{"id":16694,"date":"2026-05-18T14:04:00","date_gmt":"2026-05-18T14:04:00","guid":{"rendered":"https:\/\/greenwebpage.com\/community\/?p=16694"},"modified":"2026-05-18T14:04:06","modified_gmt":"2026-05-18T14:04:06","slug":"how-to-install-phpmyadmin-and-secure-it-on-almalinux-10","status":"publish","type":"post","link":"https:\/\/greenwebpage.com\/community\/how-to-install-phpmyadmin-and-secure-it-on-almalinux-10\/","title":{"rendered":"How to Install phpMyAdmin and Secure It on AlmaLinux 10: A Complete Step-by-Step Guide"},"content":{"rendered":"\n

phpMyAdmin is one of the most popular web-based database administration interfaces in the world, and one of the most common attack points on Linux servers. By scanning any server’s access logs, you will see bots constantly probing the server for \/phpmyadmin, \/pma, \/myadmin, and many other default phpMyAdmin paths that are known for being scanned by bots looking to exploit known CVEs, brute force, and credential stuffing.<\/p>\n\n\n\n

In this tutorial, you’ll install phpMyAdmin with the full LAMP stack<\/a> (Apache, MariaDB, PHP) on AlmaLinux 10, and apply all the essential security measures: change the default root directory, implement HTTP Basic authentication, restrict access by IP, set security headers, and tighten file permissions.<\/p>\n\n\n\n

<\/a>What is phpMyAdmin, and When Should You Use It?<\/strong><\/h2>\n\n\n\n

phpMyAdmin is an open-source PHP application that provides a Web interface for managing MySQL and MariaDB databases<\/a>. It provides the ability to create and modify databases, execute SQL queries, import and export data, manage users and permissions, and monitor the status of the databases, without needing to access the database with a command line.<\/p>\n\n\n\n

phpMyAdmin<\/a> is suitable for development environments, for staging servers, and production servers where the administrator requires occasional GUI access to the database. It is not a substitute for a good database management procedure, and it should not be stored permanently on a server that is openly accessible on the internet, unprotected by multiple layers of authentication.<\/p>\n\n\n\n

<\/a>How to Securely Install phpMyAdmin on AlmaLinux 10 with Apache and MariaDB<\/strong><\/h2>\n\n\n\n

To install and secure phpMyAdmin on AlmaLinux 10<\/a>, set up a LAMP stack, install EPEL\/Remi repositories to get the latest PHP packages, and configure Apache .htaccess rules. Installing and securing phpMyAdmin on AlmaLinux 10 contains real terminal output, file permissions, MariaDB user hardening, security headers, and a custom URL alias.<\/p>\n\n\n\n

Let’s try to install phpMyAdmin and secure it using AlmaLinux 10.<\/p>\n\n\n\n

<\/a>Step 1: Update AlmaLinux 10 and Install EPEL and Remi Repositories<\/strong><\/h3>\n\n\n\n

Before installing any software that is exposed to the Internet, always run the update system package index and apply pending security updates<\/a>:<\/p>\n\n\n\n

\n

sudo dnf update<\/p>\n<\/th><\/tr><\/thead><\/table><\/figure>\n\n\n\n

\"sudo<\/figure>\n\n\n\n

<\/p>\n\n\n\n

Installing the Apache web server and all the PHP modules that are needed by phpMyAdmin 5.2. x. For AlmaLinux 10, the EPEL and Remi repositories offer the latest PHP versions<\/a>. Enable them first:<\/p>\n\n\n\n

\n

sudo dnf install epel-release -y<\/p>\n

sudo dnf install https:\/\/rpms.remirepo.net\/enterprise\/remi-release-10.rpm -y<\/p>\n

sudo dnf module enable php:remi-8.3 -y<\/p>\n<\/th><\/tr><\/thead><\/table><\/figure>\n\n\n\n

