WAMP Security Tips
$cfg['blowfish_secret'] = '';In the quote marks, add some random jibberish. Longer is better. 32 characters or so works nicely. Then find:
$cfg['Servers'][$i]['auth_type']and change the value from “config” to “cookie”. Under that, the value for
$cfg['Servers'][$i]['user']should be empty. Save this file.
What you have done is to set it up to require a username and password when you login. The next problem, however, is that the root password for MySQL is empty. Since that is the default, that is the first thing an attacker would guess. So, let’s change it.
Go to http://localhost/ . Click on the link for phpmyadmin. At the login prompt, enter “root” for the username. Leave the password box empty and login. Now find the user management area and change the password for the root user. When you commit the change, you will get kicked out and land back at the login prompt. Test the new username and password.
Finally, keep in mind that if you don’t want people to see this server, it needs to be behind a firewall. Either way, we recommend blocking general access to port 3306 for MySQL – unless you planned to give lots of people direct access to that service.
There are still dozens of ways to break into your box, but these simple changes will at least keep the beginners out. Good luck.