How to Install and Secure phpMyAdmin on Ubuntu (Complete Guide)

phpMyAdmin is one of the most widely used open-source tools for managing MySQL and MariaDB databases through a browser-based graphical interface. Whether you're a developer, a systems administrator, or a website owner, it dramatically simplifies complex database operations — from running SQL queries to importing/exporting data — without requiring command-line expertise.

However, because phpMyAdmin is accessible via a public URL by default, leaving it unsecured is a serious risk. This comprehensive guide walks you through installing phpMyAdmin on Ubuntu 20.04/22.04, configuring it with Apache, and hardening it against unauthorized access using multiple security layers.

Table of Contents

1. Prerequisites
2. Step 1 — Update the System and Package Index
3. Step 2 — Install phpMyAdmin
4. Step 3 — Configure Apache for phpMyAdmin
5. Step 4 — Secure phpMyAdmin with HTTP Basic Authentication
6. Step 5 — Restrict Access by IP Address (Optional but Recommended)
7. Step 6 — Enable SSL to Encrypt Traffic
8. Step 7 — Access phpMyAdmin
9. Troubleshooting Common Issues
10. Conclusion

Prerequisites {#prerequisites}

Before you begin, make sure the following requirements are in place:

• A server running Ubuntu 20.04 or 22.04 (physical or virtual)
• MySQL or MariaDB installed and actively running
• Apache2 web server installed
• A user account with sudo privileges
• A domain name or static IP address pointing to your server
• (Recommended) A valid SSL certificate for encrypted HTTPS access

> Tip: If you don't yet have a server environment, consider AlexHost VPS Hosting — fully managed or unmanaged Linux VPS plans with instant provisioning, root access, and SSD storage, ideal for running phpMyAdmin securely.

Step 1 — Update the System and Package Index {#step-1}

Always start by refreshing your package lists and applying any pending system updates. This ensures you install the latest available version of phpMyAdmin and avoid dependency conflicts.

sudo apt update && sudo apt upgrade -y

Step 2 — Install phpMyAdmin {#step-2}

Install phpMyAdmin using the official Ubuntu APT repository:

sudo apt install phpmyadmin -y

During the installation, an interactive configuration wizard will appear. Follow these steps carefully:

2.1 — Choose a Web Server

You will be prompted to select a web server to configure automatically:

Please choose the web server that should be automatically configured to run phpMyAdmin.

  [*] apache2
  [ ] lighttpd

Use the spacebar to select apache2, then press Tab to highlight <Ok> and press Enter.

2.2 — Configure the Database with dbconfig-common

Next, you will be asked whether to configure a database for phpMyAdmin using dbconfig-common:

Configure database for phpmyadmin with dbconfig-common?

Select Yes. You will then be prompted to enter a MySQL application password for phpMyAdmin's internal database user. Either enter a strong password or leave it blank to have one generated automatically.

2.3 — Verify the Installation

After installation completes, confirm phpMyAdmin is installed:

dpkg -l phpmyadmin

You should see a line showing the installed package version.

Step 3 — Configure Apache for phpMyAdmin {#step-3}

In some Ubuntu configurations, the phpMyAdmin Apache configuration file is not automatically enabled. Check and enable it manually.

3.1 — Enable the phpMyAdmin Configuration

sudo ln -s /etc/phpmyadmin/apache.conf /etc/apache2/conf-available/phpmyadmin.conf
sudo a2enconf phpmyadmin

3.2 — Verify the Configuration File

Open the configuration file to review its contents:

sudo nano /etc/apache2/conf-available/phpmyadmin.conf

The file should contain the following directives (or similar):

Alias /phpmyadmin /usr/share/phpmyadmin

<Directory /usr/share/phpmyadmin>
    Options Indexes FollowSymLinks
    DirectoryIndex index.php

    <IfModule mod_authz_core.c>
        # Apache 2.4
        <RequireAny>
            Require all granted
        </RequireAny>
    </IfModule>
</Directory>

<Directory /usr/share/phpmyadmin/setup>
    <IfModule mod_authz_core.c>
        # Apache 2.4
        <RequireAny>
            Require all granted
        </RequireAny>
    </IfModule>
</Directory>

Save and close the file with CTRL+X, then Y, then Enter.

3.3 — Restart Apache

Apply the configuration changes:

sudo systemctl restart apache2

Verify Apache is running without errors:

sudo systemctl status apache2

Step 4 — Secure phpMyAdmin with HTTP Basic Authentication {#step-4}

By default, anyone who knows your server's IP address can reach the phpMyAdmin login page. Adding an HTTP Basic Authentication layer creates a second password gate before users even see the phpMyAdmin login form.

4.1 — Install apache2-utils

sudo apt install apache2-utils -y

4.2 — Create the Password File and User

Create a .htpasswd file and add your first administrative user. Replace your_admin_user with your chosen username:

sudo mkdir -p /etc/phpmyadmin
sudo htpasswd -c /etc/phpmyadmin/.htpasswd your_admin_user

You will be prompted to enter and confirm a password. To add additional users later (without the -c flag, which would overwrite the file):

sudo htpasswd /etc/phpmyadmin/.htpasswd another_user

4.3 — Update the phpMyAdmin Apache Configuration

Edit the phpMyAdmin configuration file to enforce authentication:

sudo nano /etc/apache2/conf-available/phpmyadmin.conf

Locate the <Directory /usr/share/phpmyadmin> block and add the following lines inside it:

<Directory /usr/share/phpmyadmin>
    Options Indexes FollowSymLinks
    DirectoryIndex index.php

    # HTTP Basic Authentication
    AuthType Basic
    AuthName "Restricted Access — Authorized Personnel Only"
    AuthUserFile /etc/phpmyadmin/.htpasswd
    Require valid-user

    <IfModule mod_authz_core.c>
        <RequireAny>
            Require valid-user
        </RequireAny>
    </IfModule>
</Directory>

Save and close the file.

