FAQ 4.2

From PmaWiki

[edit] What's the preferred way of making phpMyAdmin secure against evil access.

This depends on your system. If you're running a server which cannot be accessed by other people, it's sufficient to use the directory protection bundled with your webserver (with Apache you can use .htaccess files, for example). If other people have telnet access to your server, you should use phpMyAdmin's HTTP authentication or cookie authentication features.

Suggestions:

• Your config.inc.php file should be chmod 660.
• All your phpMyAdmin files should be chown -R phpmy.apache, where phpmy is a user whose password is only known to you, and apache is the group under which Apache runs.
• You should use PHP safe mode, to protect from other users that try to include your config.inc.php in their scripts. (Safe mode is not available with PHP 6)

See also Security.