PHPMyAdmin - or PMA - is an excellent free, open source web-based database client which can be used to interact more easily with MySQL and WordPress databases. I'll describe how to install it, secure it and some common scenarios with which it can assist you in WordPress administration. Here's an online demo of PMA for you to explore.
In addition to offering a visual GUI for database operations, I also appreciate being able to run command line SQL operations via my browser without having to log in to the server via SSH. For example, some WiFi and mobile connections regularly terminate persistent SSH sessions, making database tasks problematic.
Installing PHPMyAdmin
Getting started with PMA is fairly straightforward on Linux. I'll describe how to do so with Ubuntu 14.x at Digital Ocean. Log in to your server via SSH:
apt-get install phpmyadmin
You can use the default settings during installation or customize them to your liking.
On a typical WordPress installation, there aren't any direct ports to MySQL for a hacker to try to access. They might try to break in via SSH or try SQL injection attacks against WordPress, but they can't directly attack the database. Once you install PMA, anyone can run web-based attacks against it in order to gain control of your database, so care is warranted.
There are a few precautions I recommend when configuring PMA.
1. Use very strong passwords for all of your MySQL accounts, especially the root account. e.g. 25 characters for the root password.
2. Use different MySQL accounts and privileges for each WordPress site running on a single server. This way if one WordPress password is compromised, only one site's database is compromised.
3. Change the default URL used by PMA. This way people can't visit http://yourblog.com/phpmyadmin. While this security by obscurity isn't a very effective technique, it does add some protection.
Add an alias to the apache.conf file:
nano /etc/phpmyadmin/apache.conf Alias /myobscuredpma /usr/share/phpmyadmin
Reload apache:
service apache2 reload
Then, to access PMA, visit http://yourblog.com/myobscuredpma
If you need to modify your PHPMyAdmin password, you can edit the config-db.php here:
nano /etc/phpmyadmin/config-db.php
4. Configure Web Authentication for the PMA Site. This will require that you enter an additional password to gain access to PMA, in addition to your database password, like this:
To configure Apache user restrictions, follow these steps:
Install htpasswd as part of apache2-utils:
apt-get install apache2-utils
Make a directory to store your passwords:
mkdir /etc/htpasswd
Add htaccess support for PMA:
nano /etc/phpmyadmin/apache.conf
Add "AllowOverride All" below
<Directory /usr/share/phpmyadmin>
Options FollowSymLinks
DirectoryIndex index.php
AllowOverride All
Configure your user authentication for PMA:
nano /usr/share/phpmyadmin/.htaccess
AuthType Basic AuthName "Login Required for Access" AuthUserFile /etc/htpasswd/.htpasswd Require valid-user
Set your password:
htpasswd -c /etc/htpasswd/.htpasswd username
And, restart Apache:
service apache2 restart
Browse to your PMA site, and you'll be prompted for your username and password as shown above.
Using PHPMyAdmin with WordPress
It's very important to remember that PMA allows you to directly manipulate the WordPress database; that means it's quite easy to break your WordPress site if you don't know what you're doing. It's especially unwise to apply database scripts from the web unless you understand them completely. Use PMA with great care.
Here are a few scenarios that may be helpful to you in ongoing WordPress administration:
1. Creating a New Database for WordPress Installation
Without PMA, I would sign in to my server via SSH. Log in to MySQL, and then run:
create database wordpress; grant all privileges on wordpress.* TO "your-mysql-username"@"localhost" identified by "your-mysql-password"; flush privileges;
With PMA, you can run any command line query with the visual interface. Click the SQL tab and paste the MySQL database instructions above. Then click Go to create the database.
I use this a lot when creating new WordPress sites, just before running the WordPress web installer.
Or, you can use the visual interface to create your database directly:
You can also add users and define privileges this way. Click on the privileges tab:
Click Add User, and define the privileges for the database that you wish:
For your typical WordPress database account, you'll want to check the boxes in the Data and Structure squares.
2. Backing Up Your Database
It's a very good idea to backup your database before performing any of the tasks below. If something goes wrong, you'll be able to restore your WordPress site from the backup.
Using the PMA web interface, click on your WordPress database, click the Export tab and select Custom.
Enable "Add Drop Table / View / Procedure / Function / Event" statement:
When you click Go, PMA will download a backup of your entire database. If you're Apache PHP timeout settings aren't properly configured, some long file downloads may timeout and fail. You can adjust this in PHP.ini as I describe on my site.
3. Search and Replace
WordPress doesn't have built-in features to help with search and replace when websites change or you need to adjust content across many posts.
With PMA, you can run a manual query to search and replace the text that you want to change (again, be very careful with write-based SQL commands on your WordPress database):
UPDATE wp_posts SET post_content = REPLACE (post_content, 'source text', 'replace with this text');
An alternative to using PMA and MySQL, is this handy Search and Replace plugin.
4. Site Migration
Often when you move a WordPress site to a new domain name or URL, it won't reflect the changes to your domain name throughout the site; even after changing the domains in the site settings. You can fix this in the database with PMA:
Again, you can use the SQL query box to update your site's database directly:
update wp_options set option_value = replace(option_value,'http://old_domain.com','http://new_domain.com'); update wp_postmeta set meta_value = replace(meta_value,'http://old_domain.com','http://new_domain.com'); update wp_posts set post_content = replace(post_content,'http://old_domain.com','http://new_domain.com'); update wp_posts set guid = replace(guid,'http://old_domain.com','http://new_domain.com'); update wp_posts set pinged = replace(pinged,'http://old_domain.com','http://new_domain.com'); update wp_comments set comment_content = replace(comment_content,'http://old_domain.com','http://new_domain.com');
Or, you can use the web interface. Browse to the database name, select each table, run a query and manually change the settings for each:
Click Edit and make your changes:
5. Reset Your WordPress Administrator Password
There are rare cases where WordPress' administrator passwords get changed, lost or corrupted. If you can access your database, you can use PMA to update your password right directly (do browse and verify which numeric id represents the current administrative user):
Update 'your_database'.'your_user' SET 'user_pass'=MD5('new-password') WHERE 'wp_users'.'ID'=1;
Once that's done, you can log in to the WordPress Dashboard with your new password.
I hope you've found this useful. Please post any comments, corrections or additional ideas below. You can browse my other Tuts+ tutorials on my author page or follow me on Twitter @reifman.
Related Links
- Using PHPMyAdmin with WordPress (presentation) by Kenneth Hargis
- PHPMyAdmin Tutorial (video) by Kirk Maxi
Comments