Bobcares

Secure Wamp Server with ease

by | Sep 21, 2020

Are you trying to secure a wamp server? Take a peek at this blog.

Here at Bobcares, we have seen several such queries related to Wamp Server as part of our Server Management Services for web hosts and online service providers.

Today we’ll take a look at how to secure a wamp server.

 

How to secure a wamp server

Here is the procedure of securing the wamp server. Before we proceed, restart the wamp server after configuration.

 

1. Hide server signature

In order to prevent bad guys from mining the server signature, hide it.

For doing that, open httpd-default.conf file and change the parameters as given below:

ServerSignature Off
ServerTokens Prod

Here, we are setting ServerTokens to Prod so that Apache will set the response headers as simply:

Server: Apache

 

2. Directories/files outside the document root must not be served

Ensure that the directories/files outside the document root (website) are not served. For that, open the httpd.conf file and verify the content of the directory tag is as below:

<Directory/>
Order Deny,Allow
Deny from all
Options None
AllowOverride None
</Directory>
or
<Directory />
AllowOverride none
Require all denied
</Directory>

<Directory C:/apache2/htdocs>
Order Allow,Deny
Allow from all
</Directory>

The above code assumes the correct document root for your WAMP server is C:/apache2/htdocs/. However, if your document root is different, modify the same in the above code.

 

3. To prevent DoS attacks, reduce time out

To fix Denial of service (DoS) attacks, you need to change the timeout directive within the httpd-default.conf file from the default of 300 to 60. Access the httpd-default.conf file and search the below code:

TimeOut 300

and change it to:

TimeOut 60

Now, restart the Apache services.

 

4. Set MySQL password

By default, the MySQL set in the Wamp Servers come with no password. Here are the steps to set the password:

  • First, left-click the WAMP icon in the system tray.
  • Now select MySQL followed by accessing MySQL console.
  • After the console window opens and asks for a password, hit enter.
  • Now from the command line, enter SET PASSWORD FOR root@localhost=PASSWORD(‘password’); (password is the new password to be set).
  • Finally, hit enter.

If the password change is successfully done, then you will see a query OK. Close the MySQL console window and access it again.

Now when you are prompted for a password, enter the password and you must land at the MySQL prompt.

 

5. Change folder permissions in your website

The folders must have Read and Execute permissions excluding only some folders must have Write permissions.

In order to check what user runs Apache, open Windows Task Manager, and click the Details tab. In the User name column, you can see the user. Usually, it will be the SYSTEM user.

 

6. Set phpMyAdmin password

In order to set the password, edit the phpMyAdmin config file.

Open the file C:\wamp\apps\phpmyadmin3.2.0.1\config.inc.php.

Replace these four lines:

$cfg[‘Servers’][$i][‘auth_type’] = ‘config’;
$cfg[‘Servers’][$i][‘user’] = ‘root’;
$cfg[‘Servers’][$i][‘password’] = ”;
$cfg[‘Servers’][$i][‘AllowNoPassword’] = true;

with these lines given below:

$cfg[‘Servers’][$i][‘auth_type’] = ‘http’;
$cfg[‘Servers’][$i][‘user’] = ”;
$cfg[‘Servers’][$i][‘password’] = ”;
$cfg[‘Servers’][$i][‘AllowNoPassword’] = false;
$cfg[‘Servers’][$i][‘LogoutURL’] = ‘http://localhost/’;

Here we’ve changed ‘auth type’ from ‘config’ to ‘http’ which is more secure. Also, we changed ‘AllowNoPasswordRoot’ from true to false. The result will be a login dialog box when you go to phpmyadmin.

Finally, we added a line to set a LogOutURL so that you land on a new page i.e a exit page after clicking on the ‘Exit’.

 

7. MySQL configuration in C:\wamp\bin\mysql\mysql5.1.36\my.ini

Add a bind-address to limit who MySQL listens to, and we can change the port it listens at.

[mysqld]
port=3306 (can change to any other port)
bind-address=127.0.0.1

Finally, this way we have secured the Wamp Server.

[Need any further assistance with Wamp queries? – We are here to help you.]

 

Conclusion

In today’s writeup, we saw how to secure a wamp server

PREVENT YOUR SERVER FROM CRASHING!

Never again lose customers to poor server speed! Let us help you.

Our server experts will monitor & maintain your server 24/7 so that it remains lightning fast and secure.

GET STARTED

var google_conversion_label = "owonCMyG5nEQ0aD71QM";

1 Comment

  1. Tim

    Thank you.

    Reply

Submit a Comment

Your email address will not be published. Required fields are marked *

Never again lose customers to poor
server speed! Let us help you.