phpMyAdmin is a very useful and powerful web-based GUI administration and management tool for MySQL and MariaDB database system. So good that phpMyAdmin may become a security vulnerability if unauthorized people can gain access to the databases through phpMyAdmin.

One way to secure phpMyAdmin is to forbid the login using root account. Root account in MySQL and MariaDB has unrestricted privileges to access every databases and perform every functions in regards to the database system.

This tutorial guides you how to restrict login by root through phpMyAdmin.

  1. Login to the web server which is hosting the phpMyAdmin via SSH or physical console.
  2. Locate and change directory (CD) to the location where the scripts of phpMyAdmin are installed. For example, /var/www/html/phpmyadmin/ or /usr/share/phpmyadmin.
  3. Edit the phpMyAdmin configuration file, i.e. with editor such as vi or vim, and change the values of following parameters:
    $cfg['Servers'][$i]['AllowRoot'] = FALSE;

    Disable Root Login in phpMyAdmin

    If no file is found, create it by copying from file at the same location.
  4. Save the config and now root user will be rejected from logging in via phpMyAdmin.