Marijan Gudelj

We live in a world where everybody wants to get ritch fast. I don’t mind when there is hard work involved. But ransomware is often the case. First it was trojan viruses, then emails and last few years it is with the database.

Now if you have your on server on Linode, Digitalocean or any other equivalent that floats your boat, and you use phpmyadmin here are a few steps to at least make it harder for attackers to bruteforce your phpmyadmin.

Copy the config file

sudo cp /etc/phpmyadmin/apache.conf /etc/apache2/conf-enabled/phpmyadmin.conf

And edit it

sudo nano /etc/apache2/conf-enabled/phpmyadmin.conf

enter following line just after “DirectoryIndex index.php“:

AllowOverride All

Edit .htaccess

sudo nano /usr/share/phpmyadmin/.htaccess

And enter this in the file

AuthType Basic
Authname "Restricted files"
AuthUserFile /etc/phpmyadmin/.htpasswd
Require valid-user

After that install apache2-utils

sudo apt-get install apache2-utils. This will help you to generat the htpassword
 sudo apt-get install apache2-utils 

And now it’s time to generate your htpasswd

sudo htpasswd -c /etc/phpmyadmin/.htpasswd yourUserName

Replace yourUserName with whatever name you want, and type in the new password.

After that don’t forget to restart the apache2

sudo service apache2 restart

And that’s it. There is a lot more things that you could do like disableing the root access, changeing the phpmyadmin path, but that is for some other time.