4.4 — Restart Apache

sudo systemctl restart apache2

Now, navigating to /phpmyadmin will first prompt for the HTTP authentication credentials before displaying the phpMyAdmin login page.

Step 5 — Restrict Access by IP Address (Optional but Recommended) {#step-5}

For even stronger protection, restrict phpMyAdmin access to specific trusted IP addresses only. This is especially useful if you always access your server from a fixed IP (such as an office network or a VPN).

Edit the phpMyAdmin Apache configuration:

sudo nano /etc/apache2/conf-available/phpmyadmin.conf

Modify the <Directory> block to include IP-based restrictions:

<Directory /usr/share/phpmyadmin>
    Options Indexes FollowSymLinks
    DirectoryIndex index.php

    AuthType Basic
    AuthName "Restricted Access"
    AuthUserFile /etc/phpmyadmin/.htpasswd

    <RequireAll>
        Require valid-user
        Require ip 203.0.113.50
        # Add more trusted IPs below:
        # Require ip 198.51.100.0/24
    </RequireAll>
</Directory>

Replace 203.0.113.50 with your actual trusted IP address or subnet. Save the file and restart Apache:

sudo systemctl restart apache2

> Note: If your IP address changes frequently, consider using a VPN with a static IP, or rely on HTTP Basic Authentication alone combined with SSL.

Step 6 — Enable SSL to Encrypt Traffic {#step-6}

Sending database credentials over plain HTTP is a critical security risk. You should always access phpMyAdmin over HTTPS. There are two main approaches:

Option A — Use a Let's Encrypt SSL Certificate (Free)

If you have a domain name pointing to your server, install Certbot:

sudo apt install certbot python3-certbot-apache -y
sudo certbot --apache -d yourdomain.com

Certbot will automatically configure Apache to redirect HTTP to HTTPS and install a free, auto-renewing certificate.

Option B — Use a Commercial SSL Certificate

For production environments handling sensitive data, a commercially issued SSL certificate provides stronger trust signals and warranty protection. You can obtain trusted SSL certificates directly from AlexHost SSL Certificates, with options ranging from Domain Validation (DV) to Extended Validation (EV) certificates.

After installing your SSL certificate, ensure your phpMyAdmin URL uses https://:

https://yourdomain.com/phpmyadmin

Step 7 — Access phpMyAdmin {#step-7}

With installation and security measures in place, open your browser and navigate to:

https://your_server_ip_or_domain/phpmyadmin

You will encounter two authentication prompts in sequence:

1. HTTP Basic Authentication prompt — Enter the username and password you created with htpasswd
2. phpMyAdmin login page — Enter your MySQL/MariaDB username (e.g., root) and its password

Upon successful login, you will have full access to your MySQL databases through the phpMyAdmin graphical interface.

Troubleshooting Common Issues {#troubleshooting}

phpMyAdmin Returns a 404 Not Found Error

The Apache configuration may not be linked or enabled. Run:

sudo a2enconf phpmyadmin
sudo systemctl reload apache2

Also verify the symlink exists:

ls -la /etc/apache2/conf-available/phpmyadmin.conf

"Cannot Connect to MySQL Server" Error

Check that MySQL/MariaDB is running:

sudo systemctl status mysql
# or for MariaDB:
sudo systemctl status mariadb

If it's stopped, start it:

sudo systemctl start mysql

HTTP 500 Internal Server Error

This often indicates a PHP module is missing. Install required PHP extensions:

sudo apt install php-mbstring php-zip php-gd php-json php-curl -y
sudo systemctl restart apache2

Blank Page After Login

Clear your browser cache, or check Apache error logs for details:

sudo tail -f /var/log/apache2/error.log

Security Best Practices Summary

Before going live, review this security checklist:

Rename the phpMyAdmin URL (Bonus Hardening Step)

Changing the default /phpmyadmin URL path to something less predictable significantly reduces automated bot attacks. Edit the Apache configuration:

sudo nano /etc/apache2/conf-available/phpmyadmin.conf

Change:

Alias /phpmyadmin /usr/share/phpmyadmin

To something less obvious:

Alias /db-manager-2024 /usr/share/phpmyadmin

Restart Apache and update your bookmarks accordingly.

Conclusion {#conclusion}

Installing phpMyAdmin on Ubuntu is a straightforward process, but securing it properly is non-negotiable. By combining HTTP Basic Authentication, IP-based access restrictions, SSL encryption, and a custom URL alias, you create multiple overlapping layers of defense that protect your databases from unauthorized access and automated attacks.

To summarize what we covered:

• ✅ Installed phpMyAdmin via APT on Ubuntu 20.04/22.04
• ✅ Configured Apache to serve phpMyAdmin correctly
• ✅ Added HTTP Basic Authentication as a second security gate
• ✅ Restricted access by trusted IP addresses
• ✅ Enabled SSL/HTTPS to encrypt all traffic
• ✅ Applied bonus hardening by renaming the default URL

A secure phpMyAdmin setup is only as strong as the server it runs on. For a reliable, high-performance foundation, explore AlexHost Dedicated Servers for full hardware control, or AlexHost Shared Web Hosting for lightweight projects that need a managed environment. If you need a control panel to manage your server alongside phpMyAdmin, check out AlexHost VPS with cPanel for an all-in-one management experience.

Keep your system updated, monitor your access logs regularly, and revisit your security configuration whenever you upgrade phpMyAdmin or your Ubuntu version. A few minutes of proactive hardening today can prevent a catastrophic data breach tomorrow.