
How to Install and Secure phpMyAdmin on Ubuntu 24
phpMyAdmin is a web-based administration tool for MySQL databases that’s practically essential for anyone working with database-driven applications. Installing it on Ubuntu 24 is straightforward, but securing it properly requires some extra steps that many developers skip. This guide walks you through the complete installation process, covers essential security configurations to prevent unauthorized access, and includes troubleshooting tips for common issues you’ll likely encounter along the way.
How phpMyAdmin Works
phpMyAdmin operates as a PHP application that sits between your web browser and MySQL server, translating user-friendly web interface actions into SQL commands. When you click “Create Database” or run a query through its interface, phpMyAdmin generates the corresponding SQL statements and executes them against your MySQL instance.
The tool consists of several core components:
- PHP scripts that handle database operations and generate the web interface
- Configuration files that define database connections and security settings
- A web server (Apache or Nginx) that serves the PHP application
- Authentication mechanisms that can integrate with MySQL users or use custom login systems
Since phpMyAdmin provides direct access to your database structure and data, it’s a prime target for attackers. Default installations often expose the application at predictable URLs like /phpmyadmin
, making them easy to discover and exploit.
Prerequisites and System Requirements
Before installing phpMyAdmin, ensure your Ubuntu 24 system meets these requirements:
Component | Minimum Version | Recommended | Notes |
---|---|---|---|
PHP | 7.2 | 8.1 or later | Requires mbstring, curl, and gd extensions |
MySQL/MariaDB | 5.5 | 8.0 / 10.5 | Older versions lack some features |
Web Server | Apache 2.2 / Nginx 1.10 | Apache 2.4 / Nginx 1.18 | Nginx requires PHP-FPM configuration |
RAM | 512MB | 2GB+ | More RAM improves large dataset handling |
Verify your current setup with these commands:
php --version
mysql --version
apache2 -v
# or for nginx
nginx -v
Step-by-Step Installation Guide
Start by updating your package list and installing the required components:
sudo apt update
sudo apt upgrade -y
sudo apt install apache2 mysql-server php php-mysql php-mbstring php-zip php-gd php-json php-curl -y
Install phpMyAdmin using the package manager:
sudo apt install phpmyadmin -y
During installation, you’ll encounter several configuration prompts:
- Select apache2 when asked which web server to configure
- Choose Yes when prompted to configure the database with dbconfig-common
- Enter a strong password for the phpMyAdmin MySQL user
Enable the required PHP extensions and restart Apache:
sudo phpenmod mbstring
sudo systemctl restart apache2
Create a symbolic link to make phpMyAdmin accessible via the web server:
sudo ln -s /usr/share/phpmyadmin /var/www/html/phpmyadmin
Test the installation by visiting http://your-server-ip/phpmyadmin
in your browser. You should see the phpMyAdmin login page.
Essential Security Configuration
The default phpMyAdmin installation is functional but insecure. Implement these security measures immediately:
Change the Default Access URL
Remove the predictable /phpmyadmin
path and create a custom alias:
sudo rm /var/www/html/phpmyadmin
sudo nano /etc/apache2/conf-available/phpmyadmin.conf
Add this configuration with your custom path:
Alias /secure-db-admin /usr/share/phpmyadmin
<Directory /usr/share/phpmyadmin>
Options SymLinksIfOwnerMatch
DirectoryIndex index.php
Require all granted
</Directory>
Enable the configuration and restart Apache:
sudo a2enconf phpmyadmin
sudo systemctl restart apache2
Configure IP-Based Access Control
Restrict access to specific IP addresses by modifying the directory configuration:
sudo nano /etc/apache2/conf-available/phpmyadmin.conf
Replace Require all granted
with:
Require ip 192.168.1.100
Require ip 203.0.113.0/24
Enable Additional Authentication Layer
Add Apache basic authentication as an extra security layer:
sudo htpasswd -c /etc/phpmyadmin/.htpasswd admin
Update the Apache configuration:
sudo nano /etc/apache2/conf-available/phpmyadmin.conf
Add authentication directives inside the Directory block:
<Directory /usr/share/phpmyadmin>
Options SymLinksIfOwnerMatch
DirectoryIndex index.php
AuthType Basic
AuthName "phpMyAdmin Access"
AuthUserFile /etc/phpmyadmin/.htpasswd
Require valid-user
Require ip 192.168.1.100
</Directory>
Configure phpMyAdmin Security Settings
Edit the main phpMyAdmin configuration file:
sudo nano /etc/phpmyadmin/config.inc.php
Add these security configurations after the existing settings:
// Hide server information
$cfg['ShowServerInfo'] = false;
$cfg['ShowPhpInfo'] = false;
$cfg['ShowChgPassword'] = false;
// Disable potentially dangerous features
$cfg['ShowSQL'] = false;
$cfg['Servers'][$i]['DisableIS'] = true;
// Force SSL (if SSL is configured)
$cfg['ForceSSL'] = true;
// Set session timeout (in seconds)
$cfg['LoginCookieValidity'] = 3600;
// Limit maximum rows displayed
$cfg['MaxRows'] = 100;
SSL Configuration
Enable SSL to encrypt data transmission between browsers and phpMyAdmin. Install Let’s Encrypt certificates:
sudo apt install certbot python3-certbot-apache -y
sudo certbot --apache -d your-domain.com
For self-signed certificates (development only):
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 \
-keyout /etc/ssl/private/apache-selfsigned.key \
-out /etc/ssl/certs/apache-selfsigned.crt
Create an SSL virtual host configuration:
sudo nano /etc/apache2/sites-available/phpmyadmin-ssl.conf
