Root access to phpMyAdmin

Prevent root logins to Databases

Another layer of Cyber Security protocol when hosting WordPress owners sites.  System administrators and owners may need to login to a particular database to do maintenance. There is never a need to be able to see all the databases at once. Mistakes can happen, and causing an failure in a single database is more easily restored.

Breaking them all at once as root could be a real headache.   More importantly, if the username/password were compromised for root then it wouldn’t be much trouble for a hacker to rifle all the data on all the sites. Bigger headache. We’ll discuss more hardening of the machine in a future post.

Each instance of the username & password for individual phpMyAdmin logins should be extremely unique and complicated. When creating a new install we highly recommend 12-14 characters and no, you would never expect to remember them. Just paste them in a notepad folder and provide a copy to your client if they are able and want to work in the DB.   Here’s a good combo (don’t use it) that would take much longer to penetrate, if ever. It’s exponentially wise to add numerical, upper/lower case and symbol characters.

Username: 8428k7u!QAf^[email protected]

Password: [email protected]$6

Now, how to prevent root logins to the databases.

SSH into your server and sudo/edit the file in folder (typical install) /etc/phpmyadmin/config.inc.php and search the string:

$cfg
[‘Servers’][/’Servers’]
[$i][/$i]
[‘auth_type’][/’auth_type’] = ‘cookie’;

Make sure the line above is un-commented. (delete the “//”)   Then add below that:

$cfg

[‘Servers’][/’Servers’]
[$i][/$i]
[‘AllowRoot’][/’AllowRoot’] = FALSE;

Save file – Ctrl X   Restart Nginx and php5-fpm   Congrats – You are done and far better off than before.

Share this:

Like this:

Like Loading...
By |2016-10-21T12:57:56+00:00July 31st, 2013|Cyber Security|

Share This Story, Choose Your Platform!

%d bloggers like this: