{"id":350484,"date":"2021-10-08T17:00:00","date_gmt":"2021-10-08T14:00:00","guid":{"rendered":"https:\/\/en.buradabiliyorum.com\/how-to-install-phpmyadmin-securely-cloudsavvy-it\/"},"modified":"2021-10-08T17:00:00","modified_gmt":"2021-10-08T14:00:00","slug":"how-to-install-phpmyadmin-securely-cloudsavvy-it","status":"publish","type":"post","link":"https:\/\/buradabiliyorum.com\/en\/how-to-install-phpmyadmin-securely-cloudsavvy-it\/","title":{"rendered":"#How to Install phpMyAdmin Securely \u2013 CloudSavvy IT"},"content":{"rendered":"<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_85 counter-hierarchy ez-toc-counter ez-toc-custom ez-toc-container-direction\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<label for=\"ez-toc-cssicon-toggle-item-6a2facec35e18\" class=\"ez-toc-cssicon-toggle-label\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #dd3333;color:#dd3333\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #dd3333;color:#dd3333\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/label><input type=\"checkbox\"  id=\"ez-toc-cssicon-toggle-item-6a2facec35e18\" checked aria-label=\"Toggle\" \/><nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/buradabiliyorum.com\/en\/how-to-install-phpmyadmin-securely-cloudsavvy-it\/#Why_Is_phpMyAdmin_a_Security_Problem\" >Why Is phpMyAdmin a Security Problem?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/buradabiliyorum.com\/en\/how-to-install-phpmyadmin-securely-cloudsavvy-it\/#Install_phpMyAdmin_and_Secure_MySQL\" >Install phpMyAdmin and Secure MySQL<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/buradabiliyorum.com\/en\/how-to-install-phpmyadmin-securely-cloudsavvy-it\/#Option_1_Lock_Down_Apache_and_Use_SSH_Port_Forwarding\" >Option 1: Lock Down Apache, and Use SSH Port Forwarding<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/buradabiliyorum.com\/en\/how-to-install-phpmyadmin-securely-cloudsavvy-it\/#Option_2_Lock_Down_Apache_and_Use_a_VPN\" >Option 2: Lock Down Apache, and Use a VPN<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/buradabiliyorum.com\/en\/how-to-install-phpmyadmin-securely-cloudsavvy-it\/#Option_3_Secure_Apache_with_HTTPS_and_Basic_Auth\" >Option 3: Secure Apache with HTTPS and Basic Auth<\/a><\/li><\/ul><\/nav><\/div>\n<p><strong>&#8220;#How to Install phpMyAdmin Securely \u2013 CloudSavvy IT&#8221;<\/strong><\/p>\n<div id=\"article-content-area\">\n<img loading=\"lazy\" decoding=\"async\" class=\"type:primaryImage imgchk9 alignnone wp-image-1387 size-full\" srcset=\"https:\/\/www.cloudsavvyit.com\/p\/uploads\/2019\/08\/58f42558-1.png?width=398&amp;trim=1,1&amp;bg-color=000&amp;pad=1,1 400w, https:\/\/www.cloudsavvyit.com\/p\/uploads\/2019\/08\/58f42558-1.png?width=1198&amp;trim=1,1&amp;bg-color=000&amp;pad=1,1 1200w\" sizes=\"auto, 400w, 1200w\" src=\"https:\/\/www.cloudsavvyit.com\/p\/uploads\/2019\/08\/58f42558-1.png?width=1198&amp;trim=1,1&amp;bg-color=000&amp;pad=1,1\" alt=\"php MyAdmin\" width=\"700\" height=\"300\" onload=\"pagespeed.lazyLoadImages.loadIfVisibleAndMaybeBeacon(this);\" onerror=\"this.onerror=null;pagespeed.lazyLoadImages.loadIfVisibleAndMaybeBeacon(this);\"\/><\/p>\n<p><a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.phpmyadmin.net\/\">phpMyAdmin<\/a> is a great tool for managing a MySQL database, but putting access to your database behind a web interface is an major security problem. Here are a few ways to mitigate the risks involved with runing phpMyAdmin.<\/p>\n<h2 role=\"heading\" aria-level=\"2\"><span class=\"ez-toc-section\" id=\"Why_Is_phpMyAdmin_a_Security_Problem\"><\/span>Why Is phpMyAdmin a Security Problem?<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Usually, you\u2019d have a database that would run on your server and only accept connections from <code>localhost<\/code>\u00a0or maybe from another trusted server. If you had an <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/download-scripts-themes-apps\/\" data-internallinksmanager029f6b8e52c=\"9\" title=\"Download Scripts &amp; Themes &amp; Apps\" target=\"_blank\" rel=\"noopener\">app<\/a>lication also running on that server, it would communicate directly. There\u2019s no way for an attacker to gain access short of cracking into the whole server.