phpMyAdmin is a free and open source administration tool for MySQL and MariaDB. As a portable web application written primarily in PHP, it has become one of the most popular MySQL administration tools, especially for web hosting services.
Features provided by the program include:
- Web interface
- MySQL and MariaDB database management
- Import data from CSV and SQL
- Export data to various formats: CSV, SQL, XML, PDF ,Spreadsheet, Word, Excel, LaTeX. and others
- Administering multiple servers
- Creating PDF graphics of the database layout
- Creating complex queries using Query-by-example (QBE)
- Make complex SQL queries easier.
Requirments
You need LAMP stack installed and configured if you don’t follow the instructions in the link below:
How to install LAMP (Apache, MySQL, PHP) stack on CentOS 7
Install phpMyAdmin
phpMyAdmin is not provided by the official repository, so you have to add “EPEL” repository in order to install the latest version.
Add EPEL repository
You can easily install EPEL using “yum”:
yum install epel-releaseInstalling the phpMyAdmin
Now you can install the phpMyAdmin package with the command below:
yum install phpmyadminAfter the installation is finished, you can start with phpMyadmin right away using the following address:
http://PUBLIC_IP_DOMAIN/phpmyadminSecuring the phpMyAdmin
Installing phpMyAdmin allowing you to easily access your MySQL database over the internet which is really handy but it can be a security flaw if you don’t limit the access to it.
In the following sections, we are going to set up some of the most important security methods to prevent bots and attackers from targeting your database:
1. Disable root Login
In this section, we are going to forbid the root login from phpMyAdmin.(it’s recommended to disable your root login from MySQL as well)
Open your phpMyAdmin global configuration with your text editor:
nano /etc/phpMyAdmin/config.inc.phpFind the following line:
$cfg['Servers'][$i]['AllowRoot'] = TRUE;and change it like below:
$cfg['Servers'][$i]['AllowRoot'] = FALSE;Save and exit.
2. Change the Alias
You can make your phpMyAdmin run with another Alias so the attackers or bots can’t find your login page,
Open the “phpMyAdmin.conf” file with the command below:
nano /etc/httpd/conf.d/phpMyAdmin.confFind the following lines:
Alias /phpMyAdmin /usr/share/phpMyAdmin
Alias /phpmyadmin /usr/share/phpMyAdminComment them both with “#”
#Alias /phpMyAdmin /usr/share/phpMyAdmin
#Alias /phpmyadmin /usr/share/phpMyAdminThen add the following line under the commented lines (Replace the red part with your preferred alias):
Alias /myownalias /usr/share/phpMyAdminSave and exit.
Restart Apache service to take effect:
systemctl restart httpdNow your phpMyAdmin is accessible using:
http://PUBLIC_IP_DOMAIN/myownalias3. Protect with HTTP authentication
The next security layer we want to add is a web server authentication prompt that a user should pass before seeing the phpMyAdmin login page.
This ability is provided by Apache itself, you just need to install “httpd-tools” with the command below:
yum install httpd-toolsThen open the “phpMyAdmin.conf” in your text editor:
nano /etc/httpd/conf.d/phpMyAdmin.confAdd the red part within the “/usr/share/phpMyAdmin” directive like below:
<Directory /usr/share/phpMyAdmin/>
AllowOverride All
<IfModule mod_authz_core.c>
. . .
</Directory>
This will allow us to add some configuration to a file called “.htaccess”
Now you need to create the “.htaccess” file:
nano /usr/share/phpMyAdmin/.htaccessPaste the following lines into the file then save and exit:
AuthType Basic
AuthName "Admin Login"
AuthUserFile /etc/httpd/pma_pass
Require valid-userNext, we are going to create a password file for authentication with the command below:
htpasswd -c /etc/httpd/pma_pass usernameEnter your preferred password upon prompt.
Finally, restart your Apache service with the command below to take effect:
systemctl restart httpd
