WampServer

Wampserver 2.4 What to do after Installing

(These correction should be made for both 23bit and 64bit installs of WAMPServer)

Note: I assume you have installed Wamp into C:\wamp and use that in all directory information in this document. However you can install WAMPServer on any drive so if you have installed elsewhere just make any changes you decide to use from this document with that in mind.

It would do no harm to make a backup of the original files before starting these changes!
To avoid typo's, make a single change to a single file, then save the file, restart all services and check that everything still starts properly. This is simpler than working backwards to find a typo, and better than cursing Otomatic or myself for our incompetance.


The following changes have four sections:

- httpd.conf
- php.ini
- my.ini file
- phpMyAdmin


-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
-+-+- httpd.conf +-+-+
-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

The Apache configuration file C:\wamp\bin\apache\apache2.4.4\conf\httpd.conf is basically a copy of the Apache 2.2 configuration and therefore has a few errors and ommissions. These changes are designed to bring the config up to Apache 2.4 standards and use some of the new directives as they are now supposed to be used particularly as it simplifies, among other things, how to control connection security.
So these changes are designed to make the config fully compatible with the Apache 2.4.

Open with a text editor (Notepad++ for example: [ [notepad-plus-plus.org] ]) the file C:\wamp\bin\apache\apache2.4.4\conf\httpd.conf

- We will add this first change so that we dont show the apache version in headers and error messages.

This will effect what is displayed in $_SERVER['SERVER_SOFTWARE'] and $_SERVER['SERVER_SIGNATURE']
so at the beginning of the file, just after the line

# an explicit drive letter in absolute paths to avoid confusion.

add these 2 new lines:

ServerSignature Off
ServerTokens Prod

Which will produce these values

SERVER["SERVER_SIGNATURE"]	no value
SERVER["SERVER_SOFTWARE"]	Apache

However, if in your PHP code you want to check which version of Apache (and whether its 32 or 64 bits), for example, you should add these 2 lines instead:

ServerSignature On
ServerTokens Full

which will produce these values

SERVER["SERVER_SIGNATURE"]	<address>Apache/2.4.4 (Win32) PHP/5.3.22 Server at localhost Port 80</address>
SERVER["SERVER_SOFTWARE"]	Apache/2.4.4 (Win32) PHP/5.3.22

- Force Apache to listen only on the IPv4 range
Replace

Listen 80

with

Listen 0.0.0.0:80

- If you want to use IPv6 and your system supports it.
Replace

Listen 0.0.0.0:80

with

Listen 0.0.0.0:80
Listen [::0]:80

- Specify the port (although this is the default) to localhost to facilitate any changes in port.

Replace:

ServerName localhost

with

ServerName localhost:80

- By default, the base directory of the server is accessible to anyone accessing your server - this is not secure and should not be allowed. So,
Replace:

<Directory />
    AllowOverride none
    Require all granted
</Directory>

with

<Directory />
    AllowOverride none
    Require all denied
</Directory>

- Fix this "cosmetic mistake" as it may prove important in later releases
Replace:

    #
    # AllowOverride controls what directives may be placed in .htaccess files.
    # It can be "All", "None", or any combination of the keywords:
    #   AllowOverride FileInfo AuthConfig Limit
    #
    AllowOverride All

with

    #
    # AllowOverride controls what directives may be placed in .htaccess files.
    # It can be "All", "None", or any combination of the keywords:
    #   AllowOverride FileInfo AuthConfig Limit
    #
    AllowOverride all

- We now come to the important point of connection permissions that are in Apache-2.2.x syntax when they should be Apache 2.4 syntax. As a bonus the 2.4 syntax is much easier to use and understand as well.
Replace:

# Require all granted
# onlineoffline tag - do not remove
     Order Deny, Allow
     Deny from all
     Allow from 127.0.0.1
     Allow from :: 1
     Allow from localhost

with

# onlineoffline tag - do not remove
    Require local

- The script that WAMP runs when you Put Online and Put Offline must also now be changed as that script dynamically replaces the above section of code to change the security to allow access from the web or not.
This script lives in C:\wamp\scripts\onlineOffline.php and should be changed as follows.
Replace the following section of this script:

$onlineText = "# onlineoffline tag - do not remove
    Order Allow, Deny
    Allow from all ";

$offlineText = "# onlineoffline tag - do not remove
    Order Deny, Allow
    Deny from all
    Allow from 127.0.0.1
    Allow from :: 1
    Allow from localhost ";

with

$onlineText = "# onlineoffline tag - do not remove
    Require all granted";

$offlineText = "# onlineoffline tag - do not remove
    Require local";

- Now there is also a problem with one of the scripts WAMPServer uses internally, it does not actually make the required changes to the httpd.conf file, although it does not report any errors. The problem is caused because the script is in UNIX format instead of DOS format.
If you have a good editor and you know how to use it then you should edit c:\wamp\scripts\onlineOffline.php and run the 'convert Unix/MAC to DOS' process on it and then save it.

