{"id":29,"date":"2016-01-01T23:50:00","date_gmt":"2016-01-01T23:50:00","guid":{"rendered":"https:\/\/www.tech-and-dev.com\/blog\/2016\/01\/01\/hardening-phpmyadmin-installation\/"},"modified":"2021-02-22T01:04:38","modified_gmt":"2021-02-22T01:04:38","slug":"hardening-phpmyadmin-installation","status":"publish","type":"post","link":"https:\/\/www.tech-and-dev.com\/blog\/2016\/01\/hardening-phpmyadmin-installation.html","title":{"rendered":"Hardening PHPMyAdmin Installation"},"content":{"rendered":"
\n
\"phpmyadmin<\/a><\/div>\n

 <\/p>\n

PHPMyAdmin is written in PHP and provides a user friendly interface that facilitates the database management, database optimization and query executions. However, the default settings of PHPMyAdmin are not secure and are vulnerable to several type attacks.<\/div>\n

<\/a>
\n1- Make sure the connection is over SSL to prevent eavesdropping.<\/span><\/p>\n

2- Install google re-captcha to stop brute-force attacks:<\/span>
\n– Go to https:\/\/www.google.com\/recaptcha
\n– Generate a new site key and secret key.<\/p>\n

Go to PHPMyAdmin config file, “config.inc.php”, and add the keys next to:<\/p>\n

\"PHPMyAdmin<\/a><\/div>\n

3- Configure PHPMyAdmin to use cookie<\/b> Auth:<\/span><\/p>\n

$cfg['Servers'][$i]['auth_type'] = 'cookie';<\/pre>\n
or use Signon<\/b> if you want to connect it with another login process.<\/p>\n
4- Whitelist your IP and block the rest from .htaccess:<\/span><\/p>\n
Order deny,allow\r\nDeny from all\r\nallow from xxx.xxx.xxx.xxx<\/pre>\n
Where xxx.xxx.xxx.xxx<\/span> is your IP Address.<\/p>\n
Note: This step will only work if you have a static IP address.<\/p>\n
Any questions or suggestions? Leave a comment below!<\/p>\n<\/div>\n","protected":false},"excerpt":{"rendered":"
  PHPMyAdmin is written in PHP and provides a user friendly interface that facilitates the database management, database optimization and query executions. However, the default settings of PHPMyAdmin are not secure and are vulnerable to several type attacks. 1- Make sure the connection is over SSL to prevent eavesdropping. 2- Install google re-captcha to stop […]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[40,6,22,9,28],"tags":[],"class_list":["post-29","post","type-post","status-publish","format-standard","hentry","category-htaccess","category-linux","category-php","category-phpmyadmin","category-security"],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/www.tech-and-dev.com\/blog\/wp-json\/wp\/v2\/posts\/29","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.tech-and-dev.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.tech-and-dev.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.tech-and-dev.com\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.tech-and-dev.com\/blog\/wp-json\/wp\/v2\/comments?post=29"}],"version-history":[{"count":1,"href":"https:\/\/www.tech-and-dev.com\/blog\/wp-json\/wp\/v2\/posts\/29\/revisions"}],"predecessor-version":[{"id":333,"href":"https:\/\/www.tech-and-dev.com\/blog\/wp-json\/wp\/v2\/posts\/29\/revisions\/333"}],"wp:attachment":[{"href":"https:\/\/www.tech-and-dev.com\/blog\/wp-json\/wp\/v2\/media?parent=29"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.tech-and-dev.com\/blog\/wp-json\/wp\/v2\/categories?post=29"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.tech-and-dev.com\/blog\/wp-json\/wp\/v2\/tags?post=29"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}