Okay in this tutorial, I’m going to cover a few basics of why it’s important to—or explain how to secure your PHPMyAdmin. It’s very important that you do that because your PHPMyAdmin gives access to MySQL database which holds an extremely large amount of information regarding your website’s content if you’re using that. Let me see, first we’re going to go to our XAMPP folder, this is for XAMPP users by the way and then we’re going to go to Apache, config, extra and then this file here. As you can see here, we’ve got the alias PHPMyAdmin. Now the problem comes with allow from all. This right here, read about aliases if you don’t understand how that works.
We want to change this to 127.0.0.1. And that’s going to limit access to this IP only. You can use a local area network address such as 192.68 and this would limit access to any computer in your home network. You don’t have to finish that out or you can finish that out if you want to but that should allow access for the main computer in your home network but I personally prefer to use this one and that way you have to actually be on your server’s computer to be able to access that and we’ll click file and save. Another way we can secure it too to add extra security is to go to our PHPMyAdmin and then we’re going to create a new txt document.
We’re going to call it HT access. Then we want to open HT access up and then we want to type in and you can enter anything here. I’ll just type authorized user then you will need to specify the path to the password file. I’ll look at that in just a minute. I’ve already created one but I’ll show you what it is. And then now we want to do file and save as. Then we want to do “.htaccess” and then we want to click save and it will close this out.
Now in the password file, as I stated was in C. You can see it right here and then I’m going to open this, open it and open it with notepad. As you can see, I’ve entered my username and then separated it with a colon by my password. Now I wouldn’t use this but this is just to give you an example and you take and save that the same way you would do your HT access file. Then what happens is, if I go to local host, PHPMyAdmin, I’m prompted for a password. So I enter my username and my password and then click okay and then you can actually have access to the PHP log in.
So now, we’re going to log in here and then review it. Now, using a secure password there is very crucial too but using a good strong root password is very crucial because the root account is going to have access to every one of your databases. So you would need to use that and you don’t ever use it for a database. So what I’ve done, I’ve created a new database for Word Press. I’m being prompted again. So I’ve got a Word Press database now and what I want to do. I’m setting up a Word Press blog per se. I’m not actually going to do it in this tutorial but what I want to do, I want to create a new user for that Word Press. I’ve already done it here but I’m going to create a user, let’s say my blog.
Then we’re going to use the local host and then the password. You can either enter another password or if you want a more secure option, you can use generate. And then you can take and save this. I usually like to save it in a txt document somewhere, just say a new txt document and I’ll take and paste that password in a txt document so that way whenever I need to go back in for future reference, I know where to find that password. But anyways, we’ll go back here and then once you generated a password, you just click copy and they’re automatically put in the two fields for you and then we don’t want to create a database for the user and we don’t want the user to have any global privileges. And you can set these if you want to but you can also cause problems by doing that. And then we’re going to click go.
Now that we’ve created a new password—I mean a new user, we need to go down and assign him privileges to the Word Press blog, to that database so we’re going to go down here and slack the Word Press database and then we’ll be taken to the privileges thing. What I usually do is click check all and then I uncheck all the administration modes. Then we click go. Now this user Word Press has—I mean my blog has access to the database Word Press. Now, I’ll show you what that looks like on the other side. We’re going to log out and I’ll log in with my blog and then that password. And we’ll click go.
As you can see, I have access to this database only. That’s just one, that’s just a random database that’s unimportant and I can't create no new databases. I’ll have no privileges and I only have access and rights to this one here. But even still, if somebody logs in under—if somebody did manage to hack your account, you my blog account and got in, they could do a lot of damage to your Word Press database and alter things and stuff like that so that’s why it’s always a good idea to use strong passwords and also a good idea to use new users for each different database that you create so that way, if they do happen to hack it, they can only have access to one. Now, let’s say for instance, you’ve already on your root account, you created a weak password. Like oh no, I’ve got a bad password.
Anybody could figure this out. What can you do? You can go in and easily change your password. And now I’m not sure which one of these. Either one, you would probably need to repeat it for both of them but you click on that and you’ll go down here and you’ll find change password. Now you can set a new password for this user. If you wanted to have it generate one for you, you can just go down here and copy that. And then you can just paste it here. Paste it twice and just click go. That’s going to set your new password for root and that way, that will make your root account more secure if you were using a crappy password before. But that pretty much concludes the security for PHPMyAdmin.
I’m going to make another video showing some of the reasons why, how sensitive the information in here is in your database is so check that out and we’ll see what having your database hacked would look like and what a hacker could possibly do or some of it anyway. So definitely check that out, thanks for watching.
Transcription by:
Scribe4you Transcription Services