phpMyAdmin is a great tool but it is also a large target by hackers. Take these initial steps to secure your phpMyAdmin install in Ubuntu Linux.
1. First we will setup an Apache login and password in order to load the phpmyadmin page.
This command creates an apache authenticated user (Example here creates a username admin, though perhaps you should choose a more unique username).
2. Edit /etc/apache2/conf.d/phpmyadmin.conf.
Change the default phpmyadmin url to something unique to avoid hits from script kiddies and scanners.
We will put this change as well as the info for apache authentication in the following file:
Change the alias line to something very unique. From this:
…to this for a random example:
Also in that same file (/etc/apache2/conf.d/phpmyadmin.conf), continue editing and put in your authentication info as follows in the Directory section:
Also add in this to the file which will require https:
The final edits for the file should look somewhat like this:
3. Save that file, and now restart apache.
Now visit your unique alias you specified. Once there, you will be prompted for a login and password before even getting to the phpmyadmin page, as well as being redirected to https:
Sweet!