PHPMyAdmin Installation and Security for Apache Server Ubuntu 20.04

PHPMyAdmin is a cool interface that helps to manage MySQL Databases easily. Following step by step article is going to help you to understand installation of PHPMyAdmin for Apache Server Ubuntu 20.04. Installation is not sufficient we have to implement security features as well.

Login to your Ubuntu 20.04 hosted at cloud hosting with your non root user name and password using Putty Software. (If you have no idea about it, then check second chapter of this tutorial list. All the chapter list is present below this article).

PHPMyAdmin Installation for Apache Server

Along with PHPMyAdmin we need php mbstring software to install. And updating ubuntu before installing any software is a good practice. So for this three job, we are going to use following single line command which will install the updates first, then will install the phpmyadmin software package and then it will install the php-mbstring as well.

test@tester:~$ sudo apt update && sudo apt install phpmyadmin php-mbstring

Couple of messages with yes or no option is going to appear. Press y and enter for all the next messages.

Then a dialogue box will appear with a message to select a web server.

Phpmyadmin install

Use space to put a star mark and tab button to navigate among various option.

Put star mark beside apache2 and then select ‘ok’ using tab button. Then press enter.

Then another dialogue box will appear. It will ask to configure database with db-config?

Phpmyadmin installation

Select yes and press enter.

Then another dialogue box will appear, it will ask to set mysql application password for phpmyadmin.

PHPMyAdmin Install Guide

You can ignore this. If you wont provide a password then system will generate a password. This password is internally used. If you want then you can create one. Your wish. Then press enter.

After few minutes of processing, finally PHPMyAdmin will be installed successfully.

If you type your IP address of your cloud hosting followed with phpmyadmin in the browser then you will see phpmyadmin login interface.

My IP Address of cloudhosting: 122:xxx:xxx:xx:09

URL: 122:xxx:xxx:xx:09/phpmyadmin

 

PHPMyAdmin

If you have set password for root user access then, you can login. I have suggested above to leave it blank. So if you have followed and left it blank, then system has generated a password for it. You can not login now.

In either case, we must have to create a user and assign root user privileges to it.

Create super User

Super user is just another user who has the power of root user. That means, this new user can create table, drop table, create database, or any power that a root user has.

To create super user, we need to navigate to MySQL command line interface using following command.

test@tester:~$ sudo mysql -u root -p

If you have set password for root user mysql application password, then it will ask to provide the password. And in above I have suggested to skip and if you have followed and skipped, then it wont ask for the password.

myql command line interface will appear.

Lets create a user using following mysql command.

mysql> CREATE USER ‘newuser’@’localhost’ IDENTIFIED WITH mysql_native_password BY ‘password_code’;

In the above code provide a user name in the place of newuser and provide a strong password in the place of password_code. Mark the single quote. Keep them. Then press enter.

If you do not see any error message then it means new user is successfully created.

This new user is just another user with no power. Lets assign root user power to this new user with following command.

mysql> GRANT ALL PRIVILEGES ON *.* TO ‘newuser’@’localhost’;

After the above command, press enter. If you do not see any error message, then you have successfully created a super user. Now if you login with your new user name and password then you can login to the phpmyadmin interface.

Once it is done, its time to get back to ubuntu linux terminal to execute one more task (PHPmyadmin security). Type exit and press enter.

(It will exit mysql command line interface and navigate back to ubuntu terminal).

PHPMyAdmin Security

So far we have successfully installed PHPMyAdmin. There is a security risk factor is lying. And that is, the URL path to phpmyadmin.Because it is unique. Irrespective of the website, if phpmyadmin is installed then that phpmyadmin is accessed through the website url followed by phpmyadmin.

example: https://www.examplesite.com/phpmyadmin

Therefore it would be easy target for hackers to target phpmyadmin of a website. So we must have to hide the phpmyadmin path.

In simple words, instead of phpmyadmin, I can set mydatabaseadmin or mysiteadminpanel etc. to access my phpmyadmin.

Lets say, instead of phpmyadmin, I want to set the path mydatabaseadmin to access my phpmyadmin.

Therefore, if my website is https://www.examplesite.com then the complete url to access phpmyadmin would become https://www.examplesite.com/mydatabaseadmin

Lets see how can we achieve this.

To achieve this result, we required to edit the phpmyadmin.conf file.

Location of phpmyadmin.conf file

There is top level directory: etc

Inside etc, there is a directory: apache2

Inside apache2, there is a directory: conf-available

Inside conf-available, this file phpmyadmin.conf is present.

To edit this file, we are going to use nano editor.

test@tester:~$ sudo nano /etc/apache2/conf-available/phpmyadmin.conf

The mentioned conf file will open in the nano editor.

Find the line (It must be first or second line in the file) which is similar to below one

Alias /phpmyadmin /usr/share/phpmyadmin

Change the above line to

Alias /mydatabaseadmin /usr/share/phpmyadmin

Then save the file. To save the file press ctrl+x. Small box at the bottom appear which would ask for confirmation to save the file. Press ‘Y’ and then enter. The file is saved and navigated back to the terminal.

But here job is not over yet. We need to reload the apache server to take effect the changes, and for this use below command.

test@tester:~$ sudo service apache2 reload

It wont take more than one second to restart. If you visit your phpmyadmin with the phpmyadmin url along with your website url, then you will see an error message. To access your phpmyadmin, you have to use the path that you have added to the phpmyadmin conf file.

In my case I have set mydatabaseadmin as the path to the phpmyadmin.

So the url will be: https://www.example.com/mydatabaseadmin

Conclusion

I hope you have understood how to install PHPMyAdmin and implement PHPMyAdmin security for Apache Server in Ubuntu 20.04.