phpMyAdmin is one of the most loved AND hated applications among server administrators for rather simple reasons. Firstly, it is widely loved because it makes SQL database administration so easy by way of a proper UI (user interface), but secondly it is widely hated because it is so often the target of hackers and other server exploit attempts!
For LittleBizzy clients, we have chosen NOT to include phpMyAdmin on any of our managed servers because of the various security risks, but more so because of the fact that our clients simply don’t need it as we only allow a single database per VPS server, and since there are plenty of free WordPress plugins these days that enable database administration.
Still, for the nerdy sysadmins out there who are running their own server, phpMyAdmin often comes in handy even as a temporary installation, e.g. when converting tables to
utf8mb4 encoding or to clean out unneeded tables.
So then, firstly, update your Ubuntu repositories and then install the phpMyAdmin package:
sudo apt-get update sudo apt-get install phpmyadmin
(Note: as Nginx is not a default server option for phpMyAdmin you will need to hit TAB (i.e. “skip”) when the installation prompt asks you whether you are running Apache or Lighttpd in order to skip to the next step. You must use the “root” MySQL user to begin the installation process. You should then enter the
dbconfig-common setup which will prompt you for a new database password exclusively for the “phpmyadmin” database that will be setup… make it strong!)
Next, create a symlink (shortcut) for phpMyAdmin in the root directory of your live website:
sudo ln -s /usr/share/phpmyadmin /home/example/www
Lastly, ensure that
mcrypt is properly enabled for PHP and restart your PHP-FPM instance:
sudo php5enmod mcrypt sudo service php5-fpm restart
At this point you should be able to access
http://server_ip_or_domain/phpmyadmin and see your phpMyAdmin installation on the frontend. Now, if this is a temporary installation for diagnostic purposes and you will be deleting it soon after, this should be good enough to use. However, if you are going to be keeping phpMyAdmin on your server for the long-term, I highly recommend you better secure it to greatly reduce the chance of hackers or bots trying to exploit it.
The quickest way to greatly improve security is to simply rename the symlink
/phpmyadmin to another name – something that is very difficult for humans or bots to guess. For example using a free strong phase generator you could rename your symlink to something like
/3489s39WqCMD7Ny using the shell commands below to rename, and then, verify existence:
cd /home/example/www sudo mv /home/example/www/phpmyadmin /home/example/www/3489s39WqCMD7Ny ls -l
To improve security even more, you could setup an “authentication gate” on your Nginx server block to force anyone trying to access phpMyAdmin to enter a server-level password before even viewing the phpMyAdmin login page.
Tags: database administration, MySQL, Nginx, PHP, phpMyAdmin, Server Administration, UbuntuLast modified: 10 Oct, 2015https://www.littlebizzy.com/?p=4093
"After being hosted on GoDaddy for years, I didn't realize how negatively it was impacting my search traffic. Soon after moving to LittleBizzy, my homepage went from page 3 on Google to #1 world-wide for my target market, and I also reached the top 3 on Google Maps, with no additional SEO work."Juliette S.
"Before moving to LittleBizzy, whenever our news website was featured on the Drudge Report, it often slowed to a crawl or even froze up during big traffic spikes. Now, that never happens anymore, and we've been able to focus on publishing more articles instead of worrying about our web hosting."Tony H.
"The research by Amazon is definitely true, because our slow WooCommerce store was bleeding sales. After LittleBizzy stabilized our performance and moved us closer to our target customers, we saw a measurable improvement in shopping cart checkouts, esp. during holidays... much better!"Mohammed H.
No contracts, free migration, and free SSL forever. What are you waiting for? Order Hosting Now.
WordPress Gossip, Technical SEO News, And Other Goodies.
Free. Unsubscribe anytime.