You may have seen attempts to locate and access your phpMyAdmin login URL in your webserver or domain access logs. You can limit these types of attacks by simply restricting access to your phpMyAdmin dashboard from the DirectAdmin panel. This functionality is not enabled by default but for additional security we recommend that you enable this on your server. Going forward you will be required to be logged into your DirectAdmin admin or user account before you will be able to access phpMyAdmin.

The DirectAdmin development team have recently introduced Single SignOn functionality to RoundCube and phpMyAdmin with the release of DirectAdmin 1.59.0. This is often referred to as Single SignOn, or SSO logins. This means that no password is needed for a user to login into these accounts and can be accessed directly from the DirectAdmin user dashboard which eliminates the need to have external access to phpMyAdmin anymore.

In order to set Single SignOn and restrict access to the phpMyAdmin dashboard simply follow these commands.

cd /usr/local/directadmin/
./directadmin set one_click_pma_login 1 restart
cd custombuild
./build update
./build set phpmyadmin_public no
./build phpmyadmin

If you try to access the phpMyAdmin dashboard directly using the its URL, for example, domain.com/phpMyAdmin, DirectAdmin will display the error message Access to phpMyAdmin is only allowed from control panel and deny access.