How to Install phpMyAdmin on Ubuntu

phpMyAdmin is a free, open-source application for managing MySQL and MariaDB relational databases.

Beginners and experienced database administrators use phpMyAdmin to interact with MySQL databases via a web-based, user-friendly GUI instead of manually entering commands into the terminal.

Learn how to install and secure phpMyAdmin on Ubuntu.

Prerequisites

22.04 or 24.04 installed.
A fully installed LAMP stack (Linux, Apache/Nginx, MySQL/MariaDB, PHP).
A user account with root or sudo privileges.
Access to a command line/terminal window.

Note: phpMyAdmin is a common target for cyberattacks. Connecting to a remote server and running phpMyAdmin over an unencrypted HTTP connection poses a security risk, as the data can be intercepted. For steps on setting up an encrypted connection using SSL/TLS certificates, please refer to our guide on SSL/TLS encryption.

Installing phpMyAdmin on Ubuntu

This guide assumes that you are installing phpMyAdmin on a system that is not publicly accessible over the internet, often referred to as a local system.

Follow the steps in the sections below to install phpMyAdmin on Ubuntu.

Step 1: Update the System

Access the command line and use the apt package manager to update the Ubuntu package repository and installed packages:

sudo apt update && sudo apt upgrade -y

Update Ubuntu package lists and update installed packages.

Allow the operation to finish before proceeding.

Step 2: Install phpMyAdmin

Follow the steps below to install phpMyAdmin:

1. Run the following command to install phpMyAdmin and its dependencies:

sudo apt install phpmyadmin -y

2. The installer prompts you to choose a web server to configure automatically. The apache2 option is already highlighted if the system uses Apache. Press Space to select apache2, then Tab to highlight Ok.

3. Press Enter to confirm the selection.

4. (Optional) phpMyAdmin requires a configured database to work. Select Yes and press Enter to set up a phpMyAdmin database using the dbconfig-common configuration package.

Using the dbconfig-common package to setup phpMyAdmin in Ubuntu.

Note: Advanced users can attempt to configure the database manually. Find more information about the dbconfig-common package on Debian's official website.

5. The installer creates a default user named phpmyadmin. Create a strong password for the user and press Enter.

Create a strong password for the phpmyadmin user.

Note: Leaving the field blank causes the system to generate a random password.

6. Re-enter the password and press Enter.

The default phpmyadmin user manages the phpMyAdmin database, which stores metadata and settings for bookmarks, history, logs, and other advanced features. This user should not be used for general database management tasks because it is restricted to the phpMyAdmin database.

Database administrators typically use the MySQL root user or another user with appropriate permissions.

Step 3: Create New MySQL Administrator Account

phpMyAdmin provides a web interface to MySQL, including a root user with full administrative privileges.

Ubuntu version 20.04 and newer use the auth_socket plugin for root authentication. This authentication method does not allow password-based login for root users and disrupts the standard way phpMyAdmin is used to access MySQL.

Ubuntu users must create a new MySQL user with administrative privileges or reconfigure an existing root user to enable password-based authentication.

To create a new phpMyAdmin user for accessing a MySQL database:

1 . Open the MySQL terminal and log in as the sudo (or root) user:

sudo mysql

The terminal prompt shows that the MySQL shell is active.

2. Use the following command to create a new user with a secure password:

CREATE USER '[user]'@'localhost' IDENTIFIED BY '[password]';

Replace [user] with a username of your choice and [password] with a strong password.

3. Assign appropriate privileges to the new user. For example, to allow a user to perform all operations on a specific database, run:

GRANT ALL PRIVILEGES ON [database_name].* TO '[user]'@'localhost';

Create a phpMyAdmin user and grant administrative privileges.

4. Flush all privileges:

FLUSH PRIVILEGES;

5. Exit the MySQL terminal:

EXIT;

Flush user privileges and exit the MySQL shell.

6. Open a browser and access the phpMyAdmin login page by entering:

localhost/phpmyadmin

192.168.0.1/phpmyadmin

www.yourdomain.com/phpmyadmin

7. The browser displays a screen welcoming you to phpMyAdmin. Enter the newly created username and password and click Go.

Enter phpMyAdmin URL and type the credentials to log in.

8. The browser loads the phpMyAdmin dashboard.

Step 4: Secure phpMyAdmin Instance

Two simple ways to enhance the security of your phpMyAdmin instance include:

Configuring the Apache .htaccess file.
Creating a URL alias for phpMyAdmin.

