[HowTo] Secure phpMyAdmin From Brute Force Attack on VestaCP Centos with Google recaptcha

[xorro]

Go to google recaptcha page GOOGLE RECAPTCHA in order to retrieve site key and secret key:

Add/Register a new site :


Enter the server ip or hostname, domain you want to access the phpmyadmin with, then hit Register button, now you will see site key and secrect key copy this keys we’ll need this in step 2 :

you can go to Advanced Settings >> Domain Name Validation >>> uncheck Verify the origin of reCAPTCHA solutions for wildcard permission i.e. you can access phpmyadmin with any domain and ip which are in the server, this is useful if you’ve many domains and IP hosted on the server and want to access phpmyadmin from all of them.



After that edit the config.inc.php file and add the lines below mentioned :

Code: Select all

nano /usr/share/phpMyAdmin/libraries/config.default.php

now search this line and add site key and secrect key which you’ll be retrieving from step 2 :

Code: Select all

$cfg['CaptchaLoginPublicKey'] = 'Site Key';
$cfg['CaptchaLoginPrivateKey'] = 'Secret Key';

where :

Code: Select all

$cfg[‘CaptchaLoginPublicKey’] = ‘Site key’
$cfg[‘CaptchaLoginPrivateKey’] = ‘Secret key’

eg :

Code: Select all

/**
 * if reCaptcha is enabled it needs public key to connect with the service
 *
 * @global string $cfg['CaptchaLoginPublicKey']
 */
$cfg['CaptchaLoginPublicKey'] = 'Site Key';

/**
 * if reCaptcha is enabled it needs private key to connect with the service
 *
 * @global string $cfg['CaptchaLoginPrivateKey']
 */
$cfg['CaptchaLoginPrivateKey'] = 'Secret Key';