We live in a world where everybody wants to get ritch fast. I don’t mind when there is hard work involved. But ransomware is often the case. First it was trojan viruses, then emails and last few years it is with the database.
Now if you have your on server on Linode, Digitalocean or any other equivalent that floats your boat, and you use phpmyadmin here are a few steps to at least make it harder for attackers to bruteforce your phpmyadmin.
Copy the config file
sudo cp /etc/phpmyadmin/apache.conf /etc/apache2/conf-enabled/phpmyadmin.conf
And edit it
sudo nano /etc/apache2/conf-enabled/phpmyadmin.conf
enter following line just after “
sudo nano /usr/share/phpmyadmin/.htaccess
And enter this in the file
AuthType Basic Authname "Restricted files" AuthUserFile /etc/phpmyadmin/.htpasswd Require valid-user
After that install apache2-utils
sudo apt-get install apache2-utils. This will help you to generat the htpassword
sudo apt-get install apache2-utils
And now it’s time to generate your htpasswd
sudo htpasswd -c /etc/phpmyadmin/.htpasswd yourUserName
Replace yourUserName with whatever name you want, and type in the new password.
After that don’t forget to restart the apache2
sudo service apache2 restart
And that’s it. There is a lot more things that you could do like disableing the root access, changeing the phpmyadmin path, but that is for some other time.