However if you dont have such an editor, well you really should get one. But if your cant then try this on the file c:\wamp\scripts\onlineOffline.php file.

Launch a Windows command window and do the following:

CD C:\wamp\scripts
copy onlineOffline.php onlineOffline.txt
del onlineOffline.php
type onlineOffline.txt | more /E /P > onlineOffline.php

That should do the conversion for you and the code should now find and replace the correct information in httpd.conf.


- Duplication of reporting logfile
Replace:

    CustomLog "logs/access.log" common
    CustomLog "D :/ wamp/logs/access.log" common

with just the single line

    CustomLog "D :/ wamp/logs/access.log" common

- Enable compression modes on the fly
Replace:

    # AddEncoding x-compress. Z
    # AddEncoding x-gzip gz. tgz.

with

    AddEncoding x-compress. Z
    AddEncoding x-gzip gz. Tgz.

- Improve performance under Windows
Replace:

# EnableSendfile on

with

# EnableSendfile on

# AcceptFilter: Windows, none uses accept () instead of AcceptEx ()
# And do not recycle sockets between connections. This is useful
# Network interfaces for which the pilot is defective, and for
# Some network providers like vpn pilots or filters
# Anti-spam, anti-virus or anti-spyware.
AcceptFilter http none
AcceptFilter https none

- We do not need the SPM (Server Pool Management)
Replace:

Include conf/extra/httpd-mpm.conf

with

# Include conf/extra/httpd-mpm.conf

- However, it would be nice to have the Apache folder icons working as we are giving them disk space.
Replace:

# Fancy directory listings
# Include conf/extra/httpd-autoindex.conf

with

# Fancy directory listings
Include conf/extra/httpd-autoindex.conf

In this case, we must also verify that the related module is loaded, so check that the following line is uncommented (no # at the beginning)

LoadModule autoindex_module modules/mod_autoindex.so

This on its own is not enough. We must also ensure that the directives are good in the file C:\wamp\bin\apache\Apache2.4.4\conf\extra\httpd-autoindex.conf , it must be:

Alias /icons/ "icons/"

<Directory "icons">
    Options Indexes MultiViews
    AllowOverride None
	Require all granted
</Directory>

Save the file C:\wamp\bin\apache\apache2.4.4\conf\httpd.conf which you have just modified.


-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-
-+-+-+- File php.ini -+-+-+-
-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-

Before you edit the php.ini file, it is necessary to modify the contents of the file C:\wamp\bin\php\php5.4.16\wampserver.conf:
1. I have deleted the lines referring to Apache 1.3 and 2.0 because of their incompatibility with PHP 5.3 and higher.
2. I added the missing references to Apache 2.4

So edit C:\wamp\bin\php\php5.4.16\C:\wamp\bin\php\php5.4.16\wampserver.conf and replace the contents with the code below:

<?php

$phpConf['phpIniDir'] = '.';
$phpConf['phpExeDir'] = '.';
$phpConf['phpConfFile'] = 'php.ini';

$phpConf['apache']['2.2']['LoadModuleName'] = 'php5_module';
$phpConf['apache']['2.2']['LoadModuleFile'] = 'php5apache2_2.dll';
$phpConf['apache']['2.2']['AddModule'] =  '';

$phpConf['apache']['2.4']['LoadModuleName'] = 'php5_module';
$phpConf['apache']['2.4']['LoadModuleFile'] = 'php5apache2_4.dll';
$phpConf['apache']['2.4']['AddModule'] =  '';

?>

If you are copying PHP versions from an older WampServer install, or using ADDONS for old PHP versions, you will need to do this to the wampserver.conf file in each php.x.y.z folder you copy over or install. But you must also check that that folder contains the php5apache2_4.dll before adding the section of code above that references that dll.
Also if you want to be able to switch between versions of PHP, bear in mind not all versions of PHP's will run with Apache2.4, you will therefore have to copy over from an old install or Add more a version of Apache 2.2.x so that you can still run old versions of PHP.

When the wampserver.conf is set correctly WampManager ( the icon that sits in the system tray when wamp is running ) will add No Entry icons to the versions of PHP that are not compatible with the running version of Apache. You will not be able to switch to versions of PHP that have the No Entry symbols next to them.


