Hardening PHPMyAdmin Installation

phpmyadmin logo


PHPMyAdmin is written in PHP and provides a user friendly interface that facilitates the database management, database optimization and query executions. However, the default settings of PHPMyAdmin are not secure and are vulnerable to several type attacks.

1- Make sure the connection is over SSL to prevent eavesdropping.

2- Install google re-captcha to stop brute-force attacks:
– Go to https://www.google.com/recaptcha
– Generate a new site key and secret key.

Go to PHPMyAdmin config file, “config.inc.php”, and add the keys next to:

PHPMyAdmin Re-captcha

3- Configure PHPMyAdmin to use cookie Auth:

$cfg['Servers'][$i]['auth_type'] = 'cookie';

or use Signon if you want to connect it with another login process.

4- Whitelist your IP and block the rest from .htaccess:

Order deny,allow
Deny from all
allow from xxx.xxx.xxx.xxx

Where xxx.xxx.xxx.xxx is your IP Address.

Note: This step will only work if you have a static IP address.

Any questions or suggestions? Leave a comment below!

Leave a Reply

Your email address will not be published. Required fields are marked *