How To Install and Secure phpMyAdmin on Debian 9


You will need to setup your server with LAMP stack, follow the link to install LAMP Stack

Installing phpMyAdmin

apt update


root@vps:~#  apt update
Get:1 stretch/updates InRelease [94.3 kB]
Ign:2 stretch InRelease                        
Get:3 stretch-updates InRelease [91.0 kB]  

Install phpmyadmin

apt install phpmyadmin php-mbstring php-gettext


root@vps:~# apt install phpmyadmin php-mbstring php-gettext
Reading package lists... Done
Building dependency tree        
Reading state information... Done
The following additional packages will be installed:

We need to do is explicitly enable the mbstring PHP extension which is used to manage non-ASCII strings and convert strings to different encodings.

phpenmod mbstring

Restart Apache for your changes to be recognized:

systemctl restart apache2

Log in to the interface with the username as root and password you configured.


Securing Your phpMyAdmin Instance

vi /etc/apache2/conf-available/phpmyadmin.conf

Add the following information

<Directory /usr/share/phpmyadmin>
Options FollowSymLinks
DirectoryIndex index.php
AllowOverride All

Restart Apache:

systemctl restart apache2

You can create the necessary file and open it in your text editor with root privileges

vi /usr/share/phpmyadmin/.htaccess

Enter the following information:

AuthType Basic
AuthName "Restricted Files"
AuthUserFile /etc/phpmyadmin/.htpasswd
Require valid-user

You can now create this file and pass it an initial user with the htpasswd utility:

sudo htpasswd -c /etc/phpmyadmin/.htpasswd username

You will be prompted to enter a password for the above mentioned user.

If you want to enter an additional user, you need to do so without the -c flag,

htpasswd /etc/phpmyadmin/.htpasswd additionaluser

Now, when you access your phpMyAdmin subdirectory, you will be prompted for the additional account name and password that you just configured: