Saturday, January 2, 2016

Hardening PHPMyAdmin Installation

phpmyadmin logo

PHPMyAdmin is written in PHP and provides a user friendly interface that facilitates the database management, database optimization and query executions. However, the default settings of PHPMyAdmin are not secure and are vulnerable to several type attacks.

1- Make sure the connection is over SSL to prevent eavesdropping.

2- Install google re-captcha to stop brute-force attacks:
- Go to
- Generate a new site key and secret key.

Go to PHPMyAdmin config file, "", and add the keys next to:
PHPMyAdmin Re-captcha

3- Configure PHPMyAdmin to use cookie Auth:
$cfg['Servers'][$i]['auth_type'] = 'cookie';

or use Signon if you want to connect it with another login process.

4- Whitelist your IP and block the rest from .htaccess:
Order deny,allow
Deny from all
allow from

Where is your IP Address.

Note: This step will only work if you have a static IP address.

Any questions or suggestions? Leave a comment below!

No comments:

Post a Comment