Securing phpMyAdmin

The things you can do to make your phpMyAdmin less vulnerable to attack:

1. Call it something else.

Normally it is accessed by its alias /phpmyadmin, as defined in the /etc/apache2/conf-enabled/phpmyadmin.conf.

Edit it and rename the alias to something else, something hard for an attacked to guess. You can use apg to generate a random name for it. Restart Apache after you are done.

2. Restrict access to a particular range of addresses

You may chose to allow only local access from localhost, or allow access from the range of your VPN.

Remember that Apache configuration syntax changed as of version is 2.4, so now you have to use Require instead of Order Deny,Allow.

To find out your version:

apachectl -V | grep ‘Server version’

To limit access to phpMyAdmin to allow only connections from localhost and VPN:

Right after the tag add:

Require ip
Require ip

Be aware that anybody who attempts to connect phpMyAdmin form any other address will see a message


You don’t have permission to access […] on this server.”

To avoid that you can rename the alias as described above



Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s