In phpMyAdmin prior to version 4.6.0, the ForceSSL configuration directive can be used to force user to use HTTPS secure connection while accessing phpMyAdmin. With ForceSSL enabled as true in config.inc.php (the line of $cfg[‘ForceSSL’] = true;), all unsecure HTTP connections will automatically redirect to HTTPS connection by phpMyAdmin, significantly increase the security of the web app which is used to manage the administration of MySQL or MariaDB databases through web browser GUI.
Unfortunately, ForceSSL configuration directive has been deprecated and removed beginning from phpMyAdmin version 4.6.0. Instead, phpMyAdmin developers favor proper web server configuration which enforces HTTPS connection to phpMyAdmin and redirects all unsecured HTTP requests to secured HTTPS requests. It’s believe that web server can do the task better, more efficiently, properly and securely.
As a workaround and alternative to ForceSSL directive, it’s possible to create a .htaccess file inside the phpMyAdmin directory to achieve the same aim, i.e. redirect all HTTP to HTTPS when accessing phpMyAdmin. Note that this workaround depends on availability of rule-based rewriting engine of web server, such as mod_rewrite of Apache HTTPD server, which must be installed and loaded.
This tutorial assumes that you’re using Apache HTTPD web server. If you’re using another web server, such as Nginx or Lighttpd, convert the rewrite rules accordingly.
To automatically redirect HTTP access to phpMyAdmin to HTTPS as with done by ForceSSL directive, create a file named .htaccess inside phpMyAdmin installation directory. Then, insert the following content:
RewriteEngine On RewriteCond %{HTTPS} off RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
Save the file, and the redirection and forcing of SSL connection for phpMyAdmin takes effect immediately.