A Beginner-Friendly Guide for Linux / Start Learning Linux Quickly...

How to Change and Secure Default PhpMyAdmin Login URL

Categories Security 9 Comments

By default, the login page of phpmyadmin is located at http://<ip address>/phpmyadmin. The first thing that you will want to do is changing that URL. This will not necessarily stop attackers from targeting your server, but will lower the risks of a successful break-in.

This is known as security through obscurity and while some people would argue that it is not a safe measure, it has been known to both discourage attackers and to prevent break-ins.

Note: Make sure you have working LAMP or LEMP setup with PhpMyAdmin installed on your system, if not, then follow Setup LAMP or LEMP with PhpMyAdmin.

To do it in Apache or Nginx Web servers, follow the instructions as explained below:

Change PhpMyAdmin Login Page in Apache

open /etc/httpd/conf.d/phpMyAdmin.conf if in CentOS or /etc/phpmyadmin/apache.conf in Debian and comment out the line(s) beginning with Alias.

------------ On CentOS/RHEL and Fedora ------------ 
# vi /etc/httpd/conf.d/phpMyAdmin.conf

------------ On Debian and Ubuntu ------------ 
# /etc/phpmyadmin/apache.conf

Then add a new one as follows:

# Alias /phpmyadmin /usr/share/phpmyadmin
Alias /my /usr/share/phpmyadmin
PhpMyAdmin Change Alias
PhpMyAdmin Change Alias

The above will allow us to access the phpmyadmin interface via http://<ip address>/my. Feel free to change the Alias above if you want to use another URL.

In the same file, make sure the Require all granted directive is included inside the Directory /usr/share/phpmyadmin block.

PhpMyAdmin Allow Access
PhpMyAdmin Allow Access

In addition, make sure Apache reads the phpmyadmin configuration in Debian/Ubuntu:

------------ On Debian and Ubuntu ------------ 
# echo "Include /etc/phpmyadmin/apache.conf" >> /etc/apache2/apache2.conf

Finally, restart Apache to apply changes and point your browser to http://<ip address>/my.

------------ On CentOS/RHEL and Fedora ------------ 
# systemctl restart httpd

------------ On Debian and Ubuntu ------------ 
# systemctl restart apache2

Change PhpMyAdmin Login Page in Nginx

On the Nginx web server, we just need to create a symbolic link of PhpMyAdmin installation files to our Nginx document root directory (i.e. /usr/share/nginx/html) by typing the following command:

# ln -s /usr/share/phpMyAdmin /usr/share/nginx/html
OR
# ln -s /usr/share/phpmyadmin /usr/share/nginx/html

Now we need to change the URL of our phpMyAdmin page, we simply need to rename the symbolic link as shown:

# cd /usr/share/nginx/html
# mv phpmyadmin my
OR
# mv phpMyAdmin my
Change PhpMyAdmin Url in Nginx
Change PhpMyAdmin Url in Nginx

Finally, restart Nginx and PHP-FPM to apply changes and point your browser to http://<ip address>/my.

------------ On CentOS/RHEL and Fedora ------------ 
# systemctl restart nginx
# systemctl restart php-fpm

------------ On Debian and Ubuntu ------------ 
# systemctl restart nginx
# systemctl restart php5-fpm

It should open the phpmyadmin interface (as shown in the image below), whereas http://<ip address>/phpmyadmin should result in a Not Found error page.

Secure PhpMyAdmin Login Page
Secure PhpMyAdmin Login Page

Do not login using the database root user’s credentials yet. You don’t want those credentials going through the wire in plain text, so in the next tip we will explain how to setup a self-signed certificate for PhpMyAdmin login page.

If you read this far, tweet to the author to show them you care. Tweet a thanks

Previous article:

How to Install Latest PhpMyAdmin in RHEL, CentOS & Fedora

Next article:

Deal: Become an Ethical Hacker with This 9-Courses Bonus Bundle (92% Off)
Photo of author
Gabriel Cánepa
Gabriel Cánepa is a GNU/Linux sysadmin and web developer from Villa Mercedes, San Luis, Argentina. He works for a worldwide leading consumer product company and takes great pleasure in using FOSS tools to increase productivity in all areas of his daily work.

Each tutorial at TecMint is created by a team of experienced Linux system administrators so that it meets our high-quality standards.

Join the TecMint Weekly Newsletter (More Than 156,129 Linux Enthusiasts Have Subscribed)
Was this article helpful? Please add a comment or buy me a coffee to show your appreciation.

Related Posts

9 thoughts on “How to Change and Secure Default PhpMyAdmin Login URL”

  1. changing the file helped me (centos + apache + nginx):

    /etc/nginx/vhosts-includes/phpmyadmin.conf

    all ways with 

    location /phpmyadmin

    chanded to newphpmyadmin/

    Reply

  3. Hey hi! Thanks for these articles.

    I had one issue: Using nginx, I had to rename /var/www/html/myphpadmin to /var/www/html/ before it worked.

    Cheers!

    Reply

  5. This is the best post I have found so far for securing PhpMyAdmin URL.

    However, after performing all the steps from “Change PhpMyAdmin Login Page in Nginx” – It takes me to a 404 page

    Then I tried to change ‘phpmyadmin‘ to ‘mynewurl‘ in following files:

     /etc/phpmyadmin/apache.conf
 /etc/nginx/conf.d/phpmyadmin.inc

    It seemed to kind work as the old Phpmyadmin URL now shows “Not Found” but the new URL taking me to a “Blank/White Page”. So, no luck.

    FYI, I am using VestaCp, Nginx, PHP-FPM.

    Any advise please.

    Reply

    • The tutorial includes an Apache version. (see the first guide).

      However, for Ubuntu 18. I would like to point out that changing the URL address has been made easy.

      Just navigate to /etc/phpmyadmin/apache.conf then change line 3 (Alias /phpmyadmin /usr/share/phpmyadmin) to Alias /NewURL /usr/share/phpmyadmin. Then restart apache2.

      Reply

Got something to say? Join the discussion.

Thank you for taking the time to share your thoughts with us. We appreciate your decision to leave a comment and value your contribution to the discussion. It's important to note that we moderate all comments in accordance with our comment policy to ensure a respectful and constructive conversation.

Rest assured that your email address will remain private and will not be published or shared with anyone. We prioritize the privacy and security of our users.