Download the latest version of phpMyAdmin 4 from the phpMyAdmin Downloads page.
phpmyadmin downloads come in two flavors: "-english" that has one language pack, and "-all-languages" which can switch the user-interface between multiple languages. Also you should probably get the zipped version, as on Windows it's easier to work with ZIP files.
Extract and place phpMyAdmin into localhost's DocumentRoot folder. Then rename the folder "phpMyAdmin-4.x.x-language" as "phpmyadmin".
Standard localhost DocumentRoot paths:
If using WampDeveloper Pro, you now should have phpMyAdmin placed as: C:\WampDeveloper\Websites\localhost\webroot\phpmyadmin
phpMyAdmin 4.1, and newer, requires PHP 5.3+ and MySQL 5.5+.
Make sure PHP execution is already enabled for the directory phpMyAdmin is in. It should be under all WAMPs by default, but if you are using a directory outside DocumentRoot, or have a barebones/custom Apache + PHP setup, it might not be. If you are using PHP-FCGI (mod_fcgid) rather than PHP via Apache's php5_module, additional mod_fcgid configurations will be needed. Most WAMPs will have already taken care of this for you.
The following extensions should already be uncommented in PHP's php.ini configuration file.
MySQL's my.ini configuration file should already have MySQL bound-to/listening-on IP 127.0.0.1 or 0.0.0.0:
bind-address = 127.0.0.1
Make a copy of file phpmyadmin\config.sample.inc.php as phpmyadmin\config.inc.php and update it with the following:
* This configuration improves on the default, and is based on WampDeveloper Pro's phpMyAdmin config.inc.php.
Set the Login type to use HTTP Basic authentication (cookie is default):
$cfg['Servers'][$i]['auth_type'] = 'http';
Configure phpMyAdmin to access MySQL directly on IP 127.0.0.1. *There is no point in resolving "localhost", and this will also remove the chance of localhost resolving to IPv6 loopback address "::1", which MySQL might not be bound to (causing all kinds of issues):
$cfg['Servers'][$i]['host'] = '127.0.0.1';
Allow users to login that have no password set (ex: root):
$cfg['Servers'][$i]['AllowNoPassword'] = true;
Define phpMyAdmin's Control user (internal use):
$cfg['Servers'][$i]['controlhost'] = 'localhost'; $cfg['Servers'][$i]['controluser'] = 'pma'; $cfg['Servers'][$i]['controlpass'] = 'pmapass';
Use all of the advanced phpMyAdmin features:
$cfg['Servers'][$i]['pmadb'] = 'phpmyadmin'; $cfg['Servers'][$i]['bookmarktable'] = 'pma__bookmark'; $cfg['Servers'][$i]['relation'] = 'pma__relation'; $cfg['Servers'][$i]['table_info'] = 'pma__table_info'; $cfg['Servers'][$i]['table_coords'] = 'pma__table_coords'; $cfg['Servers'][$i]['pdf_pages'] = 'pma__pdf_pages'; $cfg['Servers'][$i]['column_info'] = 'pma__column_info'; $cfg['Servers'][$i]['history'] = 'pma__history'; $cfg['Servers'][$i]['table_uiprefs'] = 'pma__table_uiprefs'; $cfg['Servers'][$i]['tracking'] = 'pma__tracking'; $cfg['Servers'][$i]['designer_coords'] = 'pma__designer_coords'; $cfg['Servers'][$i]['userconfig'] = 'pma__userconfig'; $cfg['Servers'][$i]['recent'] = 'pma__recent'; $cfg['Servers'][$i]['users'] = 'pma__users'; $cfg['Servers'][$i]['usergroups'] = 'pma__usergroups'; $cfg['Servers'][$i]['navigationhiding'] = 'pma__navigationhiding';
Define the max execution time in seconds for importing and exporting of dump (SQL) files (300 is default):
$cfg['ExecTimeLimit'] = 300;
Define the Temporary directory (if you are not using WampDeveloper Pro, define another location):
$cfg['TempDir'] = 'C:/WampDeveloper/Temp';
Don't check for new versions (via JS), nor notify user to update each time newer version is available:
$cfg['VersionCheck'] = false;
Set the Authentication Message for HTTP logins:
$cfg['Servers'][$i]['auth_http_realm'] = 'phpMyAdmin Login';
Define the Logout URL (URL you are taken to after logout):
$cfg['Servers'][$i]['LogoutURL'] = 'http://' . $_SERVER['SERVER_NAME'];
Don't group databases in phpMyAdmin's left menu on underscore in name:
$cfg['NavigationTreeEnableGrouping'] = false;
We can secure phpmyadmin by switching from open access to white-listing user access, and...
phpMyAdmin has no user management and will not cross-check the MySQL account's host with the incoming connection's ip/host. But we can set the username + origin IP access permissions by using phpmyadmin's internal access rules:
$cfg['Servers'][$i]['AllowDeny']['order'] = 'deny,allow'; $cfg['Servers'][$i]['AllowDeny']['rules'] = array( // deny everyone by default 'deny % from all', // allow all users from the local system 'allow % from localhost', 'allow % from 127.0.0.1', 'allow % from ::1', // allow all users from the server IP (commented out) // 'allow % from SERVER_ADDRESS', // allow user root from local system 'allow root from localhost', 'allow root from 127.0.0.1', 'allow root from ::1', // allow user root from local network 'allow root from 10.0.0.0/8', 'allow root from 172.16.0.0/12', 'allow root from 192.168.0.0/16', 'allow root from fe80::/10', // IPv6 Link-local Addresses 'allow root from fc00::/7', // IPv6 Unique Local Addresses // add more usernames and their IP (or IP ranges) here - );
Start MySQL. Log into the MySQL shell as user root (from the command-line):
mysql -u root -p
* If user root has no password set, leave the "-p" switch out.
Create the phpMyAdmin database by the provided SQL file:
Create the Control (internal) phpMyAdmin user:
CREATE USER 'pma'@'localhost' IDENTIFIED BY 'pmapass'; GRANT SELECT, INSERT, DELETE, UPDATE ON `phpmyadmin`.* TO 'pma'@localhost;
Exit the MySQL shell:
* This will override the purpose of the access rule list defined in config.inc.php (in the above 'Secure phpMyAdmin' section). Use this only if you know /phpmyadmin will never be accessed from outside the local system.
Secure the phpmyadmin directory to local system access by creating and placing an .htaccess file in phpMyAdmin's directory, with the following access restrictions:
order deny,allow deny from all allow from 127.0.0.1 allow from ::1
Open URL http://localhost/phpmyadmin and log in with any user that:
* You'll only be able to access the databases that the user has had permissions granted on (and only with the specified privileges).
* To logout completely from phpMyAdmin, ALL Tabs in the Browser must be closed (not just the one).