The PhpMyAdmin is a very popular web-based application to manage MySQL and MariaDB databases. The PhpMyAdmin has a default login URL which is http://localhost/phpmyadmin. But this default URL contains a security flaw which makes it a good target for potential attackers. We should change and secure the default PhpMyAdmin login URL to improve the security of our Linux operating system.
Let us discuss about the ways to change and secure the default login URL in this article. We will also explain the need to protect the important database resources from unauthorized access.
Why We Should Change the Default Login URL
Automated brute force assaults frequently use the default login URL such as “http://{our own IP address}/phpmyadmin” or “http://localhost/phpmyadmin”. This URL is easily found, and attackers attempt to acquire unauthorized access by guessing the login credentials repeatedly. This kind of attack can hack our database and unauthorized changes.
While it is not a stand-alone database security solution, it offers an extra layer of protection by making it more difficult for attackers to reach the login page.
By changing the login URL, we reduce the exposure of our system to automated attacks. This does not only discourage the attackers but also lowers the likelihood of a successful breach. So, by changing the default login, we can safeguard our valuable database resources.
How to Change and Secure the PhpMyAdmin Login URL
We should know how to change and secure the PhpMyAdmin login URL as it is an important step in protecting our MySQL or MariaDB databases. Changing it decreases risk while also adding a layer of protection.
Here are the steps to change and secure the default PhpMyAdmin login URL on our Linux operating system.
1. Change the Default Login URL in Apache
Let us see how to change and secure the default login URL in our Apache server.
- We need to open the PhpMyAdmin configuration file using any text editor located at “/etc/httpd/conf.d/phpMyAdmin.conf” or “/etc/phpmyadmin/apache.conf”.
- We have to find the lines that start with “Alias” and comment them out.
Output:
# phpMyAdmin default Apache configuration
Alias /phpmyadmin /usr/share/phpMyAdmin
** many more outputs **
- After that, we need to create a new login URL for PhpMyAdmin.
- We must make sure that the “require all granted” directive is included within the <Directory /usr/share/phpmyadmin> section of the same configuration file.
- Lastly, we need to ensure that Apache reads the PhpMyAdmin configuration. We need to type this line on our Linux terminal.
- After that, restart our Apache server so the changes can be applied.
2. Change the Default Login URL in Nginx
Let us see how to change and secure the default login URL in our Nginx server.
- Let us make a symbolic link to the PhpMyAdmin installation files in the Nginx document root directory.
- Then, we can rename the symbolic link to change the URL.
mv phpmyadmin ournewlink
- Lastly, we need to restart our Nginx to apply the changes that we made.
- We also need to restart PHP-FPM to apply the changes. After this step, we can access PhpMyAdmin using our new URL that we configured.
Conclusion
The process of changing and securing the default PhpMyAdmin login URL holds significance in the protection of MySQL and MariaDB databases. Our data is at danger since the default URL is not secure and this can be hacked by brute force attack. We may significantly lower the danger of unauthorized access and improved database security by executing these procedures and applying additional security measures. So, it is a good practice that before making any changes, we must back up our configuration files.