How to install and secure phpMyAdmin on Centos 7

Introduction

phpMyAdmin is a free and open-source software written in PHP programming language to provide you the ability to take control of your MySQL database over the internet. phpMyAdmin supports a wide range of operations on MySQL and MariaDB using a very simple and elegant user interface while you still have the ability to directly execute any SQL statement. here are some of the main benefits of phpMyAdmin:

• Import data from CSV and SQL
• Administrating multiple servers
• Creating PDF graphics of the database layout
• Searching globally in a database or a subset of it
• working with different operating systems

We are assuming that you have root permission, otherwise, you may start commands with “sudo”.

 

Requirments

You need LAMP stack installed and configured if you don’t follow the instructions in the link below:

How to install LAMP (Apache, MySQL, PHP) stack on CentOS 7

Install phpMyAdmin

phpMyAdmin is not provided by the official repository, so you have to add “EPEL” repository in order to install the latest version.

Add EPEL repository

You can easily install EPEL using “yum”:

yum install epel-release

Installing the phpMyAdmin

Now you can install the phpMyAdmin package with the command below:

yum install phpmyadmin

After the installation is finished, you can start with phpMyadmin right away using the following address:

http://PUBLIC_IP_DOMAIN/phpmyadmin

Securing the phpMyAdmin

Installing phpMyAdmin allowing you to easily access your MySQL database over the internet which is really handy but it can be a security flaw if you don’t limit the access to it.

In the following sections, we are going to set up some of the most important security methods to prevent bots and attackers from targeting your database:

1. Disable root Login

In this section, we are going to forbid the root login from phpMyAdmin.(it’s recommended to disable your root login from MySQL as well)

Open your phpMyAdmin global configuration with your text editor:

nano /etc/phpMyAdmin/config.inc.php

Find the following line:

$cfg['Servers'][$i]['AllowRoot'] = TRUE;

and change it like below:

$cfg['Servers'][$i]['AllowRoot'] = FALSE;

Save and exit.

2. Change the Alias

You can make your phpMyAdmin run with another Alias so the attackers or bots can’t find your login page,

Open the “phpMyAdmin.conf” file with the command below:

nano /etc/httpd/conf.d/phpMyAdmin.conf

Find the following lines:

Alias /phpMyAdmin /usr/share/phpMyAdmin
Alias /phpmyadmin /usr/share/phpMyAdmin

Comment them both with “#”

#Alias /phpMyAdmin /usr/share/phpMyAdmin
#Alias /phpmyadmin /usr/share/phpMyAdmin

Then add the following line under the commented lines (Replace the red part with your preferred alias):

Alias /myownalias /usr/share/phpMyAdmin

Save and exit.

Restart Apache service to take effect:

systemctl restart httpd

Now your phpMyAdmin is accessible using:

http://PUBLIC_IP_DOMAIN/myownalias

3. Protect with HTTP authentication

The next security layer we want to add is a web server authentication prompt that a user should pass before seeing the phpMyAdmin login page.

This ability is provided by Apache itself, you just need to install “httpd-tools” with the command below:

yum install httpd-tools

Then open the “phpMyAdmin.conf” in your text editor:

nano /etc/httpd/conf.d/phpMyAdmin.conf

Add the red part within the “/usr/share/phpMyAdmin” directive like below:

<Directory /usr/share/phpMyAdmin/>
AllowOverride All
<IfModule mod_authz_core.c>
. . .
</Directory>

This will allow us to add some configuration in a file called “.htaccess”

Now you need to create the “.htaccess” file:

nano /usr/share/phpMyAdmin/.htaccess

Paste the following lines in the file then save and exit:

AuthType Basic
AuthName "Admin Login"
AuthUserFile /etc/httpd/pma_pass
Require valid-user

Next, we are going to create a password file for authentication with the command below:

htpasswd -c /etc/httpd/pma_pass username

Enter your preferred password upon prompt.

Finally, restart your Apache service with the command below to take effect:

systemctl restart httpd

 
For more information and news you can visit phpMyAdmin official website!