How to restrict access to your phpmyadmin



Went through the apache logs on my web-server and saw some access requests to my phpmyadmin page.

It's probably a good idea to restrict access to this web based sql admin interface (in case there is an exploit I don't want somebody to use it on this).

How to make phpmyadmin a bit more secure

sudo vi /etc/phpmyadmin/apache.conf or sudo nano /etc/phpmyadmin/apache.conf

Under "Alias /phpmyadmin /usr/share/phpmyadmin" add this:

Order Deny,Allow Deny from all Allow from 127.0.0.1 Allow from 192.168.0.0/24

This will let your vm access the /phpmyadmin part and also anything with an IP on the 192.168.0.0/24 network.

Also, up there in the alias where it first says /phpmyadmin - change this to something else like "Alias /youcannotguessthis /usr/share/phpmyadmin" and it will be a lot harder for automatic scanners to find it.

Here is some more information.