The sections below show how to do both.

Using .htaccess (Apache)

The .htaccess file can restrict access based on IP addresses or require users to enter an additional password before accessing the phpMyAdmin login page:

1. Use a text editor, like nano, to open and edit the phpMyAdmin Apache configuration file:

sudo nano /etc/apache2/conf-available/phpmyadmin.conf

2. Find the following two lines in the <Directory /usr/share/phpmyadmin> section:

Options SymLinksIfOwnerMatch
DirectoryIndex index.php

3. Append the following text below:

AllowOverride All

Allow Override All in Apache config file.

4. If using nano, press CTRL+X to initiate the exit process. Press y to confirm that you want to save the changes, followed by Enter to complete the save and exit.

5. Restart the Apache web server:

sudo systemctl restart apache2

6. Create a new .htaccess file within the phpMyAdmin directory:

sudo nano /usr/share/phpmyadmin/.htaccess

7. Add the following lines to the .htaccess file:

AuthType Basic

AuthName "Restricted Access"

AuthUserFile /etc/phpmyadmin/.htpasswd

Require valid-user

These commands instruct .htaccess to use basic authentication, where to find a list of valid users and restrict file access only to valid users.

8. Press CTRL+X, then y, followed by Enter to exit the file and save the changes.

9. The .htaccess file generates a prompt to enter valid credentials to access the phpMyAdmin directory. Use the following command to create the username and password for the .htaccess prompt:

sudo htpasswd -c /etc/phpmyadmin/.htpasswd [user]

Replace [user] with the username you want to use to access the phpMyAdmin directory.

The system asks to enter and confirm a password.

Enter and confirm .htaccess credentials.

10. (Optional) To add more users, utilize the same command without the -c flag:

sudo htpasswd /etc/phpmyadmin/.htpasswd [user]

Change URL (Apache or Nginx)

A URL alias makes the phpMyAdmin location less predictable, which can deter automated attacks.

To set up a URL alias for phpMyAdmin via the Apache web server, edit the phpmyadmin.conf file. On Ubuntu and Debian-based systems, the file is usually located in the /etc/apache2/conf-available/ directory.

To edit the phpmyadmin.conf file in Ubuntu:

1. Back up the existing configuration file:

sudo cp /etc/apache2/conf-available/phpmyadmin.conf /etc/apache2/conf-available/phpmyadmin.conf.backup

2. Open the phpmyadmin.conf file using nano:

sudo nano /etc/apache2/conf-available/phpmyadmin.conf

3. Find the line that starts with the word Alias:

Alias /phpmyadmin /usr/share/phpmyadmin

4. Change /phpmyadmin to an alias you want to use. For example, to change it to /secureadmin, modify the line to:

Alias /secureadmin /usr/share/phpmyadmin

Modify phpMyAdmin alias URL in Apache config file.

5. Press CTRL+X, then y, followed by Enter to exit the file and save the changes.

6. Reload the Apache web server to enable the new configuration:

sudo systemctl reload apache2

Step 5: Test htaccess Setup

To test the .htaccess setup and the URL alias:

1. Open a browser and visit the phpMyAdmin URL alias. In this example, the alias is /secureadmin:

http://localhost/secureadmin

2. The system prompts for the username and password specified in the .htaccess file. Enter the .htpasswd credentials to access the standard phpMyAdmin login page.

phpMyAdmin URL alias and .htaccess login.

3. Use the MySQL admin credentials created previously to access the phpMyAdmin dashboard.

Changing the URL is a form of security through obscurity, which is generally not robust. While it can deter the most basic automated attacks, it will not provide a solid layer of database security.

To improve phpMyAdmin security:

Limit the IPs that can access the phpMyAdmin installation.
Allow access to phpMyAdmin only over a VPN or an SSH tunnel.
Implement Two-Factor Authentication (2FA) to add an extra layer of security.
Do not show PHP errors or MySQL errors publicly. This could reveal sensitive information.
Keep track of access logs and set up alerts for suspicious activity.

Conclusion

You have successfully installed phpMyAdmin on Ubuntu and used Apache's built-in features to restrict access and secure phpMyAdmin directories.

Find out how to improve MySQL database performance and streamline database administration tasks using a MySQL commands cheat sheet.

Was this article helpful?

YesNo