Installing And Securing phpmyadmin In Ubuntu Server 12.04/12.04.2

This post is important because phpmyadmin no longer just works after apt-get install, it requires additional steps to get working.
Aside from these changes, due to recent reports on phpmyadmin being exploited it’s important to secure it, you can do this in a couple of ways but I am going to assume you want access to it via web.

2 Parts

  1. Installation of phpmyadmin
  2. Securing the installation via htaccess
  3. Discussing more secure methods of accessing phpmyadmin


Lets begin the install muahahaha…


Enter root mode:

sudo bash



apt-get install phpmyadmin


Open Apache Config File

vim /etc/apache2/apache2.conf


Insert the following line at the very bottom of apache2.conf

Include /etc/phpmyadmin/apache.conf


Restart Apache server:

service apache2 restart


Securing phpmyadmin from public access to web panel…


Edit phpmyadmin’s apache configuration file:

vim /etc/phpmyadmin/apache.conf


Under the directory section (<Directory /usr/share/phpmyadmin>), add the line “AllowOverride All” under “Directory Index”:

        <Directory /usr/share/phpmyadmin>
        Options FollowSymLinks
        DirectoryIndex index.php
        AllowOverride All


create .htaccess file in phpmyadmin’s root directory:

vim /usr/share/phpmyadmin/.htaccess

Copy the following into the newly created .htaccess file:

AuthType Basic
AuthName "Restricted Files"
AuthUserFile /var/.htpasswd (make sure you set this path to a secure place outside your web root)
Require valid-user


Generate the password file where passwords will be stored for authentication/access to phpmyadmin root

htpasswd -c  /var/.htpasswd username (username should be your username, you will be asked for your password once you execute the command)


Restart Apache so updates can take effect:

service apache2 restart


If you want this to be more secure then I would suggest rethinking your server/network architecture…

  1. seperate your apache and mysql services into their own box
  2. only have apache server open on port 80 (public) and have it talk to your mysql server locally.
  3. if you need to change something in your database or need to access phpmyadmin I would vpn into your local network and access the mysql/phpmyadmin box.

If you have any questions or comments use the section below :)