W3-Video WEB Tutorials

w3-video.com is a Free eLearning Website with over 500 video tutorials on HTML5, XAMPP, .htaccess, Firefox, Notepad++

XAMPP Tutorial

Home HTML5 XAMPP .htaccess Firefox Notepad++

3. Secure users (pma included), Tutorial

Share it

Learn to Secure the pma user and the rest


  1. start MySQL
  2. access phpMyAdmin
  3. edit pma user's privileges
  4. add a password
  5. save & test
  6. check other users

Video demonstration XAMPP: Secure users (pma included)

3. Secure users (pma included), Tutorial

min video details
00:03 connect to phpMyAdmin
00:07 provide the user and the password
If you want to know how to password protect phpMyAdmin, click here for a video demo
00:19 click on Users menu to check user's privileges
00:24 note: pma user has No password
00:29 test: indeed, we can connect to phpMyAdmin with 'pma' user and no password
00:38 reconnect to phpMyAdmin with 'root' user which is the ADMIN user, meaning you have ADMIN RIGHTS, you are able to add a password to 'pma' user
00:51 select the user and click on 'Edit Privileges' button
01:03 add a password for pma user
01:08 save it (click on 'GO' button)
01:24 refresh
01:25 pma user has now a password set
01:30 check the message "Connection to controluser as defined in your configuration failed"
01:37 stop MySQL server, we will modify phpMyAdmin's configuration file 'config.inc.php'
01:48 open 'config.inc.php' file with a text editor ; e.g. Notepad++
01:53 type in the password for the pma user and save file
02:02 restart MySQL
02:09 open phpMyAdmin
02:16 test for 'pma' user: unable to connect without a password
02:37 reconnect to phpMyAdmin with admin rights ('root' user) to check for other vulnerabilities
02:54 another user: 'any' with no password, it means 'any user could connect with no password'
03:02 test ok: fill in whatever you want for 'Username' field and leave blank the 'Password' field
03:18 another test ok
03:38 let's fix this: reconnecting to phpMyAdmin with admin rights and remove the 'any' user from Users table
04:05 another test ok: we are no longer able to connect using some random user and no password