Saturday, January 2, 2016

Hardening PHPMyAdmin Installation

phpmyadmin logo

PHPMyAdmin is written in PHP and provides a user friendly interface that facilitates the database management, database optimization and query executions. However, the default settings of PHPMyAdmin are not secure and are vulnerable to several type attacks.


1- Make sure the connection is over SSL to prevent eavesdropping.

2- Install google re-captcha to stop brute-force attacks:
- Go to https://www.google.com/recaptcha
- Generate a new site key and secret key.

Go to PHPMyAdmin config file, "config.inc.php", and add the keys next to:
PHPMyAdmin Re-captcha


3- Configure PHPMyAdmin to use cookie Auth:
$cfg['Servers'][$i]['auth_type'] = 'cookie';


or use Signon if you want to connect it with another login process.

4- Whitelist your IP and block the rest from .htaccess:
Order deny,allow
Deny from all
allow from xxx.xxx.xxx.xxx

Where xxx.xxx.xxx.xxx is your IP Address.


Note: This step will only work if you have a static IP address.


Any questions or suggestions? Leave a comment below!