<\/p>\n<p>phpMyAdmin circumvents this to provide you a web interface for managing your database. It\u2019s a very useful tool, but it\u2019s a disaster for security. phpMyAdmin has full unrestricted access to your database, as it\u2019s intended to replace command line direct access. If an attacker gains access to the web panel, they\u2019ll have access to everything. And phpMyAdmin is usually only secured with a simple password.<\/p>\n<h2 role=\"heading\" aria-level=\"2\"><span class=\"ez-toc-section\" id=\"Install_phpMyAdmin_and_Secure_MySQL\"><\/span>Install phpMyAdmin and Secure MySQL<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.phpmyadmin.net\/\">phpMyAdmin<\/a> runs on the LAMP stack (Linux, Apache, MySQL, PHP). Before you even start installing phpMyAdmin, your instance of MySQL should be secure. MySQL provides a handy utility for performing some basic security tasks:<\/p>\n<pre>sudo mysql_secure_installation<\/pre>\n<p>This will walk you through changing the root password, disabling remote logins, and removing the test database.<\/p>\n<p>After that, you can <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/docs.phpmyadmin.net\/en\/latest\/setup.html\">install phpMyAdmin<\/a>\u00a0as usual. During the install, you\u2019ll be prompted for a password of the database\u2019s admin user (which you should have set during <code>mysql_secure_installation<\/code>), and a new password to secure phpMyAdmin with. Make sure this password is long and secure, as it\u2019s the final point of defense before attackers could gain access.<\/p>\n<p>Ideally though, no attacker should even get a chance to guess your password, so you\u2019ll want to put phpMyAdmin behind something else so you can secure it further.<\/p>\n<h2 role=\"heading\" aria-level=\"2\"><span class=\"ez-toc-section\" id=\"Option_1_Lock_Down_Apache_and_Use_SSH_Port_Forwarding\"><\/span>Option 1: Lock Down Apache, and Use SSH Port Forwarding<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>This is the most secure option, but it is only really suitable for single-user access, particularly for single users that have full administrative access to the whole server, as it requires you to connect over SSH.<\/p>\n<p>SSH port forwarding is a method of forwarding local ports to a remote system. For example, you would have Apache running on your server, listening on port 80. If you tunneled that port, you could access it by going to:<\/p>\n<pre>https:\/\/localhost:80\/<\/pre>\n<p>\u2026in any web browser. In a sense, it\u2019s almost like Apache is running on your system. But port 80 doesn\u2019t have to be open on your server; all traffic is routed through the standard\u00a0port 22 used for SSH.\u00a0You\u2019ll need to make sure SSH is secured with SSH keys, and ideally not running on the standard port, as this method is only as secure as your SSH connection is.<\/p>\n<p>To do this, you\u2019ll need to bind Apache to localhost, and make sure it\u2019s not open to the internet. Open up <code>\/etc\/apache2\/ports.conf<\/code>, and change the three listen statements to only listen on localhost (aka <code>127.0.0.1<\/code>):<\/p>\n<pre>Listen 127.0.0.1:80&#13;\n&#13;\n&lt;IfModule ssl_module&gt;&#13;\n  Listen 127.0.0.1:443&#13;\n&lt;\/IfModule&gt;&#13;\n&#13;\n&lt;IfModule mod_gnutls&gt;&#13;\n Listen 127.0.0.1:443&#13;\n&lt;\/IfModule&gt;<\/pre>\n<p>Restart Apache with:<\/p>\n<pre>sudo service apache2 restart<\/pre>\n<p>And phpMyAdmin should be inaccessible. This is expected. Once Apache is configured, you can tunnel port 80 using the following command:<\/p>\n<pre>ssh -L 80:localhost:80 user@server<\/pre>\n<p>Then, you can access phpMyAdmin from <code>localhost:80<\/code>\u00a0in any web browser. Meanwhile, your server can be configured with a strict firewall to disallow anything except SSH.