<VirtualHost *:443>
ServerName your-domain.com
DocumentRoot /var/www/html
SSLEngine on
SSLCertificateFile /etc/ssl/certs/apache-selfsigned.crt
SSLCertificateKeyFile /etc/ssl/private/apache-selfsigned.key
# Include phpMyAdmin configuration
Include /etc/apache2/conf-available/phpmyadmin.conf
</VirtualHost>
Enable SSL module and the new site:
sudo a2enmod ssl
sudo a2ensite phpmyadmin-ssl
sudo systemctl restart apache2
Performance Optimization
Optimize phpMyAdmin for better performance with large databases:
sudo nano /etc/phpmyadmin/config.inc.php
Add performance-related configurations:
// Increase memory limit for large imports
$cfg['MemoryLimit'] = '512M';
// Enable query caching
$cfg['CacheSize'] = 100000;
// Optimize for large tables
$cfg['MaxTableList'] = 250;
$cfg['LimitChars'] = 100;
// Enable compression
$cfg['CompressOnFly'] = true;
Adjust PHP settings for better performance:
sudo nano /etc/php/8.1/apache2/php.ini
Modify these values:
memory_limit = 512M
upload_max_filesize = 100M
post_max_size = 100M
max_execution_time = 300
max_input_time = 300
Common Issues and Troubleshooting
Here are solutions for frequently encountered problems:
403 Forbidden Error
This typically occurs due to incorrect Apache configuration or file permissions:
# Check Apache error logs
sudo tail -f /var/log/apache2/error.log
# Fix permissions
sudo chown -R www-data:www-data /usr/share/phpmyadmin
sudo chmod -R 755 /usr/share/phpmyadmin
Blank Page or PHP Errors
Enable PHP error reporting to diagnose issues:
sudo nano /etc/php/8.1/apache2/php.ini
Temporarily enable error display:
display_errors = On
error_reporting = E_ALL
Restart Apache and check for error messages:
sudo systemctl restart apache2
Database Connection Issues
Verify MySQL service status and user permissions:
sudo systemctl status mysql
mysql -u root -p
Check if the phpMyAdmin database user exists:
SELECT User, Host FROM mysql.user WHERE User = 'phpmyadmin';
Import/Export Timeouts
For large database operations, increase timeout values:
sudo nano /etc/phpmyadmin/config.inc.php
$cfg['ExecTimeLimit'] = 0;
$cfg['MemoryLimit'] = '1024M';
Alternative Database Management Tools
Consider these alternatives based on your specific needs:
Tool | Type | Best For | Key Features |
---|---|---|---|
Adminer | Web-based | Lightweight setups | Single PHP file, multiple DB support |
MySQL Workbench | Desktop | Development | Visual design, advanced modeling |
HeidiSQL | Desktop | Windows users | Lightweight, session management |
DBeaver | Desktop | Multi-database environments | Universal database tool |
Best Practices and Security Checklist
Follow this checklist to maintain a secure phpMyAdmin installation:
- Use non-standard URLs for phpMyAdmin access
- Implement IP whitelisting for administrative access
- Enable SSL/TLS encryption for all connections
- Add Apache basic authentication as a second layer
- Regularly update phpMyAdmin and all system packages
- Monitor access logs for suspicious activity
- Use strong passwords for all database accounts
- Disable root login via phpMyAdmin
- Set appropriate session timeouts
- Regularly backup your databases and configurations
Monitor your phpMyAdmin installation using log analysis:
# Monitor access attempts
sudo tail -f /var/log/apache2/access.log | grep phpmyadmin
# Check for failed authentication attempts
sudo grep "authentication failure" /var/log/apache2/error.log
Integration with Development Workflows
phpMyAdmin integrates well with various development setups. For containerized environments, consider using Docker Compose:
version: '3.8'
services:
mysql:
image: mysql:8.0
environment:
MYSQL_ROOT_PASSWORD: rootpassword
MYSQL_DATABASE: myapp
ports:
- "3306:3306"
phpmyadmin:
image: phpmyadmin/phpmyadmin:latest
environment:
PMA_HOST: mysql
PMA_PORT: 3306
PMA_USER: root
PMA_PASSWORD: rootpassword
ports:
- "8080:80"
depends_on:
- mysql
For production deployments on robust infrastructure, VPS hosting provides the flexibility to implement custom security configurations, while dedicated servers offer the performance needed for high-traffic database applications.
Regular maintenance includes updating packages, monitoring resource usage, and reviewing access logs. Set up automated backups and test your disaster recovery procedures to ensure business continuity.
For comprehensive documentation and advanced configuration options, refer to the official phpMyAdmin documentation and the MySQL reference manual for database-specific configurations.

This article incorporates information and material from various online sources. We acknowledge and appreciate the work of all original authors, publishers, and websites. While every effort has been made to appropriately credit the source material, any unintentional oversight or omission does not constitute a copyright infringement. All trademarks, logos, and images mentioned are the property of their respective owners. If you believe that any content used in this article infringes upon your copyright, please contact us immediately for review and prompt action.
This article is intended for informational and educational purposes only and does not infringe on the rights of the copyright owners. If any copyrighted material has been used without proper credit or in violation of copyright laws, it is unintentional and we will rectify it promptly upon notification. Please note that the republishing, redistribution, or reproduction of part or all of the contents in any form is prohibited without express written permission from the author and website owner. For permissions or further inquiries, please contact us.