If you’re running a website or app with a database, you may want a simple way to look inside it, make changes, or check things out. That’s where Adminer comes in.
Adminer is a lightweight web-based tool that lets you manage your databases. It’s similar to phpMyAdmin, but smaller, faster, and easier to set up. I like it because it’s just one single PHP file. Easy to drop in. Easy to clean up.
In this article, I’ll show you how to install Adminer, how to use it, and how to secure it—because leaving it open without protection is like leaving your front door unlocked with a giant “Steal me” sign.
Let’s get started, one step at a time.
What is Adminer?
Adminer is a free, open-source tool. It lets you connect to a database, run queries, edit tables, create users, and more—all from your browser.
It works with:
- MySQL
- MariaDB
- PostgreSQL
- SQLite
- Oracle
- MS SQL
But most people (me included) use it with MySQL or MariaDB. I use Adminer when I don’t want to install big tools like phpMyAdmin. Adminer is like a pocketknife instead of a toolbox—simple, but powerful.
Step 1: Get Your Server Ready
Before you install Adminer, make sure your server has:
- A web server (like Nginx or Apache)
- PHP installed
- Access to your database
I’m using Ubuntu 22.04 with Nginx, PHP-FPM, and MariaDB, but you can follow along even if your setup is a little different.
First, update your system:
sudo apt update
sudo apt upgrade -y
This keeps your software fresh and safe. Like brushing your teeth before eating candy—boring, but smart.
Step 2: Install Adminer
Now let’s install Adminer.
You don’t really install Adminer the way you install other apps. It’s just one PHP file. You download it, drop it in a folder, and that’s it.
Make a folder for Adminer:
sudo mkdir -p /var/www/adminer
cd /var/www/adminer
Download Adminer:
sudo wget https://www.adminer.org/latest.php -O index.php
Give it the right permissions:
sudo chown -R www-data:www-data /var/www/adminer
Now it’s ready to use. But your server still doesn’t know it exists.
Step 3: Configure Nginx (or Apache)
If you’re using Nginx, you’ll need to create a config file for Adminer.
Here’s how:
sudo nano /etc/nginx/sites-available/adminer
Paste this in:
server {
listen 80;
server_name your_domain_or_IP;
root /var/www/adminer;
index index.php;
location / {
try_files $uri $uri/ =404;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/var/run/php/php8.1-fpm.sock;
}
location ~ /\.ht {
deny all;
}
}
Replace php8.1 with your actual PHP version. You can check it with:
php -v
Enable the site and reload Nginx:
sudo ln -s /etc/nginx/sites-available/adminer /etc/nginx/sites-enabled/
sudo nginx -t
sudo systemctl reload nginx
Now go to your browser and type your IP address. You should see the Adminer login screen. Neat, right?
Step 4: Log In to Your Database
On the login screen, enter:
- System: MySQL or MariaDB (depends on your setup)
- Server: usually
localhost - Username: your database username
- Password: your password
- Database: optional (leave blank to see all)
Click Login and you’re in.
Adminer shows you all your tables, lets you run SQL, and even export data. It’s handy when you need to make quick changes or check something.
Why You Should Secure Adminer
Now here’s the important part: Adminer is wide open by default.
If someone finds your Adminer URL, they can try logging in—or worse, exploit it if it’s outdated.
You wouldn’t leave your bike unlocked outside a donut shop, would you? Same thing here.
Let’s lock it down.
Step 5: Secure Adminer
Here are three ways to protect Adminer:
1. Use HTTP Authentication
This adds a username and password just to access the page. Even before you see the login form.
Create a password file:
sudo apt install apache2-utils
sudo htpasswd -c /etc/nginx/.htpasswd admin
Enter a strong password.
Then update your Nginx config:
location / {
auth_basic "Restricted";
auth_basic_user_file /etc/nginx/.htpasswd;
try_files $uri $uri/ =404;
}
Reload Nginx:
sudo systemctl reload nginx
Now, you’ll be asked for a username and password before you can even see Adminer.
2. Rename the File
Since Adminer uses index.php, most bots and attackers know what to look for.
You can rename it to something random:
mv index.php secret-database-door.php
Now only people who know the filename can find it.
Update your config to match:
index secret-database-door.php;
Reload Nginx again.
It’s like hiding your cookies in the broccoli bag—sneaky and effective.
3. Block Access by IP
Only allow certain IP addresses (like yours).
In your Nginx config, update the location block:
location / {
allow 123.45.67.89;
deny all;
try_files $uri $uri/ =404;
}
Replace 123.45.67.89 with your IP. You can find yours by visiting https://ipinfo.io/ip.
This makes sure only you (or people you trust) can access Adminer.
Bonus: Use HTTPS
If you care about security (and you should), use HTTPS. Otherwise, your database password can be stolen on public Wi-Fi.
You can use Let’s Encrypt to get a free SSL certificate.
On Ubuntu with Nginx, it’s simple:
sudo apt install certbot python3-certbot-nginx
sudo certbot --nginx
Follow the prompts, and boom—your site is secure.
Things I Like About Adminer
- It’s just one file—easy to install and update
- Fast and light, even on small servers
- Works with many types of databases
- Easy to back up—just copy one file
Common Mistakes to Avoid
- Leaving Adminer unprotected
- Using weak database passwords
- Forgetting to update Adminer (just re-download the file)
- Letting search engines index it (use robots.txt or block
/adminer)
Three Handy Lists
What You Need:
- A Linux server
- Nginx or Apache installed
- PHP and a database (like MySQL or MariaDB)
Good Security Practices:
- Rename the Adminer file
- Use HTTP authentication
- Block by IP address
Useful Commands:
# Download Adminer
wget https://www.adminer.org/latest.php -O index.php
# Create .htpasswd file
htpasswd -c /etc/nginx/.htpasswd admin
# Reload Nginx
sudo systemctl reload nginx
Final Thoughts (and One Last Pun)
Adminer is a great little tool when you need quick access to your database. I like how it doesn’t need much to run, and it gets the job done without fuss.
Just don’t forget: with great power comes great responsibility. Adminer can do a lot—but it also needs to be protected. A single misstep, and your data could be toast.
So, keep it hidden, lock it up, and make sure you update it once in a while. After all, a secure Adminer is a happy Adminer. Or as I like to say, better safe than SELECT * FROM trouble;
