phpMyAdmin is one of the most loved AND hated applications among server administrators for rather simple reasons. Firstly, it is widely loved because it makes SQL database administration so easy by way of a proper UI (user interface), but secondly it is widely hated because it is so often the target of hackers and other server exploit attempts!
For LittleBizzy clients, we have chosen NOT to include phpMyAdmin on any of our managed servers because of the various security risks, but more so because of the fact that our clients simply don’t need it as we only allow a single database per VPS server, and since there are plenty of free WordPress plugins these days that enable database administration.
Still, for the nerdy sysadmins out there who are running their own server, phpMyAdmin often comes in handy even as a temporary installation, e.g. when converting tables to
utf8mb4 encoding or to clean out unneeded tables.
So then, firstly, update your Ubuntu repositories and then install the phpMyAdmin package:
sudo apt-get update sudo apt-get install phpmyadmin
(Note: as Nginx is not a default server option for phpMyAdmin you will need to hit TAB (i.e. “skip”) when the installation prompt asks you whether you are running Apache or Lighttpd in order to skip to the next step. You must use the “root” MySQL user to begin the installation process. You should then enter the
dbconfig-common setup which will prompt you for a new database password exclusively for the “phpmyadmin” database that will be setup… make it strong!)
Next, create a symlink (shortcut) for phpMyAdmin in the root directory of your live website:
sudo ln -s /usr/share/phpmyadmin /home/example/www
Lastly, ensure that
mcrypt is properly enabled for PHP and restart your PHP-FPM instance:
sudo php5enmod mcrypt sudo service php5-fpm restart
At this point you should be able to access
http://server_ip_or_domain/phpmyadmin and see your phpMyAdmin installation on the frontend. Now, if this is a temporary installation for diagnostic purposes and you will be deleting it soon after, this should be good enough to use. However, if you are going to be keeping phpMyAdmin on your server for the long-term, I highly recommend you better secure it to greatly reduce the chance of hackers or bots trying to exploit it.
The quickest way to greatly improve security is to simply rename the symlink
/phpmyadmin to another name – something that is very difficult for humans or bots to guess. For example using a free strong phase generator you could rename your symlink to something like
/3489s39WqCMD7Ny using the shell commands below to rename, and then, verify existence:
cd /home/example/www sudo mv /home/example/www/phpmyadmin /home/example/www/3489s39WqCMD7Ny ls -l
To improve security even more, you could setup an “authentication gate” on your Nginx server block to force anyone trying to access phpMyAdmin to enter a server-level password before even viewing the phpMyAdmin login page.