How to Disable root Login Access to PhpMyAdmin

If you are planning on using phpmyadmin on a regular basis to manage your databases over the network (or worse, over the Internet!), you don’t want to use the root account. This is valid not only for phpmyadmin but also for any other web-based interface.

In /etc/phpmyadmin/, look for the following line and make sure the AllowRoot directive is set to FALSE:

$cfg['Servers'][$i]['AllowRoot'] = FALSE;
Disable Root Login in PhpMyAdmin

Disable Root Login in PhpMyAdmin

In Ubuntu/Debian, you need to add these two lines as shown:

/* Authentication type */
$cfg['Servers'][$i]['auth_type'] = 'cookie';
$cfg['Servers'][$i]['AllowRoot'] = false;

Save changes and restart Apache.

------------- On CentOS/RHEL Systems -------------
# systemctl restart httpd.service

------------- On Debian/Ubuntu Systems -------------
# systemctl restart apache2.service

Then follow the steps outlined in the above tips to get to the phpmyadmin login page (https://<ip address>/phpmyadmin) and Try to login as root:

Root Access Disabled in Phpmyadmin

Root Access Disabled in Phpmyadmin

Then connect to your MySQL / MariaDB database via the command prompt and, using root credentials, create as many accounts as needed to access one database each. In this case we will create an account named jdoe with password jdoespassword:

# mysql -u root -p
Enter password: 
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 24
Server version: 10.1.14-MariaDB MariaDB Server

Copyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB [(none)]> CREATE USER 'jdoe'@'localhost' IDENTIFIED BY 'jdoespassword';
Query OK, 0 rows affected (0.04 sec)

MariaDB [(none)]> GRANT ALL PRIVILEGES ON gestion.* to 'jdoe'@'localhost';
Query OK, 0 rows affected (0.00 sec)

Then let’s login using the above credentials. As you can see, this account only has access to only one database:

Enable PhpMyAdmin Access to User

Enable PhpMyAdmin Access to User

Congratulations! You have disabled root access to your phpmyadmin installation and can now use it to manage your databases.

I strongly recommend you to add an extra layer of security to your phpmyadmin installation with .htaccess password protection and setup HTTPS (SSL certificate) to avoid sending username and password in plain text format over network.

Best Affordable Linux and WordPress Services For Your Business
Outsource Your Linux and WordPress Project and Get it Promptly Completed Remotely and Delivered Online.

If You Appreciate What We Do Here On TecMint, You Should Consider:

  1. Stay Connected to: Twitter | Facebook | Google Plus
  2. Subscribe to our email updates: Sign Up Now
  3. Get your own self-hosted blog with a Free Domain at ($3.45/month).
  4. Become a Supporter - Make a contribution via PayPal
  5. Support us by purchasing our premium books in PDF format.
  6. Support us by taking our online Linux courses

We are thankful for your never ending support.

Gabriel Cánepa

Gabriel Cánepa is a GNU/Linux sysadmin and web developer from Villa Mercedes, San Luis, Argentina. He works for a worldwide leading consumer product company and takes great pleasure in using FOSS tools to increase productivity in all areas of his daily work.

Your name can also be listed here. Got a tip? Submit it here to become an TecMint author.

RedHat RHCE and RHCSA Certification Book
Linux Foundation LFCS and LFCE Certification Preparation Guide

You may also like...

2 Responses

  1. Daniel says:

    What if MySQL administrator account is not called root? I mean, it’s not like `root` if of any special meaning to mySQL.

  2. Chris says:

    This whole series is awesome, and a big help. I had inherited a set up with phpMyAdmin with every virtual host using root access to the databases, including my live site. What I did and would recommend is that if your site is being used while you’re taking these steps, create the users and their passwords first, test them, then update your php code to use the new usernames. Then when you put the bash on root access you don’t have to scramble to get the new connection code in place.

Got something to say? Join the discussion.

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.