How to Restrict Access to phpMyAdmin with DirectAdmin

How to Restrict Access to phpMyAdmin with DirectAdmin

You may have seen attempts to locate and access your phpMyAdmin login URL in your webserver or domain access logs. You can limit these types of attacks by simply restricting access to your phpMyAdmin dashboard from the DirectAdmin panel. This functionality is not enabled by default but for additional security we recommend that you enable this on your server. Going forward you will be required to be logged into your DirectAdmin admin or user account before you will be able to access phpMyAdmin.

The DirectAdmin development team have recently introduced Single SignOn functionality to RoundCube and phpMyAdmin with the release of DirectAdmin 1.59.0. This is often referred to as Single SignOn, or SSO logins. This means that no password is needed for a user to login into these accounts and can be accessed directly from the DirectAdmin user dashboard which eliminates the need to have external access to phpMyAdmin anymore.

In order to set Single SignOn and restrict access to the phpMyAdmin dashboard simply follow these commands.

cd /usr/local/directadmin/
./directadmin set one_click_pma_login 1 restart
cd custombuild
./build update
./build set phpmyadmin_public no
./build phpmyadmin

If you try to access the phpMyAdmin dashboard directly using the its URL, for example, domain.com/phpMyAdmin, DirectAdmin will display the error message Access to phpMyAdmin is only allowed from control panel and deny access.

VPSBasics

VPSBasics

This guide was written by the VPS Basics editorial team, led by Gilberto Van Roosen. They are a unique blend of people who are dedicated to providing highly detailed, comprehensive and easy to follow tutorials, written in plain English. They specialise in tutorials for managing Linux servers, its software and WordPress.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.