Install and Password Protect phpMyAdmin on Ubuntu 17.04 / 17.10

This brief tutorial is going to show students and new users how to easily install phpMyAdmin and password protect its logon page. By default when you install phpMyAdmin it will allow anyone to sign on using the root account created from anywhere.

If you want to add additional protection, create a separate layer of authentication using Apache2 htpassword module. Doing this will only allow folks who are authenticated via Apache2 to continue to phpMyAdmin logon age.

This is a great way to filter out legitimate users verses those who want to access the site and cause trouble.

To setup phpMyAdmin with Apache2 password authentication, continue with the steps below:

Step 1: Install LAMP

First, understand that phpMyAdmin requires that you have a webserver, database servers and PHP to function. It works with Apache2, Nginx webservers and MySQL and MariaDB database servers and PHP.

For this post, we’re going to be using Apache2, MySQL/MariaDB and PHP or the LAMP stack on Ubuntu 17.04/17.10.

To install LAMP, read the post below:

Students Tutorial – Setup Ubuntu Linux with Apache2, MariaDB and PHP (LAMP)

Step 2: Install phpMyAdmin

After installing LAMP, run the commands below to install phpMyAdmin

sudo apt-get update
sudo apt-get install phpmyadmin

During the installation, you’ll be prompted to choose a webserver to use with phpMyAdmin. Apache2 should be the default.. hit the spacebar to select.. then the tab key and press enter to continue.

You should also be asked if you want to configure database for phpmyadmin with dbconfig-common,

select Yes.

You’ll then be prompted for the root password for MySQL/MariaDB. Type it to continue.

After the installation, you should be able to go to the server host name or IP followed by phpmyadmin/

phpmyadmin logon page on ubuntu

You should see the default login page for the app. Again, no extra security, anyone can just browse there and attempt to login.

Step 3: Add Apache2 Password Authentication

Now that phpMyAdmin is installed, open its main configuration file and make the highlighted changes below.

sudo nano /etc/apache2/conf-available/phpmyadmin.conf

Add the highlighted line below and save the file.

Directory /usr/share/phpmyadmin>
    Options FollowSymLinks
    DirectoryIndex index.php
    AllowOverride All
    . . .
    . . .

Restart Apache2 webserver

sudo systemctl reload apache2.service

Next, create a .htaccess file by running the commands below

sudo nano /usr/share/phpmyadmin/.htaccess

Then add the content below in the file and save

AuthType Basic
AuthName "Restricted Files"
AuthUserFile /etc/phpmyadmin/.htpasswd
Require valid-user

Next, run the commands below to install Apache2 utility to create htpasswd

sudo apt-get install apache2-utils

Finally, run the commands below to create an account for richard.

sudo htpasswd -c /etc/phpmyadmin/.htpasswd richard

You should be prompted to create a password.

Then next time you reload the page, you should see a prompt for a username and password.

That’s it! Now users should be authenticated twice to access phpMyAdmin.

Summary:

This post shows students and new users an easy way to install phpMyAdmin and add additional layer of protection when using Ubuntu.

It allows users to be authenticated twice before access is granted.

Enjoy!

You may also like the post below

Running Ubuntu 17.10 VMware Guest Machines