PHPMyAdmin is a web application which gives GUI environment to the user to handle the MySQL tasks.
Not Everyone is convenient with the MySQL command line interface. Most of the people don’t have in-depth knowledge about SQL but they are in need of using the MySQL.
For them, PHPMySQL is the best solution which solves most of their issues by providing the Graphical Interface for the MySQL.
Using PHPMyAdmin, Anyone can easily perform MySQL operations. This is the reason behind millions of people using the PHPMyAdmin.
It also has some security issues.
We can solve those issues and secure the PHPMyAdmin.
Here In this Article, I am going to show you How to Install PHP MySQL and How to secure it.
- Ubuntu 16.04 with sudo non-root user. Refer this Ubuntu Initial Server Setup Guide to create sudo user.
- LAMP stack Installed on the server as mentioned in this guide
- Apache web server should be encrypted with SSL/TLS. If you don’t have the SSL certificate for your server, then follow this guide to create an SSL certificate.
The PHPMyAdmin is written in the PHP and works with MySQL and MariaDB.
Here are the few things which you have to consider while installing the PHPMyAdmin.
- PHPMyAdmin directly works with the MySQL. There is no intermediate software for the communication.
- It uses the credentials for the authentication process.
- It directly executes the arbitrary requests itself and returns the result.
The PHP is widely used open source platform. It makes the hacker to easily target such sites using phpMyAdmin.
You should not run the PHPMyAdmin with HTTP connection as it is insecure to use. You have to install the SSL certificate to secure the connection.
Step 1: Install PHPMyAdmin
The Ubuntu repositories have the PHPMyAdmin package by default. All you have to do is just install that package using the apt-get utility.
$ sudo apt-get update $ sudo apt-get install phpmyadmin php-mbstring php-gettext
After the execution of the command, you will be prompted to answer questions.
You will have the choices to select the web server to use with PHPMyAdmin.
First, you have to press the space and then press the tab button to choose the Apache2.
You can switch the selection process by pressing the tab. And the start will indicate the current selection.
Once you choose, the installation will be configured to work with the chosen Web server.
Here, in this tutorial, we will choose the Apache2 web server.
After that, you will be asked to whether install the software with the dbconfig-common. Choose yes for that.
You will be asked to enter the password for the Database Administrator and phpMyAdmin.
The phpMyAdmin configuration file will be stored in the /etc/apache2/conf-enabled/ during the installation process.
You have to enable two php extensions. They are
- PHP mcrypt
- PHP mbstring
Execute the below command to install both of them.
$ sudo phpenmod mcrypt $ sudo phpenmod mbstring
Once you are done with the installation process, you have to restart the apache.
$ sudo systemctl restart apache2
The changes will take effect and you could see the phpMyAdmin setup by going through the IP address in the browser as mentioned below.
The PHPMyAdmin Login Page will be opened and ask you for the root password.
Once you enter the root password, you will be taken to the phpMyAdmin Dashboard.
Where you can do all the operations directly. Since phpMyAdmin is used everywhere, it also became the target for the attacker.
Since it can be easily accessed through the web interface, it is easy for hackers to access it.
To secure that, we are going to add the gateway in front of the phpMyadmin.
This way we can enable the authentication and the authorised users will be allowed to access the server.
Configure the Apache to allow the .htaccess file overrides
First, we have to edit the phpMyAdmin configuration file in the apache configuration folder.
Open the configuration file using the nano editor.
$ sudo nano /etc/apache2/conf-available/phpmyadmin.conf
Look for the below lines in the configuration file and set the AllowOverride to all.
/etc/apache2/conf-available/phpmyadmin.conf <Directory /usr/share/phpmyadmin> Options FollowSymLinks DirectoryIndex index.php AllowOverride All . . .
After that, save and close the file. The restart the Apache2 using the below command.
$ sudo systemctl restart apache2
Creating the >htaccess file
Now, we have only enabled the .htaccess file usage to our application.
We have to create a .htaccess file to enable the application to use it.
Here, you will just have to add the .htaccess file inside the application folder in order to work.
Open the .htaccess file in the application folder using the nano editor.
sudo nano /usr/share/phpmyadmin/.htaccess
Enter the following lines in that file.
/usr/share/phpmyadmin/.htaccess AuthType Basic AuthName "Restricted Files" AuthUserFile /etc/phpmyadmin/.htpasswd Require valid-user
Here is what each line is doing.
This line represents the authentication type that we are using. It also implements the password protection using a password file.
The content that you add after this line will be displayed on the Authentication Box. So, Make sure that you don’t give any clue to the visitor.
This line indicates the path of the .htpasswd file which we are going to create shortly.
Require valid-user: This line indicates that the user should be valid to access the portal.
Once you added the lines, just save and close the files.
Create .htaccess file for the authentication
We have mentioned path for the password file in the .htaccess file.
We don’t have any such file in that path. However, we are going to create one such file in that location.
Still, one more package is required to create this file.
We have that file in our repository. Install the package using the apt-getcommand.
$ sudo apt-get install apache2-utils
After the installation, the .htpasswd utility will be available.
This is the location that we have mentioned as the .htpasswd file location.
Use the below command to create the file and add a user in that.
$ sudo htpasswd -c /etc/phpmyadmin/.htpasswd username
You will be asked to enter a password for that user.
Once you enter the password, it will be stored in that file and will be used for the authentication purpose.
If you have more users and you want to create the additional username for them, just follow this guide.
sudo htpasswd /etc/phpmyadmin/.htpasswd additionaluser
Once you are done with the process, just check whether it works perfectly or not.
It will definitely work. Go to the phpyMyAdmin page in your browser and you will be prompted to enter the password.
Once you give the prompt with the correct credentials, you will be taken to the PHPMyAdmin normal page.
This method is easy to implement and prevents the PHPMyAdmin against many attacks.
It works like a security layer to the PHPMyAdmin.
If you want to reconfigure the PHPMyAdmin and don’t like to keep the existing settings, then execute the below command.
$ sudo dpkg-reconfigure phpmyadmin
If you want to know connection method for MySQL database of PHPMyAdmin, use the below command.
$ mysql> \s
You have to execute the command from MySQL.
Uninstall PHPMyAdmin Ubuntu
To uninstall and remove all the data of PHPMyAdmin, just execute the below command.
$ sudo apt-get remove --purge phpmyadmin
Now, PHP will be entirely removed from your Ubuntu server.
In this article, you have seen how to install and configure the PHPMyAdmin.
Also, you have learnt, how to protect the PHPMyAdmin from the vulnerabilities.
We will see install PHPMyAdmin ubuntu Nginx configuration in the upcoming article.
Since PHPMySQL is the best way to interact with the MySQL through GUI, you can use it well.
If you are facing any problem, during the installation process, just let us know the command.
We will help you to solve the issues.
Source : https://poweruphosting.com/blog/install-secure-php-myadmin-ubuntu/