Step-by-Step Tutorial to Install phpMyAdmin Securely on Linux

Published:22 November 2023 - 6 min. read

Loeber Deryk Image

Loeber Deryk

Read more tutorials by Loeber Deryk!

Azure Cloud Labs: these FREE, on‑demand Azure Cloud Labs will get you into a real‑world environment and account, walking you through step‑by‑step how to best protect, secure, and recover Azure data.

If you’re looking to streamline your MySQL server management on Linux, why not consider a GUI-based approach? The command-line can be daunting, but a front-end tool like phpMyAdmin can make things a lot easier. In this guide, we’ll cover the steps to install phpMyAdmin, a must-have for any sysadmin or developer. Let’s dive in!

phpMyAdmin, with its web-based interface, simplifies MySQL management. This tutorial will show you how to install and configure phpMyAdmin, making database management a breeze.

By the end of this tutorial, you’ll say goodbye to accidental database mishaps! Let’s learn how to safeguard your databases and, ultimately, your job.

Prerequisites for Installing phpMyAdmin

Before starting, ensure you have the following:

  • An Ubuntu Server 18.04 or newer.
  • Root or sudo access on your server. Check out how to enable these in Ubuntu.
  • Your server should have the LAMP (Linux, Apache, MySQL, PHP) stack. For installation guidance, refer to this guide.
  • A separate computer with an SSH client like Putty, Bitvise, or the Chrome SSH Extension. This tutorial uses the default SSH client in Windows 10 (ssh.exe).

Steps to Install phpMyAdmin on Ubuntu

There are various methods to install phpMyAdmin, but the simplest and most common is using the Advanced Package Tool (APT). Follow these steps for a smooth installation.

1. Connect to your Ubuntu server using an SSH client.

ssh username@server_name_or_IP

2. Begin by updating your server’s package repository to ensure you’re getting the latest software versions.

sudo apt update -y

Depending on your server’s internet connection and system load, this update might take a few minutes.

winscp command line updating package repository sources cache
Updating the package repository sources cache

3. After updating, install the phpmyadmin package along with its dependencies php-mbstring and php-gettext.

sudo apt install phpmyadmin php-mbstring php-gettext -y

4. During the phpMyAdmin installation process, you’ll encounter a series of prompts to configure phpMyAdmin properly.

Configuring Apache2 for phpMyAdmin Installation

On the webserver configuration screen, use the arrow keys to navigate. Highlight apache2 and press SPACE to select it. An asterisk [*] will appear next to apache2, indicating it’s selected. Then, press Enter.

install phpmyadmin - Selecting apache2 as the webserver
Selecting apache2 as the webserver during the phpMyAdmin installation

5. The installer will then prompt for the phpMyAdmin database setup. Make sure <Yes> is selected and press Enter to proceed.

Confirming the phpMyAdmin database installation
Confirming the phpMyAdmin database installation

Securing phpMyAdmin with a Strong Password

6. The phpMyAdmin installation process automatically creates a MySQL user named phpMyAdmin. Enter a strong password for this new account at the prompt, and press Enter.

install phpmyadmin - Assigning a new phpMyAdmin password
Assigning a new phpMyAdmin password

7. Confirm your phpMyAdmin password by re-entering it on the Password confirmation prompt and press Enter. Wait for the installation and configuration to complete.

Confirming the new password
Confirming the new phpMyAdmin password

Verifying phpMyAdmin Configuration Files

8. After installing phpMyAdmin, confirm the existence of the Apache configuration file for phpMyAdmin by running the following command.

ls /etc/apache2/conf-enabled/

The phpmyadmin.conf file contains vital phpMyAdmin settings, like installation location and the database server configuration. Usually, there’s no need for manual edits to this file.

Listing the /etc/apache2/conf-enabled directory contents
Checking the /etc/apache2/conf-enabled directory for phpMyAdmin configuration

Enabling mbstring Extension for phpMyAdmin

9. To optimize phpMyAdmin’s functionality, enable the mbstring PHP extension with the command below.

sudo phpenmod mbstring

Restarting Webserver for phpMyAdmin

10. Finally, restart your webserver for the changes to take effect. This step is crucial for making phpMyAdmin accessible.

sudo systemctl restart apache2

11. Now, it’s crucial to verify the webserver’s status. This check confirms that the Apache server is running smoothly after the phpMyAdmin installation.

sudo systemctl status apache2

Look for a response indicating the Apache webserver service is active (running), as shown in the screenshot below. This confirmation is a key step in successfully installing phpMyAdmin.

install phpmyadmin - Checking the status of your web server
Verifying the web server’s status after installing phpMyAdmin

Best Practices for Creating a Secure phpMyAdmin User Account

As part of the phpMyAdmin setup, a default MySQL user named phpmyadmin is created. However, this account is limited to accessing only the phpMyAdmin database and doesn’t have full administrative privileges.

To enhance security, it’s advisable to create a new, dedicated privileged account instead of using the default. This approach reduces the risk of attacks, as common usernames are often targeted.

Follow these steps to set up a secure, dedicated management account for phpMyAdmin:

Step 1: Accessing MySQL Shell

Start by opening the MySQL shell. You can do this directly from the terminal using the following command:

sudo mysql

Alternatively, log in as the root user with this command:

sudo mysql -u root -p

Step 2: Creating a New MySQL User

Once in the MySQL prompt, create a new user with custom credentials. Replace ‘ata’ and ‘pa$$word’ with your desired username and strong password. Here’s the command:

CREATE USER 'ata'@'localhost' IDENTIFIED BY 'pa$$word';

This step is vital for maintaining a secure phpMyAdmin setup.

install phpmyadmin - Creating a new MySQL user account
Creating a new MySQL user account during phpMyAdmin installation

Granting Full Privileges to Your New User

3. The next step in securing your phpMyAdmin installation is to grant full privileges to your newly created user. This is done using the GRANT ALL PRIVILEGES statement, which provides complete access to all databases. The WITH GRANT OPTION clause is particularly important as it allows this user to manage other user privileges.