<\/p>\n<p>If <code>ssh<\/code> can\u2019t bind to port 80, try changing the first port to a different number and accessing it from there on localhost. It will still tunnel to port 80 on the remote machine. This connection is maintained until you exit <code>ssh<\/code>. If you want to run it in the background, use the <code>-f<\/code>\u00a0flag.<\/p>\n<p>If you only want phpMyAdmin to listen on localhost, you can instead edit <code>\/etc\/apache2\/conf-enabled\/phpmyadmin.conf<\/code>\u00a0and add the following lines to the <code>Directory<\/code>\u00a0block:<\/p>\n<pre>  Order deny,allow&#13;\n  Deny from all&#13;\n  Allow from 127.0.0.1<\/pre>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"imgchk9 alignnone wp-image-1381 size-full\" src=\"https:\/\/www.cloudsavvyit.com\/p\/uploads\/2019\/08\/b598d505.png?trim=1,1&amp;bg-color=000&amp;pad=1,1\" alt=\"A Directory block.\" width=\"700\" height=\"300\" onload=\"pagespeed.lazyLoadImages.loadIfVisibleAndMaybeBeacon(this);\" onerror=\"this.onerror=null;pagespeed.lazyLoadImages.loadIfVisibleAndMaybeBeacon(this);\"\/><\/p>\n<p>This will deny anything except localhost from accessing the phpMyAdmin install, although you will still need port 80 open in your firewall to allow regular traffic.<\/p>\n<h2 role=\"heading\" aria-level=\"2\"><span class=\"ez-toc-section\" id=\"Option_2_Lock_Down_Apache_and_Use_a_VPN\"><\/span>Option 2: Lock Down Apache, and Use a VPN<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>If you need to allow access to multiple people without giving SSH access, you can set up Apache to listen on your machine\u2019s private IP and only accept connections from the same cloud. This works particularly well with services like <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/aws.amazon.com\/vpc\/?tag=reviewgeek-20\">AWS VPC<\/a>, where each server you launch is created in a virtual network.<\/p>\n<p>To find your private IP, you can run <code>ifconfig<\/code>\u00a0and look for the <code>inet<\/code>\u00a0address on your primary network adapter:<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"imgchk9 alignnone wp-image-1384 size-full\" src=\"https:\/\/www.cloudsavvyit.com\/p\/uploads\/2019\/08\/b598d505-1.png?trim=1,1&amp;bg-color=000&amp;pad=1,1\" alt=\"Find your private IP.\" width=\"700\" height=\"169\" onload=\"pagespeed.lazyLoadImages.loadIfVisibleAndMaybeBeacon(this);\" onerror=\"this.onerror=null;pagespeed.lazyLoadImages.loadIfVisibleAndMaybeBeacon(this);\"\/><\/p>\n<p>This address is also visible from the <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/console.aws.amazon.com\/ec2\/?tag=reviewgeek-20\">AWS EC2 Console<\/a>. Once you have the address copied, open up <code>\/etc\/apache2\/ports.conf<\/code>, and edit the three <code>Listen<\/code>\u00a0directives to listen on the private IP:<\/p>\n<pre>Listen 172.31.87.118:8&#13;\n&#13;\n&lt;IfModule ssl_module&gt;&#13;\n  Listen 172.31.87.118:443&#13;\n&lt;\/IfModule&gt;&#13;\n&#13;\n&lt;IfModule mod_gnutls&gt;&#13;\n  Listen 172.31.87.118:443&#13;\n&lt;\/IfModule&gt;<\/pre>\n<p>Alternatively, if you just want to secure phpMyAdmin you can edit <code>\/etc\/apache2\/conf-enabled\/phpmyadmin.conf<\/code>\u00a0and only allow from the private IP:<\/p>\n<pre>Order deny,allow&#13;\nDeny from all&#13;\nAllow from 172.31.87.118<\/pre>\n<p>And restart Apache.<\/p>\n<p>Now, to access phpMyAdmin, you\u2019ll need to <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/openvpn.net\/\">set up a VPN server like OpenVPN<\/a>. This will allow you to tunnel your client computer to the virtual private cloud that your web servers are running in, and access the server running phpMyAdmin on the private IP as if you were another server. Of course, you\u2019ll need to configure your firewall settings to allow access from the OpenVPN server to the phpMyAdmin instance.