phpMyAdmin is a browser-based MySQL and MariaDB administration tool. It provides a graphical interface for managing databases, running SQL queries, importing/exporting data, and managing users — all without the command line. This guide installs and secures phpMyAdmin on Ubuntu 26.04 LTS.

Tested and valid on:

  • Ubuntu 26.04 LTS

Prerequisites

  • Ubuntu 26.04 LTS with Apache and PHP 8.4 installed
  • MySQL 9 or MariaDB 11 running
  • A user with sudo privileges

Step 1 – Install phpMyAdmin

sudo apt update
sudo apt install phpmyadmin php8.4-mbstring php8.4-zip php8.4-gd php8.4-curl -y

During installation: select apache2, then Yes to configure with dbconfig-common.

Step 2 – Enable the mbstring Extension

sudo phpenmod mbstring
sudo systemctl restart apache2

Step 3 – Secure phpMyAdmin — Add a Password Layer

Add Apache authentication in front of phpMyAdmin:

sudo nano /etc/apache2/conf-available/phpmyadmin.conf

Inside the <Directory /usr/share/phpmyadmin> block add:

AllowOverride All
sudo nano /usr/share/phpmyadmin/.htaccess

Add:

AuthType Basic
AuthName "Restricted Files"
AuthUserFile /etc/phpmyadmin/.htpasswd
Require valid-user

Step 4 – Create the .htpasswd File

sudo htpasswd -c /etc/phpmyadmin/.htpasswd adminuser

Enter and confirm a password.

Step 5 – Reload Apache

sudo systemctl reload apache2

Step 6 – Access phpMyAdmin

Visit https://your_domain/phpmyadmin. You will be prompted for the htpasswd credentials first, then the MySQL login.

Step 7 – Create a Dedicated MySQL User

Avoid logging in as root. Create a dedicated admin user:

sudo mysql
CREATE USER 'pmauser'@'localhost' IDENTIFIED BY 'StrongPMAPass!';
GRANT ALL PRIVILEGES ON *.* TO 'pmauser'@'localhost' WITH GRANT OPTION;
FLUSH PRIVILEGES;
exit

Conclusion

phpMyAdmin is now installed and secured behind two authentication layers on Ubuntu 26.04 LTS. Never expose phpMyAdmin directly to the internet without a password layer — it is a common attack target.