GRANT ALL PRIVILEGES ON *.* TO 'ata'@'localhost' WITH GRANT OPTION;
install phpmyadmin - Granting global privileges to a user
Granting full privileges to the new user in phpMyAdmin

4. Once you’ve assigned the necessary privileges, exit the MySQL shell to proceed with the phpMyAdmin setup.

exit

Accessing the phpMyAdmin Interface

With the installation and user configuration complete, it’s time to access the phpMyAdmin web interface and verify the setup.

1. Open your web browser and go to http://your_domain_or_IP/phpmyadmin. Replace your_domain_or_IP with your server’s IP address or domain name.

2. You’ll see the Welcome to phpMyAdmin login page. Enter the username and password for the account you just created.

install phpmyadmin - Logging in to phpMyAdmin
Logging into phpMyAdmin with the new user credentials

3. Once logged in, the phpMyAdmin dashboard will be displayed, confirming a successful setup.

The phpMyAdmin portal after installation
The phpMyAdmin dashboard

4. Test the new account’s privileges by navigating to the Database tab. Here, you can view all databases on the server and verify user privileges.

install phpmyadmin - Checking the account privileges in phpMyAdmin
Verifying the privileges of the new user account in phpMyAdmin

This completes the installation and setup of phpMyAdmin, ensuring you have a fully functional and secure database management interface on your Linux server.

install phpmyadmin - Viewing the list of users with database privileges
Viewing the list of users with database privileges in phpMyAdmin

Enhancing phpMyAdmin Security with Password Protection

Given its widespread use, phpMyAdmin often becomes a target for unauthorized access attempts. It’s essential to implement additional security measures to protect your installation.

A highly effective way to secure phpMyAdmin is by using Apache’s .htaccess authentication and authorization features. This method adds an additional layer of security, restricting access to the phpMyAdmin interface.

Follow these steps to set up .htaccess protection for your phpMyAdmin installation:

Step 1: Configuring Apache for .htaccess Use

Begin by editing the phpMyAdmin configuration file in Apache to allow .htaccess usage.

sudo nano /etc/apache2/conf-available/phpmyadmin.conf

2. In the <Directory /usr/share/phpmyadmin> section of the file, add the AllowOverride All directive. This setting enables .htaccess files in the phpMyAdmin directory.

install phpmyadmin - Adding the AllowOverride All directive
Configuring the AllowOverride All directive in Apache for phpMyAdmin

3. After adding the directive, save and exit the file. Remember to use spaces instead of tabs for indentation.

Step 2: Restarting Apache to Apply Changes

4. Restart the Apache server to ensure the new configuration is active.

sudo systemctl restart apache2

Step 3: Creating the .htaccess File for phpMyAdmin

5. The final step involves creating an .htaccess file in the phpMyAdmin directory. This file will manage access to phpMyAdmin.

sudo nano /usr/share/phpmyadmin/.htaccess

6. Inside the .htaccess file, add the necessary directives to manage access. Once done, save and close the file.

By completing these steps, you’ll significantly increase the security of your phpMyAdmin installation on Linux, ensuring that only authorized users can access the management interface.

# Sets the authentication type to require entering the username and password.
AuthType Basic
# The message that the server displays on the credential prompt.
AuthName "Restricted Files"
# Specifies the file's location containing the valid users and passwords list.
AuthUserFile /etc/phpmyadmin/.htpasswd
# Allows the user who successfully authenticated to continue accessing phpMyAdmin.
Require valid-user

Not all web browsers display the AuthName directive value during authentication prompts.

install phpmyadmin - Creating the .htaccess file
Creating the .htaccess file for phpMyAdmin security

Setting Up Additional Authentication for phpMyAdmin

7. To further secure your phpMyAdmin installation, create an authentication file named .htpasswd. This file will store the usernames and encrypted passwords for authorized users.

sudo htpasswd -c /etc/phpmyadmin/.htpasswd username

Enter and re-confirm the password for the new user. A successful setup will enhance the security of your phpMyAdmin login process.

install phpmyadmin - Creating a new authentication file
Creating a new authentication file for phpMyAdmin

To add more users, use the command sudo htpasswd /etc/phpmyadmin/.htpasswd additionaluser, substituting additionaluser with the new username.

Accessing phpMyAdmin with Enhanced Security

8. With the additional security in place, navigate to https://domain_name_or_IP/phpmyadmin in your browser. Enter the username and password you established to access the login page.

install phpmyadmin - The phpMyAdmin site prompting for username and password
The phpMyAdmin site prompting for username and password

After successful authentication, you will be taken to the main phpMyAdmin login page.

install phpmyadmin - The phpMyAdmin login page
The phpMyAdmin login page after enhanced security setup

If the authentication fails, you’ll receive an Unauthorized response, indicating the need to recheck your credentials.

install phpmyadmin - Failed phpMyAdmin site authorization
Failed phpMyAdmin site authorization attempt

Wrapping Up: phpMyAdmin Installation and Security

Congratulations on successfully installing and securing phpMyAdmin on Linux! You’ve now enhanced your database management capabilities, making MySQL management more accessible and secure.

Don’t stop here. Explore more advanced phpMyAdmin features and further security enhancements, such as implementing HTTPS and disabling root logins. Check out additional resources like this guide for more insights. Keep your phpMyAdmin environment secure and efficient!

Hate ads? Want to support the writer? Get many of our tutorials packaged as an ATA Guidebook.

Explore ATA Guidebooks

Looks like you're offline!