I would like to add an extra layer of security to phpMyAdmin. It’s very convenient to access it via mysql.domain.com, but it’s also a bit of a security risk. My PHPBB forum was recently compromised in the mere 24 hours it took to patch for a recent vulnerability, and while the hacker was thwarted due to running PHP as a CGI, he or she certainly could look at my config.php file, which contains a MySQL account and password.
Needless to say, I’ve changed the account information after my recent hack, but this does worry me in general.
I’d prefer if I could secure PhpMyAdmin to require more than just a valid MySQL account and password, like with an additional .htaccess requiring a master user/password and/or limited IPs.
Is there any way I can do this?