One way to secure phpMyAdmin is to forbid the login using root account. Root account in MySQL and MariaDB has unrestricted privileges to access every databases and perform every functions in regards to the database system.
This tutorial guides you how to restrict login by root through phpMyAdmin.
- Login to the web server which is hosting the phpMyAdmin via SSH or physical console.
- Locate and change directory (CD) to the location where the scripts of phpMyAdmin are installed. For example, /var/www/html/phpmyadmin/ or /usr/share/phpmyadmin.
- Edit the phpMyAdmin configuration file, i.e. config.inc.php with editor such as vi or vim, and change the values of following parameters:
$cfg['Servers'][$i]['AllowRoot'] = FALSE;
- Save the config and now root user will be rejected from logging in via phpMyAdmin.