phpMyAdmin Installation and Security Settings on Ubuntu 22.04
What will you learn in this guide?
In this guide, on a server running Ubuntu 22.04
phpMyAdmin installation, MySQL user settings
and you will learn how to take additional security measures with Apache.
🧠 Technical Summary
Subject: Installing and securing phpMyAdmin
Problem: Need for web interface instead of command line
Steps: Setup → Authentication → Authorization → Security
What is phpMyAdmin?
phpMyAdmin allows you to manage MySQL databases via web browser.
It offers a visual management interface that is an alternative to the command line.
Security Warning
phpMyAdmin accesses the database directly.
Therefore without HTTPS should never be used.
If you do not have a domain name and an SSL certificate, HTTPS must be configured first.
Prerequisites
- Server with Ubuntu 22.04 installed
- User with authority
sudo - Apache, MySQL and PHP installed (LAMP)
- UFW firewall active
1. phpMyAdmin Installation
Update package list
sudo apt update
- This command updates system packages.
Install required packages
sudo apt install phpmyadmin php-mbstring php-zip php-gd php-json php-curl
- This command installs phpMyAdmin and necessary PHP extensions.
Selections during installation
-
Server: apache2
-
dbconfig-common: Yes
-
MySQL application password: A strong password
Validate Password Error Solution (If Necessary)
- Enter the MySQL console
sudo mysql
- Disable the password verification component
UNINSTALL COMPONENT "file://component_validate_password";
Sign out
exit
- Start the installation again:
sudo apt install phpmyadmin
- Reactivate the component after installation:
INSTALL COMPONENT "file://component_validate_password";
Apache and PHP Configuration
- Activate mbstring plugin
sudo phpenmod mbstring
- This command turns on multibyte character support.
Restart Apache
sudo systemctl restart apache2
2. MySQL Authentication Settings
- In Ubuntu, MySQL root user uses auth_socket by default.
- phpMyAdmin requires password authentication.
Connect to MySQL
sudo mysql
- Check available verification methods
SELECT user, plugin, host FROM mysql.user;
- Turn on password authentication for root
ALTER USER 'root'@'localhost'
IDENTIFIED WITH caching_sha2_password BY 'GucluBirParola';
- Mysql_native_password can be used if necessary.
Alternative: Custom MySQL User
- Create new user
CREATE USER 'dbadmin'@'localhost'
IDENTIFIED WITH mysql_native_password BY 'GucluBirParola';
Authorize
GRANT ALL PRIVILEGES ON *.* TO 'dbadmin'@'localhost' WITH GRANT OPTION;
- Log out
exit
- phpMyAdmin Access
Open the following address from the browser:
https://sunucu_adresi/phpmyadmin
- After Apache authentication, MySQL user information is requested.
3. Improving phpMyAdmin Security
- Edit Apache configuration
sudo nano /etc/apache2/conf-available/phpmyadmin.conf
- Add AllowOverride
<Directory /usr/share/phpmyadmin>
AllowOverride All
</Directory>
- Restart Apache
sudo systemctl restart apache2
Additional Security with .htaccess
- Create the file
sudo nano /usr/share/phpmyadmin/.htaccess
- Add content
AuthType Basic
AuthName "Restricted Access"
AuthUserFile /etc/phpmyadmin/.htpasswd
Require valid-user
- Creating an Apache User
- Create the password file
sudo htpasswd -c /etc/phpmyadmin/.htpasswd adminuser
Restart Apache
sudo systemctl restart apache2
- This action adds a second layer of security to phpMyAdmin.
Frequently Asked Questions (FAQ)
1. Is phpMyAdmin secure? Yes, it is secure if configured correctly.
2. Is HTTPS mandatory? Yes, highly recommended.
3. Should I log in with root? No, a special user should be preferred.
4. Is .htaccess really necessary? Yes, it significantly reduces the risk of attack.
Result
With this guide, you have got phpMyAdmin installed, authorized and secure on Ubuntu.
You can immediately configure your servers on the GenixNode infrastructure to perform database management safely.