<\/p>\n<h2 role=\"heading\" aria-level=\"2\"><span class=\"ez-toc-section\" id=\"Option_3_Secure_Apache_with_HTTPS_and_Basic_Auth\"><\/span>Option 3: Secure Apache with HTTPS and Basic Auth<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>If you really need to use public DNS and have your server accessible, you can use Basic authentication with Apache. This is simply another password in front of phpMyAdmin that prevents outsiders from making any requests to the phpMyAdmin application.\u00a0You can use this alongside the other options on this list, as it\u2019s just an extra layer of defense.<\/p>\n<p>Create a new password file with <code>htpasswd<\/code>, which should already be installed alongside Apache (if not, it\u2019s in <code>apache2-utils<\/code>):<\/p>\n<pre>sudo htpasswd \/etc\/apache2\/.htpasswd phpadmin<\/pre>\n<p>This lets you set a new password for the user <code>phpadmin<\/code>\u00a0and stores it in <code>\/etc\/apache2\/.htpasswd<\/code>.<\/p>\n<p>Open up <code>\/etc\/apache2\/conf-enabled\/phpmyadmin.conf<\/code>, and configure it to use Basic auth with the newly created password file:<\/p>\n<pre>AuthType Basic&#13;\nAuthName \"Restricted Content\"&#13;\nAuthUserFile \/etc\/apache2\/.htpasswd&#13;\nRequire valid-user<\/pre>\n<p>Restart Apache with:<\/p>\n<pre>sudo service apache2 restart<\/pre>\n<p>And when you try to access phpMyAdmin in your browser, you\u2019ll be asked for a username and password. Enter <code>phpadmin<\/code>\u00a0and the password you created, and you should be allowed access. Otherwise, all you\u2019ll see is a <code>401 Unauthorized<\/code>\u00a0response.\n<\/div>\n<blockquote><p><strong><span style=\"color: #ff6600;\">If you liked the article, do not forget to share it with your friends. Follow us on\u00a0<span style=\"color: #ff0000;\"><a style=\"color: #ff0000;\" href=\"https:\/\/news.google.com\/publications\/CAAqBwgKMLG0nwswvr63Aw\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Google News<\/a><\/span>\u00a0too, click on the star and choose us from your favorites.<\/span><\/strong><\/p><\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\">For forums sites go to <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/forum.buradabiliyorum.com\/\" target=\"_blank\" rel=\"noopener\">Forum.BuradaBiliyorum.Com<\/a><\/span><\/strong><\/p>\n<\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\"><strong>If you want to read more like this article, you can visit our <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/en.buradabiliyorum.com\/technology\/\" target=\"_blank\" rel=\"noopener\">Technology category.<\/a><\/span><\/strong><\/p>\n<\/blockquote>\n<p><span style=\"color: black;\"><a style=\"color: #ff9900;\" href=\"https:\/\/www.cloudsavvyit.com\/1370\/how-to-install-phpmyadmin-securely\/\" target=\"_blank\" rel=\"noopener\">Source<\/a><\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>&#8220;#How to Install phpMyAdmin Securely \u2013 CloudSavvy IT&#8221; phpMyAdmin is a great tool for managing a MySQL database, but putting access to your database behind a web interface is an major security problem. Here are a few ways to mitigate the risks involved with runing phpMyAdmin. Why Is phpMyAdmin a Security Problem? Usually, you\u2019d have&#8230;<\/p>\n","protected":false},"author":1,"featured_media":350485,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/www.cloudsavvyit.com\/p\/uploads\/2019\/08\/58f42558-1.png","fifu_image_alt":"","footnotes":""},"categories":[18],"tags":[],"class_list":["post-350484","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technology"],"_links":{"self":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/350484","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/comments?post=350484"}],"version-history":[{"count":0,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/350484\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media\/350485"}],"wp:attachment":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media?parent=350484"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/categories?post=350484"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/tags?post=350484"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}