I recently launched a WordPress website using Google Cloud’s Click to Deploy for a client and during that process phpMyAdmin is installed. Since this will allow full control of all of your MySQL database data, one thing that should be done immediately is to lock down phpMyAdmin so access is restricted and attackers cannot even attempt to gain access to all of the data that drives your website. The first step in locking down access is to restrict access to the login page by IP Address as shown in the below steps.
Restrict Access to phpMyAdmin Via IP Address
Locking down access to phpMyAdmin on a new Google Cloud Click to Deploy WordPress instance is easy and should be completed immediately after deployment. Google will add the latest software and a configuration file named phpmyadmin.conf to your Apache web server configuration files. Follow the below steps to restrict access to your phpMyAdmin web interface.
Verify Primary IP Address
To get ready to make a change to Apache you first need to ensure the primary IP address from which you will be accessing the phpMyAdmin web page. This can be done many ways such as visiting a website from your desktop that returns the public IP address of the computer you are currently working from. In this example we will use a fake internal IP address, but please keep in mind this needs to be your public IP address and not the one used in this example.
SSH to New Google Click to Deploy WordPress Website
Now connect via SSH to the new WordPress website you have just launched using Google’s Click to Deploy service. You can also follow these steps on any WordPress website running on Linux, but the primary goal here is to make those who were able to one click deploy a WordPress website using Click to Deploy familiar with steps necessary to secure the launch of that website.
Edit Apache Configuration File
The WordPress website you have launched using Google Cloud’s Click to Deploy will have a Apache configuration file at the following location.
- alex@google-click-to-deploy-wordpress-vm:~$ sudo vi /etc/apache2/conf-enabled/phpmyadmin.conf
Doing this will open the Apache configuration file in vi and allow you to make the necessary addition to the top of the file to restrict access to the phpMyAdmin web interface.
Add Following Configuration Lines to conf File
Add the following four lines after the Directory tag, which is <Directory /usr/share/phpmyadmin> on Google Click to Deploy WordPress, that specifies the directory from which the phpMyAdmin configuration page is served by Apache.
- #Restrict phpMyAdmin via IP address
- Order Deny,Allow
- Deny from All
- Allow from 10.1.1.10
The first line in the configuration addition above is just to note what the lines below mean. The following three lines deny access to all except for the specified IP address of 10.1.1.10, which should be changed to your IP address.
The four configuration lines should now display right under the directory tag as shown below.
- <Directory /usr/share/phpmyadmin>
- #Restrict phpMyAdmin via IP address
- Order Deny,Allow
- Deny from All
- Allow from 10.1.1.10
Restart Apache Web Server
Now that you have modified the phpmyadmin.conf file you will need to restart the Apache web server before the changes will take effect. To do so issue the below command from the CLI of the Linux web server where WordPress is installed.
- alex@google-click-to-deploy-wordpress-vm:~$ sudo /etc/init.d/apache2 restart
- [ ok ] Restarting apache2 (via systemctl): apache2.service.
- alex@google-click-to-deploy-wordpress-vm:~$
Access to the phpMyAdmin web interface should now be restricted to a single IP address.
Click here to learn more about phpMyAdmin or click here for more phpMyAdmin articles.
| | | | |