How to Restrict Access to phpMyAdmin with DirectAdmin

You may have seen attempts to locate and access your phpMyAdmin login URL in your webserver or domain access logs. You can limit these types of attacks by simply restricting access to your phpMyAdmin dashboard from the DirectAdmin panel. This functionality is not enabled by default but for additional security we recommend that you enable this on your server. Going forward you will be required to be logged into your DirectAdmin admin or user account before you will be able to access phpMyAdmin.

The DirectAdmin development team have recently introduced Single SignOn functionality to RoundCube and phpMyAdmin with the release of DirectAdmin 1.59.0. This is often referred to as Single SignOn, or SSO logins. This means that no password is needed for a user to login into these accounts and can be accessed directly from the DirectAdmin user dashboard which eliminates the need to have external access to phpMyAdmin anymore.

In order to set Single SignOn and restrict access to the phpMyAdmin dashboard simply follow these commands.

cd /usr/local/directadmin/
./directadmin set one_click_pma_login 1 restart
cd custombuild
./build update
./build set phpmyadmin_public no
./build phpmyadmin

If you try to access the phpMyAdmin dashboard directly using the its URL, for example,, DirectAdmin will display the error message Access to phpMyAdmin is only allowed from control panel and deny access.

How useful was this guide?

Click on a star to rate it!

Average rating / 5. Vote count:

Be the first to rate this guide.

We are sorry that this guide was not useful for you!

Help us to improve this guide!

Tell us how we can improve this guide?

By VPSBasics

This guide was written by the VPS Basics editorial team, led by Gilberto Van Roosen. They are a unique blend of people, dedicated to providing highly detailed, comprehensive and importantly easy to follow tutorials, written in plain English. They specialise in tutorials for managing Linux servers and its software.

Join the Conversation

Note: Your email address will not be published when posting a comment.

Note: All comments are held for moderation and are reviewed by our editorial team prior to approval.

VPSBasics uses Akismet anti-spam filters to reduce spam across our website. Our website is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. Learn how your data is processed.