Securing phpMyAdmin

phpMyAdmin is secure for general usage in it’s default configuration. However additional steps can be taken to make it further secure.

Securing phpMyAdmin involves the following step.
1) Adding SSL support


1) Adding SSL support
NOTE: First, make sure you have configured Apache HTTP Server for SSL as explained here.
Open Apache HTTP Server‘s SSL configuration file httpd-ssl.conf. Add the following content to end of file.
• Replace with IP address of your machine.
• Replace with the URL you intend to access phpMyAdmin.


DocumentRoot "/usr/local/apache2/phpmyadmin"
ServerAdmin [email protected]
ErrorLog "/usr/local/apache2/logs/"
TransferLog "/usr/local/apache2/logs/"

<Directory "/usr/local/apache2/phpmyadmin">
AllowOverride AuthConfig Limit
Require all granted

<Directory "/usr/local/apache2/phpmyadmin/libraries">
Require all denied

<Directory "/usr/local/apache2/phpmyadmin/setup/lib">
Require all denied

<Directory "/usr/local/apache2/phpmyadmin/setup/frames">
Require all denied

SSLEngine on

SSLCertificateFile "/usr/local/apache2/conf/server.crt"
SSLCertificateKeyFile "/usr/local/apache2/conf/server.key"

<FilesMatch ".(shtml|phtml|php)$">
SSLOptions +StdEnvVars

BrowserMatch "MSIE [2-5]" 
nokeepalive ssl-unclean-shutdown 
downgrade-1.0 force-response-1.0

CustomLog "/usr/local/apache2/logs/" 
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x "%r" %b"


Save and close the file.

Restart the apache service gracefully.

# service apache graceful

Now we can access our phpMyAdmin installation over SSL using the following URL.

Suppose we want to forced SSL when using phpMyAdmin.
That is if we type in the address bar of web browser, it must get redirected to

Add the following line to the end of

$cfg['ForceSSL'] = true;

From now on, if we try to access phpMyAdmin via, it will be redirected to




After securing phpMyAdmin, it is recommended to view the following section.
Customizing phpMyAdmin