Hardening PHPMyAdmin Installation
PHPMyAdmin is written in PHP and provides a user friendly interface that facilitates the database management, database optimization and query executions. However, the default settings of PHPMyAdmin are not secure and are vulnerable to several type attacks.
1- Make sure the connection is over SSL to prevent eavesdropping.
2- Install google re-captcha to stop brute-force attacks:
– Go to https://www.google.com/recaptcha
– Generate a new site key and secret key.
Go to PHPMyAdmin config file, “config.inc.php”, and add the keys next to:
3- Configure PHPMyAdmin to use cookie Auth:
$cfg['Servers'][$i]['auth_type'] = 'cookie';
or use Signon if you want to connect it with another login process.
4- Whitelist your IP and block the rest from .htaccess:
Order deny,allow Deny from all allow from xxx.xxx.xxx.xxx
Where xxx.xxx.xxx.xxx is your IP Address.
Note: This step will only work if you have a static IP address.
Any questions or suggestions? Leave a comment below!