put this security precaution in place.

1. Open the terminal and run the command below to begin modifying the phpMyAdmin configuration file.

/etc/apache2/conf-available/phpmyadmin.conf sudo nano

2. Next, find the <Directory /usr/share/phpmyadmin> section and insert the AllowOverride All directive. Once you do, the configuration would look similar to the image below.

Indents should not be made using tabs. Instead, use spaces.

The AllowOverride All directive is added. The AllowOverride All directive is added.

3. After you’ve entered the directive, hit Ctrl+X, Y, and Enter to save and close the file.

4. Restart the Apache webserver service for the modifications to take effect.

sudo systemctl apache2 restart

5. Create and update the.htaccess file in /usr/share/phpmyadmin.

The access restriction rule is applied to the whole phpMyAdmin program when the.htacces file is created in the /usr/share/phpmyadmin directory.

/usr/share/phpmyadmin/.htaccess sudo nano

6. Copy and paste the instructions below into the.htaccess file. To save and exit the file while editing it, hit CTRL+X, Y, and Enter.

# Makes the authentication type require a username and password to be entered. AuthType Basic # The message shown on the credential prompt by the server. AuthName “Restricted Files” # Indicates the path of the file holding the list of valid users and passwords. AuthUserFile.htpasswd /etc/phpmyadmin # Allows a user who has successfully authenticated to access phpMyAdmin again. Valid-user is a must.

During login prompts, not all web browsers show the AuthName directive value.

.htaccess file creation .htaccess file creation

7. To generate a new authentication file, use the command below (.htpasswd). Substitute the username you wish to add for username.

username sudo htpasswd -c /etc/phpmyadmin/.htpasswd

Type the new password over and over again, hitting Enter after each time.

A new authentication file is being created. A new authentication file is being created.

Instead of sudo htpasswd /etc/phpmyadmin/.htpasswd additionaluser, use sudo htpasswd /etc/phpmyadmin/.htpasswd additionaluser.

8. Finally, open your browser and go to the phpMyAdmin URL (https://domain name or IP/phpmyadmin) and log in using the username and password you generated before.

The phpMyAdmin website asks for a username and password. The phpMyAdmin website asks for a username and password.

The phpMyAdmin login screen would appear when you supplied the right username and password.

The login page for phpMyAdmin The login page for phpMyAdmin

If you don’t pass the authentication, you’ll receive an Unauthorized answer, like seen below.

phpMyAdmin site authorisation failed. phpMyAdmin site authorisation failed.

Conclusion

Congratulations for making it all the way to the finish. You’ve now learnt how to install, configure, and secure phpMyAdmin on Linux. With phpMyAdmin in your toolbox, you can now manage MySQL from the command line, in addition to the new web site you’ve set up.

Why don’t you just keep going? This lesson just skimmed the surface of phpMyAdmin’s capabilities. With certificates, HTTPS access, and the root login disabled, you may be able to improve phpMyAdmin’s security even further. Best of luck!

The “install phpmyadmin debian” is a tutorial that will show you how to install the secure version of phpMyAdmin on Debian Linux.

Related Tags

  • install phpmyadmin linux
  • uninstall phpmyadmin ubuntu
  • install phpmyadmin ubuntu 20
  • install phpmyadmin ubuntu 20.04 nginx
  • install phpmyadmin ubuntu nginx