The configuration file for php5.4.16 i.e. C:\wamp\bin\apache\apache2.4.4\bin\php.ini includes extensions that no longer exist and is not in the correct order, for example the exif extension must be after mbstring. Edit the file C:\wamp\bin\apache\apache2.4.4\bin\php.ini to replace the entire section on extensions by:

I put a few lines before and after in order to show to find the correct part of the file

; Windows Extensions
; Note that ODBC support is built in, so no dll is needed for it.
; Note that many DLL files are located in the extensions/ (PHP 4) ext/ (PHP 5)
; extension folders as well as the separate PECL DLL download (PHP 5).
; Be sure to appropriately set the extension_dir directive.
;
extension=php_bz2.dll
;extension = php_com_dotnet.dll
extension=php_curl.dll
;extension = php_enchant.dll
;extension=php_fileinfo.dll
extension=php_gd2.dll
extension=php_gettext.dll
;extension=php_gmp.dll
extension=php_intl.dll
;extension=php_imap.dll
;extension=php_interbase.dll
;extension=php_ldap.dll
extension=php_mbstring.dll
;php_exif must be after php_mbstring as it depends upon it for its functioning
;extension=php_exif.dll
;extension=php_mssql.dll
extension=php_mysql.dll
extension=php_mysqli.dll
;Use with Oracle 10gR2 Instant Client
;extension=php_oci8.dll
; Use with Oracle 11gR2 Instant Client
;extension=php_oci8_11g.dll
extension=php_openssl.dll
;extension=php_pdo_firebird.dll
extension=php_pdo_mysql.dll
;extension=php_pdo_oci.dll
;extension=php_pdo_odbc.dll
;extension=php_pdo_pgsql.dll
;extension=php_pdo_sqlite.dll
;extension=php_pgsql.dll
;extension=php_shmop.dll

; The MIBS data available in the PHP distribution must be installed.
; See [http://www.php.net/manual/en/snmp.installation.php]
;extension=php_snmp.dll

;extension=php_soap.dll
;extension=php_sockets.dll
;extension=php_sqlite3.dll
;extension=php_sybase_ct.dll
;extension=php_tidy.dll
extension=php_xmlrpc.dll
;extension=php_xsl.dll

;;;;;;;;;;;;;;;;;;;
; Module Settings ;
;;;;;;;;;;;;;;;;;;;

Some extensions are enabled ( note no ';' at the begining of the line ).
Please bear in mind that the extensions you require activated will depend upon what your applications requires and may not match this example.
However, this list is a list of what is actually available with the none existant extensions removed, so it is still worth starting from here and adding/removing the extensions you do or do not need.



The path on the error_log file parameter is commented (inactive) and must be changed as so:
Replace

;error_log = "C:/wamp/logs/php_error.log"

with

error_log = "C:/wamp/logs/php_error.log"

PHP5.4 is much more reliant upon a correct timezone being set than before so
Replace :

date.timezone = UTC

with

date.timezone = "Europe/London"

Or rather a timezone that fits your location. See [php.net] to get a valid timezone.


If you use internationalisation in your scripts:
Replace

;Intl.default_locale =

with

intl.default_locale = en_GB
;This Directive Allows you to Produce PHP Errors when some error
;Happens Within Int'l functions. The value is the level of the error produced.
;Default is 0, All which Does not Produce any errors.
intl.error_level = E_WARNING

Or rather a locale that fits your location/needs.

Also remember if you are using internationalisation, you will need to copy these files from the
php folder \wamp\bin\php\php5.4.16
to the apache folder \wamp\bin\apache\apache2.2.23\bin
for it to work correctly:

icudt??.dll
icuin??.dll
icuio??.dll
icule??.dll
iculx??.dll
icutest??.dll
icutu??.dll
icuuc??.dll

Replace

mysql.default_port =

with

mysql.default_port = 3306

Replace

[PostgresSQL]

with

[PostgreSQL]

The php.ini file also contains parameters that no longer exists in PHP5.4.x. There are a few options that are completely obsolete and no longer have any effect on PHP 5.4.16
Below you will find all the parts that can be deleted this file.
As usual, before making the changes, make a backup the original file and make one change at a time, restarting Apache after each change to see if it causes any problems that cause apache not to restart.

Remember you always have the option of running thsi command from the windows command prompt:

c:\wamp\bin\apache\apache2.4.4\bin\httpd -t

It is very good at identifying errors in the config file and giving you line numbers where the error occured.

