Home arrow Site Administration arrow Page 2 - Install XAMPP on Windows

How-To Secure XAMPP from localhost - Administration

In this following XAMPP tutorial, you will learn how to install XAMPP Windows on XP or Win 7. By the end of this tutorial, you will have a fully working and configured XAMPP PHP installation on your Windows system, which will serve as your local Apache web server bundled with PHP (or PERL) and MySQL.

  1. Install XAMPP on Windows
  2. How-To Secure XAMPP from localhost
  3. Test XAMPP, phpMyAdmin, and Apache Modules
By: Codex-M
Rating: starstarstarstarstar / 4
March 08, 2011

print this article



Now that the installation is complete, let's start securing the XAMPP install. Security is the most important configuration set, as you do not need XAMPP to be publicly accessible either within your networks or on the Internet from your localhost install.

Here, we will learn how to secure your Win XAMPP directories and assign passwords. Below are the basic security setup steps:

1. Launch your favorite browser.

2. Enter the following URL in your address bar: http://localhost

3. You should then see the XAMPP splash page. Click "English." You will then see the XAMPP administrator panel, where you can find the XAMPP status and security configuration settings.

4. Click "Security."

5. XAMPP will then perform a security audit in your Windows system and setup. You will likely see errors; do not panic. Since you have not secured your XAMPP installation yet, you will likely see the following warnings:

  • These XAMPP pages are accessible by network for everyone -UNSECURE
  • The MySQL admin user root has NO password - UNSECURE
  • PhpMyAdmin is free accessible by network - UNSECURE
  • The FileZilla FTP password is still 'wampp' - UNSECURE
  • PHP is NOT running in "safe mode" – UNSECURE
  • A POP3 server like Mercury Mail is not running or is blocked by a firewall! - Unknown

7. The priority items to be fixed are: Directory Permissions, MySQL Password and PHPMyAdmin. Click the link: http://localhost/security/xamppsecurity.php that appears below the warning messages.

8. Under the MySQL section: “Root” Password, assign a new password and make sure to take note of it by writing it down in a safe location. Select “cookie” for PHPMyAdmin authentication.

Warning: Do NOT check “Save plain password in text file?”

Click “Password Changing.” You should then see: “The root password was successfully changed. Please restart MYSQL for loading these changes!”

9. To restart MySQL, go to the XAMPP Control panel (screenshot shown previously). Click “Stop” for MySQL. This will stop the MySQL service. It should look like the image below:

Click the “Start” button again to restart MySQL and implement your new password settings. If you see “running” under MySQL service, it has successfully restarted.

10. Now go back to the XAMPP security page (http://localhost/security/index.php). Let’s secure the XAMPP directory by implementing “Directory protection (.htaccess).”

First, enter the desired username and password under “XAMPP DIRECTORY PROTECTION (.htaccess).” Take note of these credentials and write them down in a safe location.

Warning: Do NOT check the “Safe plain password in text file?”

Now, click “Make Safe the XAMPP directory.” If the changes are successful, you should see the message:

SUCCESS: The XAMPP directory is protected now! All personal data was saved in the following file:

The password gets encrypted once it is stored in that location.

11. You can stop the “Filezilla” service in the XAMPP Control panel, as it is not required to test applications. The two most important services for developing web applications are Apache and MySQL. These should not be disabled if you want to properly test your applications locally.

>>> More Site Administration Articles          >>> More By Codex-M

blog comments powered by Disqus
escort Bursa Bursa escort Antalya eskort


- Coding: Not Just for Developers
- To Support or Not Support IE?
- Administration: Networking OSX and Win 7
- DotNetNuke Gets Social
- Integrating MailChimp with Joomla: Creating ...
- Integrating MailChimp with Joomla: List Mana...
- Integrating MailChimp with Joomla: Building ...
- Integrating MailChimp with Joomla
- More Top WordPress Plugins for Social Media
- Optimizing Security: SSH Public Key Authenti...
- Patches and Rejects in Software Configuratio...
- Configuring a CVS Server
- Managing Code and Teams for Cross-Platform S...
- Software Configuration Management
- Back Up a Joomla Site with Akeeba Backup

Developer Shed Affiliates


Dev Shed Tutorial Topics: