How to install and secure PHPMyAdmin on CentOS 7

Try it in our public cloud & Get $5 Credit
CLAIM NOW

PHPMyAdmin is a browser-based tool for managing database administration, specifically MySql and its drop-in cousin, MariaDB. The visual interface makes it easy to perform all the usual CRUD (Create, Read, Update, Delete) database actions without the need to type out complicated SQL queries.

PHPMyAdmin is free and open source under the GNU General Public License, version 2. It’s a long-running project, having been created in 1998 by Tobias Ratschiller.

Getting Started

To complete this guide, you will need the following:
• 1 Remote server (Cloud Server or Dedicated Server) running CentOS 7.
• All commands should be run as the root user
• A LAMP stack using Apache and PHP

Tutorial

PHPMyAdmin can be found in the EPEL repository. If you don’t have it already, add the EPEL repository to your system.

yum install epel-release

After making sure your system is fully updated, go ahead and install PHPMyAdmin.

yum update
yum install phpmyadmin

During the installation process, you will need to answer a couple questions. First, you will need to select which server software is installed on your machine: apache2 or lighttp. If you’ve followed the requirements stated at the beginning of this guide and have Apache installed, select apache2.

Next, you will need to provide your MySQL root password, and then create a password for logging into PHPMyAdmin. Save this password for later.

Now it’s time to adjust PHPMyAdmin’s configuration. Open the PHPMyAdmin configuration file in a text editor.

nano /etc/httpd/conf.d/phpMyAdmin.conf

Modify the following lines as outlined below. You will need to change the loopback address, 127.0.0.1, to the IP address of your server in 4 different places.

# phpMyAdmin - Web based MySQL browser written in php
#
# Allows only localhost by default
#
# But allowing phpMyAdmin to anyone other than localhost should be considered
# dangerous unless properly secured by SSL
Alias /phpMyAdmin /usr/share/phpMyAdmin
Alias /phpmyadmin /usr/share/phpMyAdmin
<Directory /usr/share/phpMyAdmin/>
AddDefaultCharset UTF-8
<IfModule mod_authz_core.c>
# Apache 2.4
<RequireAny>
Require ip 127.0.0.1 <----- IP TO MODIFY 1
Require ip ::1
</RequireAny>
</IfModule>
<IfModule !mod_authz_core.c>
# Apache 2.2
Order Deny,Allow
Deny from All
Allow from 127.0.0.1 <----- IP TO MODIFY 2
Allow from ::1
</IfModule>
</Directory>
<Directory /usr/share/phpMyAdmin/setup/>
<IfModule mod_authz_core.c>
# Apache 2.4
<RequireAny>
Require ip 127.0.0.1 <----- IP TO MODIFY 3
Require ip ::1
</RequireAny>
</IfModule>
<IfModule !mod_authz_core.c>
# Apache 2.2
Order Deny,Allow
Deny from All
Allow from 127.0.0.1 <----- IP TO MODIFY 4
Allow from ::1
</IfModule>
</Directory>
# These directories do not require access over HTTP - taken from the original
# phpMyAdmin upstream tarball
#
<Directory /usr/share/phpMyAdmin/libraries/>
Order Deny,Allow
Deny from All
Allow from None
</Directory>
<Directory /usr/share/phpMyAdmin/setup/lib/>
Order Deny,Allow
Deny from All
Allow from None
</Directory>
<Directory /usr/share/phpMyAdmin/setup/frames/>
Order Deny,Allow
Deny from All
Allow from None
</Directory>
# This configuration prevents mod_security at phpMyAdmin directories from
# filtering SQL etc.  This may break your mod_security implementation.
#
#<IfModule mod_security.c>
#    <Directory /usr/share/phpMyAdmin/>
#        SecRuleInheritance Off
#    </Directory>
#</IfModule>

Save and close the file. Restart the Apache daemon so that it recognizes the changes.

systemctl restart httpd.service

You should be able to log into PHPMyAdmin by opening this URL in your web browser:
http://your_main_IP/phpMyAdmin/

For security purposes, it’s necessary to edit .htaccess to prevent anyone from gaining access to your PHPMyAdmin directory. Open /etc/apache2/conf-available/phpmyadmin.conf in a text editor and add this AllowOverride All directive.

nano /etc/httpd/conf.d/phpMyAdmin.conf

[...]
AddDefaultCharset UTF-8
AllowOverride All
[...]

Now create a file named .htaccess in /usr/share/phpMyAdmin/ and add the following block:

nano /usr/share/phpMyAdmin/.htaccess

AuthType Basic
AuthName "Restricted Files"
AuthUserFile /etc/phpMyAdmin/.htpasswd
Require valid-user

Save the file and again restart Apache.

systemctl restart httpd.service

Finally, set a password for authentication. In this case we will create a user called admin.

htpasswd -c /etc/phpMyAdmin/.htpasswd admin

The flag “-c” in this command is used to create an initial file for the first user. If you would like to add another user, simply omit the “-c” flag.

Your PHPMyAdmin installation is now secure with a .htaccess file. Test it out by logging back into PHPMyAdmin at http://your_main_IP/phpMyAdmin/.

Conclusion

PHPMyAdmin is an incredibly useful interface that is also ubiquitous in the world of remote database management. With proper security precautions in place, it’s a safe and easy way to manage your databases without the need to be an expert in SQL syntax.

If you found this article helpful, feel free to share it with your friends and let us know in the comments below!