How to Disable root Login Access to PhpMyAdmin?


PhpMyAdmin is a popular open-source tool used to manage MySQL databases. It provides a web interface that allows users to interact with the database through their web browser. One of the default login options for PhpMyAdmin is root login access, which grants a user full administrative privileges over the entire database system.

While root login access may be convenient for initial setup and configuration, it poses significant security risks. If an attacker gains access to your root credentials, they can cause irreparable damage to your database or steal sensitive information.

Explanation of Root Login Access

The root user account is created when you install MySQL on your server, and it has all administrative privileges by default. For example, if you log in as a root user in PhpMyAdmin, you have complete control over all databases and tables on the server. This level of access can be very dangerous because it allows anyone who knows the root password to make changes that could destroy data or compromise security.

Steps to Disable root Login Access to PhpMyAdmin

Step 1: Log in to PhpMyAdmin as the root user

The first step in disabling root login access to PhpMyAdmin is to log in as the root user. This requires accessing your server through a command line interface or terminal and using the appropriate command to connect. Once connected, you will need to navigate to the PhpMyAdmin application and enter your login credentials.

Step 2: Create a new user account with administrative privileges

After logging in as the root user, you'll need to create a new user account with administrative privileges. This can be done using the "User Accounts" page within PhpMyAdmin. Fill out all required fields, including username and password, and ensure that you grant administrative privileges during this process.

Step 3: Grant administrative privileges to the new user account

Next, you'll need to grant administrative privileges specifically for this new user account. Within "User Accounts", select the newly created account and click on "Edit Privileges". Here, you can select which specific actions this user account is authorized for; be sure that it includes complete access/privileges.

Step 4: Remove the root user's administrative privileges

Now that your new user has been granted full admin permissions, it's time to remove those same permissions from the root account entirely. The easiest way of doing this is simply by going back into "User Accounts", selecting your pre-existing root account, clicking on "Edit Privileges," then unchecking all of its checkboxes under "Global Permissions".

Step 5: Test the new user's access

With steps one through four now completed, it's important that you test out your newly created admin accounts' access before fully committing to it. You can do this by logging out of PhpMyAdmin entirely, then logging back in using the new admin user credentials you just created. If everything works as intended, you can now feel safe knowing that your database is much more secure and less vulnerable to malicious attacks.

Benefits of Disabling Root Login Access to PhpMyAdmin

Increased security for your database

Disabling root login access to PhpMyAdmin is a crucial step in ensuring the security of your database. The root user account has full administrative privileges, which means that anyone with access to it can modify, delete or even destroy entire databases.

By disabling root login access and creating a new user account with administrative privileges, you limit the number of people who can make such changes. This reduces the likelihood of data breaches or other malicious attacks.

Reduced risk of unauthorized access

The root user account is often shared among multiple users, which increases the risk of unauthorized access. Any user who has access to the root account can potentially view sensitive information or make unauthorized changes to your database. By disabling root login access and creating a new user account, you can restrict access only to authorized individuals who have been granted specific permissions.

Improved control over who can make changes

In addition to reducing the risk of unauthorized access and improving overall security, disabling root login access also provides improved control over who can make changes within your database. By granting administrative privileges only to specific users and limiting their level of access based on their role within your organization, you maintain greater control over what changes are made and when they are made.

Overall, disabling root login access is a key step in maintaining secure practices for your database management. It not only improves overall security but also provides improved control over who has the ability to make critical changes that could impact your organization's operations or reputation.

Additional Tips and Tricks

Best Practices for Password Management

A critical part of securing your database is managing user passwords effectively. The following are some best practices for password management: 1. Use strong passwords: A strong password should have at least 12 characters, including a mix of upper and lowercase letters, numbers, and symbols.

Avoid using easily guessable information such as dates of birth or common phrases. 2. Enable Two-Factor Authentication: Two-factor authentication adds an additional layer of security by requiring users to provide a second form of identification, such as a security code sent to their phone.

Limit Password Reuse: To avoid users reusing the same password across multiple accounts, set up policies that require them to create new passwords regularly. 4. Educate Users on Password Security: It's important to educate your users on good password security practices and the reasons why they're necessary.

Monitoring and Auditing Database Activity

Monitoring and auditing database activity can help you identify potential threats before they become a problem. The following are some ways to monitor your database activity −

  • Set up logging − Database logging enables you to track all activity within the database, including what changes were made and who made them.

  • Monitor User Accounts − Keep track of user accounts that have access to your database so that you can detect suspicious activity quickly.

  • Regularly Review Logs − Regularly reviewing logs will help you spot any unusual behavior or patterns so that you can investigate further if necessary.

  • Implement Automated Alerts − Set up automated alerts for any abnormal activities in your database; this way, you can respond quickly if suspicious activities occur.

Overall these tips will help ensure the safety of your data in PhpMyAdmin by disabling root login access while also implementing best practices for password management and monitoring user activity within the database itself.


In this article, we have gone over the steps necessary to disable root login access to PhpMyAdmin. This process involves creating a new user account with administrative privileges, granting those privileges to the new user, removing the administrative privileges from the root user, and testing the new user's access. By following these steps, you can ensure that your database is more secure and less susceptible to unauthorized access.

Updated on: 11-Jul-2023


Kickstart Your Career

Get certified by completing the course

Get Started