Lock down your phpMyAdmin access!

There are a couple of ways that I lock it down.. I won’t get into specifics because I don’t want you (or you!) trying to find it, but I can’t count the number of times I’ve seen an old phpMyAdmin install just sitting on someone’s server waiting for someone to type in the correct login and password and screw up your day. The following are a couple good-practice ways to lock it down so that you don’t have to lose sleep over wondering if someone’s going to get in easily.

Rename your phpmyadmin alias:
Edit: /etc/httpd/conf.d/phpmyadmin.conf

Look for:

1 2 3

Alias /phpmyadmin /usr/share/phpmyadmin Alias /phpMyAdmin /usr/share/phpmyadmin Alias phpMyadmin /usr/share/phpmyadmin

(or something like that… )

and change it to something like:

1	Alias /supersecret456 /usr/share/phpmyadmin

Restrict access to your known ip address:
Edit /etc/httpd/conf/phpmyadmin.conf

At the top of the file you’ll see something like:

1 2 3 4 5

<Directory "/usr/share/phpmyadmin">   Order Deny,Allow   Deny from all   Allow from 127.0.0.1 </Directory>

Modify it to only allow the ip addresses that you’ll connect from:

1 2 3 4 5 6 7

<Directory "/usr/share/phpmyadmin">   Order Deny,Allow   Deny from all   Allow from 127.0.0.1   Allow from 70.100.100.100   Allow from 70.200.200.200 </Directory>

Restart apache and test it out!

Reference: http://www.linuxbrigade.com/lock-down-your-phpmyadmin-access/