Remove:

;Allow_call_time_pass_reference
;Default Value: On
;Development Value: Off
;Production Value: Off

;Magic_quotes_gpc
;Default Value: On
;Development Value: Off
;Production Value: Off

;Register_long_arrays
;Default Value: On
;Development Value: Off
;Production Value: Off

;Session.bug_compat_42
;Default Value: On
;Development Value: On
;Production Value: Off

;Session.bug_compat_warn
;Default Value: On
;Development Value: On
;Production Value: Off

;Enforce year 2000 compliance (because Will problems with non-compliant browsers)
;[ php.net ]
y2k_compliance = On

;This Directive Allows you to enable and disable warnings All which PHP Will end
;If you pass a value by reference at function call time. Passing values ??by
;Reference at function call time is a deprecated feature Will Be All which removed
; From PHP at some points in the near future. The acceptable method for passing a
;Value by reference to a function is by Declaring the reference in the functions
;Definition, not at call time. This Directive Does not disable this feature, it
; Only DETERMINED Whether PHP Will warn you about it or not. These warnings
;Shoulds enabled in development environments only.
;Default Value: On (Suppress warnings)
;Development Value: Off (Issue warnings)
;Production Value: Off (Issue warnings)
;[ php.net ]
allow_call_time_pass_reference = Off

;Safe Mode
;[ php.net ]
safe_mode = Off

;By default;Safe Mode Does a UID compare check When
;Opening files. If you want to relax this to a GID compare,
;Then turn on safe_mode_gid.
;[ php.net ]
safe_mode_gid = Off

;When safe_mode is on, UID / GID checks are BYPASSED When
;Including files from this directory and Its subdirectories.
;(Aussi directory must be in include_path or full path must
;When Including be used)
;[ php.net ]
safe_mode_include_dir =

;When safe_mode is on, only executables located in the safe_mode_exec_dir
;Will Be allowed to be Executed via the exec family of functions.
;[ php.net ]
safe_mode_exec_dir =

;Setting some environment variables May be a potential security breach.
;This directive contains a comma-delimited list of prefixes. In Safe Mode,
;The user May only alter environment variables Whose names begin with the
;Prefixes Supplied here. By default, users Will only be ble to set
;That begin with PHP_ variables (eg PHP_FOO = BAR) environment.
;Note: If this directive is empty, PHP Will let the user modify ANY
;Variable environment!
;[ php.net ]
safe_mode_allowed_env_vars = PHP_

;This directive contains a comma-delimited list of environment variables That
;The end user will not be ble to change using putenv (). These variables Will Be
;Protected even if safe_mode_allowed_env_vars is set to allow to change em.
;[ php.net ]
safe_mode_protected_env_vars = LD_LIBRARY_PATH

;Whether or not to register the EGPCS as global variables. You May
;Want to turn this off if you do not want to clutter your scripts' global scope
;With user data. This makes sense MOST When coupled with track_vars - All which in
; Case you can access all of the GPC variables through the $ HTTP_ * _VARS []
; Variables.
;Shoulds You do your best to write your scripts so That They Do not require
;Register_globals to be on; Using form variables as globals can lead Easily
;To be security problems, if the code is not very well thought of.
;[ php.net ]
register_globals = Off

;Determines Whether the deprecated long $ HTTP_ * _VARS such predefined variables
;Are registered by PHP or not. As They are deprecated, Obviously we do
;Recommend you use 'em. They are on by default for compatibility purpose Reasons
;They are not recommended on Production servers.
;Default Value: On
;Development Value: Off
;Production Value: Off
;[ php.net ]
register_long_arrays = Off

;Magic quotes are a preprocessing feature of PHP PHP Where Will attempt to
;Escape any character sequences in GET, POST, COOKIE and ENV data All which might
;Otherwise corrupt data Being Placed in resources: such as databases before
;That making data available to you. Because of character encoding issues and
;Non-standard SQL implementations across many databases, it's not Currently
? potential for this feature to be 100% accurate. PHP's default behavior is to
;Enable the feature. We Strongly recommend you use the escaping Mechanisms
;Designed SPECIFICALLY for the database your using INSTEAD of Relying on this
;Feature. Also note this feature has-been deprecated as of PHP 5.3.0 and is
;Scheduled for removal in PHP 6.
;Default Value: On
;Development Value: Off
;Production Value: Off
;[ php.net ]
magic_quotes_gpc = Off

;Magic quotes for runtime-generated data, eg data from SQL, from exec (), etc..
;[ php.net ]
magic_quotes_runtime = Off

;Use Sybase-style magic quotes (escape 'with'' INSTEAD of \').
;[ php.net ]
magic_quotes_sybase = Off