\"sudo<\/figure>\n\n\n\n

<\/p>\n\n\n\n

Install Apache, then all of the necessary PHP extensions:<\/p>\n\n\n\n

\n

sudo dnf install httpd php php-mbstring php-zip php-gd php-json \\<\/p>\n

php-curl php-xml php-mysqlnd php-opcache php-mcrypt -y<\/p>\n<\/th><\/tr><\/thead><\/table><\/figure>\n\n\n\n

\"sudo<\/figure>\n\n\n\n

<\/p>\n\n\n\n

Check Apache and PHP versions:<\/p>\n\n\n\n

\n

httpd -v<\/p>\n

php -v<\/p>\n<\/th><\/tr><\/thead><\/table><\/figure>\n\n\n\n

\"httpd<\/figure>\n\n\n\n

<\/p>\n\n\n\n

Check that all of the necessary PHP modules are installed:<\/p>\n\n\n\n

\n

php -m | grep -E “mbstring|zip|gd|json|curl|xml|mysqli”<\/p>\n<\/th><\/tr><\/thead><\/table><\/figure>\n\n\n\n

\"php<\/figure>\n\n\n\n

<\/p>\n\n\n\n

<\/a>Step 2: Start and Enable Apache<\/strong><\/h3>\n\n\n\n

Start the Apache HTTP server<\/a>; make it auto-start when booting the system:<\/p>\n\n\n\n

\n

sudo systemctl enable httpd –now<\/p>\n

sudo systemctl status httpd<\/p>\n<\/th><\/tr><\/thead><\/table><\/figure>\n\n\n\n

\"sudo<\/figure>\n\n\n\n

<\/p>\n\n\n\n

Check to see if Apache is listening on port 80:<\/p>\n\n\n\n

\n

ss -tlnp | grep :80<\/p>\n<\/th><\/tr><\/thead><\/table><\/figure>\n\n\n\n

\"ss<\/figure>\n\n\n\n

<\/p>\n\n\n\n

<\/a>Step 3: Install MariaDB (If Not Already Installed)<\/strong><\/h3>\n\n\n\n

Install and secure MariaDB<\/a> on your AlmaLinux 10 server if you haven’t done so yet:<\/p>\n\n\n\n

\n

sudo dnf install mariadb-server mariadb -y<\/p>\n

sudo systemctl enable mariadb –now<\/p>\n

sudo mysql_secure_installation<\/p>\n<\/th><\/tr><\/thead><\/table><\/figure>\n\n\n\n

\"sudo<\/figure>\n\n\n\n

<\/p>\n\n\n\n

Check if MariaDB is running:<\/p>\n\n\n\n

\n

mariadb –version<\/p>\n<\/th><\/tr><\/thead><\/table><\/figure>\n\n\n\n

\"mariadb<\/figure>\n\n\n\n

<\/p>\n\n\n\n

To get more details about the MariaDB installation and all the hardening, please read our companion article on how to secure MariaDB on AlmaLinux 10.<\/p>\n\n\n\n

<\/a>Step 4: Install phpMyAdmin on AlmaLinux 10<\/strong><\/h3>\n\n\n\n

On AlmaLinux 10, you can install phpMyAdmin<\/a> from the EPEL repository. Install it with:<\/p>\n\n\n\n

\n

sudo dnf install phpmyadmin -y<\/p>\n<\/th><\/tr><\/thead><\/table><\/figure>\n\n\n\n

\"sudo<\/figure>\n\n\n\n

<\/p>\n\n\n\n

Check the version of phpMyAdmin that has been installed:<\/p>\n\n\n\n

\n

dnf info phpMyAdmin<\/p>\n<\/th><\/tr><\/thead><\/table><\/figure>\n\n\n\n

\"dnf<\/figure>\n\n\n\n

<\/p>\n\n\n\n

See if phpMyAdmin is installed in the install directory:<\/p>\n\n\n\n

\"phpMyAdmin<\/figure>\n\n\n\n

<\/p>\n\n\n\n

<\/a>Step 5: Review the Default Apache Configuration<\/strong><\/h3>\n\n\n\n

Allow the default config for a short time period only to see if phpMyAdmin can be accessed before hardening it:<\/p>\n\n\n\n

