Any one can get root access phpMyAdmin

  • Resolved RaymondDay

    (@raymondday)


    18 years, 2 months ago

    For a long time now any one can get on my phpMyAdmin. I thought I had a name and password all ready set up in WordPress. But any one could still get on phpMyAdmin and do bad things to my WordPress Data base.

    Is there any place that tells how to set this up? I think if I set it up then my WordPress will not work with the Data base.

    This has been like this for at lest a year now. I am just lucky no one has messed with it. Some one did put in the data base this “are_you_that_Giving_anybody_root_access_is_safe” I know that but don’t know how to fix it?

    -Raymond Day

Viewing 4 replies - 1 through 4 (of 4 total)

  • Sounds like they did you a favor ??

    Your database needs to have a user assigned and that user should have a username and password….this is different that your WP username and password.

    This information should be in your wp-config.php file. Look there and see what it is….maybe you have one, but is is just weak and someone has figured it out. Or maybe you don’t have a password set on your database…which you will need to correct.

    Are you hosting this on your own machine or with a hosting provider? If you are with a hosting provider, then you should have some method of connecting to your database through a control panel to set the user and password.

    Steve

    Thread Starter RaymondDay

    (@raymondday)

    It is on your own machine. Fedora Linux I installed my self.

    I just looked at my wp-config.php file in there is this:

    “// ** MySQL settings ** //
    define(‘DB_NAME’, ‘WordPress’); // The name of the database
    define(‘DB_USER’, ‘root’); // Your MySQL username
    define(‘DB_PASSWORD’, ‘xxxx’); // …and password
    define(‘DB_HOST’, ‘localhost’); // 99% chance you won’t need to change this value”

    I replace the password with X’s

    I don’t get why WordPress needs a name and password but phpMyAdmin don’t.

    All so the /var/www/html/wordpress/wp-config.php file is just a text file. Could any one read it?

    I just tested out going to:

    https://IP/wordpress/wp-config.php

    At lest it just brings back a blank page.

    -Raymond Day

    We don’t support phpMyAdmin here. By default, it is wide open though. https://www.phpmyadmin.net/documentation/#authentication_modes

    That’s not to be confused with being a WordPress issue.

    And, as you noticed, browsing to wp-config.php doesn’t spill the beans about your info in it. Remember, php files are processed.

    Thread Starter RaymondDay

    (@raymondday)

    It looks like I got it. There was all so a text in my data base that said update it. I had phpMyAdmin 2.6.1 and I updated to 2.9.2

    Now I have a password and it’s auto_type set to http. Now in phpMyAdmin have to log in and WordPress still works.

    So I guess that was the main thing go to the phpMyAdmin folder and edit config.inc.php and changed auth_type from config to http.

    I think I have it all fixed. This was like this for over a year now. Thank you for the help.

    -Raymond Day

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Any one can get root access phpMyAdmin’ is closed to new replies.