As PHPMyAdmin allows you access into your MySQL instance, it is imperative you secure by using complex passwords for your mysql logins.
I have also secured it by adding IP restrictions, so that only authorised machines can connect to it. This can be done by editing the /etc/apache2/conf.d/phpmyadmin.conf file, this can be done as follows:
sudo nano /etc/apache2/conf.d/phpmyadmin.conf
You can add any number of public and private IP addresses or subnets eg.
Allow from 127.0.0.1
Allow from 18.104.22.168/24
You need to put these IP restrictions under the <Directory /usr/share/phpmyadmin> section for /phpmyadmin and under the <Directory /usr/share/phpmyadmin/setup> section for the /setup
eg:# phpMyAdmin default Apache configuration Alias /phpmyadmin /usr/share/phpmyadmin <Directory /usr/share/phpmyadmin> Options FollowSymLinks DirectoryIndex index.php Order allow,deny Allow from 127.0.0.1 Allow from 22.214.171.124/24 <IfModule mod_php5.c> AddType application/x-httpd-php .php php_flag magic_quotes_gpc Off php_flag track_vars On php_flag register_globals Off php_admin_flag allow_url_fopen Off php_value include_path . php_admin_value upload_tmp_dir /var/lib/phpmyadmin/tmp php_admin_value open_basedir /usr/share/phpmyadmin/:/etc/phpmyadmin/:/var/lib/phpmyadmin/ </IfModule> </Directory> # Authorize for setup <Directory /usr/share/phpmyadmin/setup> Order allow,deny Allow from 127.0.0.1 Allow from 126.96.36.199/24 <IfModule mod_authn_file.c> AuthType Basic AuthName "phpMyAdmin Setup" AuthUserFile /etc/phpmyadmin/htpasswd.setup </IfModule> Require valid-user </Directory> # Disallow web access to directories that don't need it <Directory /usr/share/phpmyadmin/libraries> Order Deny,Allow Deny from All </Directory> <Directory /usr/share/phpmyadmin/setup/lib> Order Deny,Allow Deny from All </Directory>