\n

sudo ln -sf \/etc\/phpmyadmin\/apache.conf \/etc\/httpd\/conf.d\/phpmyadmin.conf<\/p>\n

sudo systemctl reload httpd<\/p>\n<\/th><\/tr><\/thead><\/table><\/figure>\n\n\n\n

\"sudo<\/figure>\n\n\n\n

<\/p>\n\n\n\n

Test access:<\/p>\n\n\n\n

\n

curl -s -o \/dev\/null -w “%{http_code}” http:\/\/localhost\/phpmyadmin\/<\/p>\n<\/th><\/tr><\/thead><\/table><\/figure>\n\n\n\n

\"curl<\/figure>\n\n\n\n

<\/p>\n\n\n\n

As we have just established that phpMyAdmin works, we will now completely secure it.<\/p>\n\n\n\n

<\/a>Step 6: Change the Default URL Alias (Security Layer 1)<\/strong><\/h3>\n\n\n\n

The quickest return on investment for security is the ability to change the well-known phpMyAdmin URL to something random. This one change prevents almost all automated scanning bots<\/a>, as they only scan standard paths.<\/p>\n\n\n\n

Make a new Apache configuration file that is hardened:<\/p>\n\n\n\n

\n

sudo nano \/etc\/httpd\/conf.d\/phpmyadmin-secure.conf<\/p>\n<\/th><\/tr><\/thead><\/table><\/figure>\n\n\n\n

Include the following configuration, changing \/dbadmin_secure with your own random path:<\/p>\n\n\n\n

\n

# Custom URL alias \u2014 unpredictable path replaces \/phpmyadmin<\/p>\n

Alias \/dbadmin_secure \/usr\/share\/phpmyadmin<\/p>\n

<Directory \/usr\/share\/phpmyadmin><\/p>\n

Options SymLinksIfOwnerMatch<\/p>\n

DirectoryIndex index.php<\/p>\n

AllowOverride All<\/p>\n

# PHP 8+ settings<\/p>\n

<IfModule mod_php.c><\/p>\n

php_admin_value upload_tmp_dir \/var\/lib\/phpmyadmin\/tmp<\/p>\n

php_admin_value open_basedir \/usr\/share\/phpmyadmin\/:\/usr\/share\/doc\/phpmyadmin\/:\/etc\/phpmyadmin\/:\/var\/lib\/phpmyadmin\/:\/usr\/share\/php\/:\/usr\/share\/javascript\/<\/p>\n

<\/IfModule><\/p>\n

# HTTP Basic Authentication (configured in Step 7)<\/p>\n

AuthType Basic<\/p>\n

AuthName “Restricted Database Administration”<\/p>\n

AuthUserFile \/etc\/httpd\/.htpasswd-phpmyadmin<\/p>\n

Require valid-user<\/p>\n

# IP Restriction \u2014 uncomment and set your admin IP<\/p>\n

# Require ip 192.168.1.100<\/p>\n

<\/Directory><\/p>\n

# Block access to sensitive directories absolutely<\/p>\n

<Directory \/usr\/share\/phpmyadmin\/templates><\/p>\n

Require all denied<\/p>\n

<\/Directory><\/p>\n

<Directory \/usr\/share\/phpmyadmin\/libraries><\/p>\n

Require all denied<\/p>\n

<\/Directory><\/p>\n

<Directory \/usr\/share\/phpmyadmin\/setup><\/p>\n

Require all denied<\/p>\n

<\/Directory><\/p>\n<\/th><\/tr><\/thead><\/table><\/figure>\n\n\n\n

\"\/etc\/httpd\/conf.d\/phpmyadmin-secure.conf\"<\/figure>\n\n\n\n

<\/p>\n\n\n\n

Remove the default path to phpMyAdmin:<\/p>\n\n\n\n

\n

sudo rm -f \/etc\/httpd\/conf.d\/phpmyadmin.conf<\/p>\n<\/th><\/tr><\/thead><\/table><\/figure>\n\n\n\n

\"sudo<\/figure>\n\n\n\n

<\/p>\n\n\n\n

Enable the following Apache modules and then restart it:<\/p>\n\n\n\n

\n

sudo systemctl reload httpd<\/p>\n<\/th><\/tr><\/thead><\/table><\/figure>\n\n\n\n

\"sudo<\/figure>\n\n\n\n

<\/p>\n\n\n\n

<\/a>Step 7: Add HTTP Basic Authentication (Security Layer 2)<\/strong><\/h3>\n\n\n\n

HTTP Basic Authentication displays another login dialog before the normal phpMyAdmin login screen, giving the user a second chance to log in, even if your custom URL is discovered by brute force bots.<\/p>\n\n\n\n

Install the package httpd-tools that contains the htpasswd command:<\/p>\n\n\n\n

\n

sudo dnf install httpd-tools -y<\/p>\n<\/th><\/tr><\/thead><\/table><\/figure>\n\n\n\n

\"sudo<\/figure>\n\n\n\n

<\/p>\n\n\n\n

Use your admin username to create the password file:<\/p>\n\n\n\n

\n

sudo htpasswd -c \/etc\/httpd\/.htpasswd-phpmyadmin dbadmin<\/p>\n<\/th><\/tr><\/thead><\/table><\/figure>\n\n\n\n

\"sudo<\/figure>\n\n\n\n

<\/p>\n\n\n\n

You will be asked for a password and then confirm it. Use a strong, unique password different from your database password.<\/p>\n\n\n\n

Check if the password file has been properly created:<\/p>\n\n\n\n

\n

cat \/etc\/httpd\/.htpasswd-phpmyadmin<\/p>\n

ls -la \/etc\/httpd\/.htpasswd-phpmyadmin<\/p>\n<\/th><\/tr><\/thead><\/table><\/figure>\n\n\n\n

\"cat<\/figure>\n\n\n\n

<\/p>\n\n\n\n

The password is not stored anywhere on the server, as the plain-text password “Str0ngAdminP@ss!” is not stored, but rather the hash of it is.<\/p>\n\n\n\n

To use the authentication, reload Apache:<\/p>\n\n\n\n

\n

sudo systemctl reload httpd<\/p>\n<\/th><\/tr><\/thead><\/table><\/figure>\n\n\n\n

\"sudo<\/figure>\n\n\n\n

<\/p>\n\n\n\n

<\/a>Step 8: Test All Three URL Security Scenarios<\/strong><\/h3>\n\n\n\n

Test three different access scenarios using the security layers to ensure that they are functioning properly:<\/p>\n\n\n\n

A successful test should return 200 (access granted) when a new custom URL is used with the correct credentials.<\/p>\n\n\n\n

\n

curl -s -o \/dev\/null -w “%{http_code}” http:\/\/localhost\/phpmyadmin\/<\/p>\n<\/th><\/tr><\/thead><\/table><\/figure>\n\n\n\n

\"curl<\/figure>\n\n\n\n

<\/p>\n\n\n\n

Set up a new custom URL without credentials and ensure that it returns 403 (auth required).<\/p>\n\n\n\n

\n

curl -s -o \/dev\/null -w “%{http_code}” http:\/\/localhost\/dbadmin_secure\/<\/p>\n<\/th><\/tr><\/thead><\/table><\/figure>\n\n\n\n

\"curl<\/figure>\n\n\n\n

<\/p>\n\n\n\n

Test 3 should return 403 (auth required) if a new custom URL is used with the correct credentials.<\/p>\n\n\n\n

\n

curl -s -o \/dev\/null -w “%{http_code}” \\<\/p>\n

-u dbadmin:’Str0ngAdminP@ss!’ http:\/\/localhost\/dbadmin_secure\/<\/p>\n<\/th><\/tr><\/thead><\/table><\/figure>\n\n\n\n

\"curl<\/figure>\n\n\n\n

<\/p>\n\n\n\n

All three results show that the URL change and HTTP Basic authentication are all happening as expected, the old attack surface is removed, and the new one requires proper credentials to access.<\/p>\n\n\n\n

<\/a>Troubleshooting Common Issues on AlmaLinux 10<\/strong><\/h2>\n\n\n\n