;PHP 4.2 and less Have An undocumented feature / bug That Allows you to
;To initialize a session variable in the global scope, Even When register_globals
;Is disabled. PHP 4.3 and later Will warn you, if this feature is used.
;You can disable the feature and the warning separately. At this time,
;The warning is only displayed, if bug_compat_42 is enabled. This feature
;Introduces some serious security problems if not handled Correctly. It's
;Recommended That You do not use this feature on Production servers. Purpose you
;Shoulds enable this on development servers and enable the warning as well. If you
;Do not enable the feature on development servers, you will not be warned When It's
;Used and debugging errors Caused by this difficulty can be to track down.
;Default Value: On
;Development Value: On
;Production Value: Off
;[ php.net ]
session.bug_compat_42 = On

;This setting controls Whether or not you are warned by PHP When initializing a
;Session value into the global space. session.bug_compat_42 must be enabled before
;Warnings thesis can be Issued by PHP. See the directive above for more information.
;Default Value: On
;Development Value: On
;Production Value: Off
;[ php.net ]
session.bug_compat_warn = On

Save the changed file.


-+-+-+-+-+-+-+-+-+-+-+-+-+-+-
-+-+-+- File my.ini +-+-+-
-+-+-+-+-+-+-+-+-+-+-+-+-+-+-

Changes to the file C:\wamp\bin\mysql\mysql5.6.12\my.ini are independent of changes to phpMyAdmin. Edit the file C:\wamp\bin\mysql\mysql5.6.12\my.ini

- Disable binary "logs" they can take a lot of space and slow down the system. To do this you must comment out the line that allows said logs as well as giving the format:

# Binary logging is required for replication
# Log-bin = mysql-bin

# Binary logging size - mixed recommended
# Binlog_format = mixed

- Do not start replication mode, unless you need it. So add in these lines:

# Skip Replication Slave processing if not required
# New for MySQL 5.6 if no slave
skip-slave-start

- Add a default engine by default. InnoDB is more complex so we will choose MyISAM, add the following lines unless you prefer to use another storage engine:

# The default storage engine That Will Be used when we create new tables
# New for MySQL 5.6 default_tmp_storage_engine if skip-innodb
default-storage-engine = MyISAM
default_tmp_storage_engine = MyISAM

- You can add this to make error messages diplay in your prefered language, messages are produced in english by default, this would convert them to French.

# Path to the language
lc-messages-dir = C:/wamp/bin/mysql/mysql5.6.12/share
# Change this to suit your needs
lc-messages = fr_FR

- Add these parameter somewhere in the section [wampmysqld] if you are using mysql5.6
explicit_defaults_for_timestamp
# If mysql uses large amount of memory this can reduce its footprint to a more sensible size
# This param relates to MYISAM cache size ( 400 ) is the min allowed
table_definition_cache = 600



-+-+-+-+-+-+-+-+-+-+-+-+-
-+-+-+- PhpMyAdmin +-+-+-
-+-+-+-+-+-+-+-+-+-+-+-+-


First let's correct the file that controls access to phpMyAdmin.
These still contain the old Apache 2.2 security directives so lets create totally new content for this file.
Edit C:\wamp\alias\phpmyadmin.conf and replace the content with the following code.

Alias /phpmyadmin "C:/wamp/apps/phpmyadmin4.0.4/"

# To give access to phpmyadmin from outside
# Replace the line
#
# Require local
#
# By
#
# Require all granted
#

<Directory "C:/wamp/apps/phpmyadmin4.0.4/">
   Options Indexes FollowSymLinks MultiViews
   AllowOverride all
   Require local
</Directory>

Important Note You should also make similiar changes to C:\wamp\alias\sqlbuddy.conf and C:\wamp\alias\webgrind.conf


PhpMyAdmin reads its configuration from 2 files, first from C:\wamp\apps\phpmyadmin4.0.4\libraries\config.default.php (which we should NEVER changed), and then from the local configuration file C:\wamp\apps\phpmyadmin4.0.4\config.inc.php (If the file exists), which means we use this file to tailor phpMyAdmin to our specific requirements. If you read the phpMyAdmin documentation there is a lot of things you can tailor.
The people at WAMP set this file up to a state compatible with an easy click and go situation, however there is lots of "stuff" that serves no purpose in the WAMP4.2 version of this file. I therefore offers a simplified and clarified config.inc.php file contents. This can be used regardless of Apache, MySQL of PHP version and thus becomes:

<?php

/* Servers configuration */
$i = 0;

$cfg['blowfish_secret'] = 'a8b7c6d'; //Change this to something else

/* Server: localhost [1] */
$i++;
$cfg['Servers'][$i]['extension'] = 'mysqli';
$cfg['Servers'][$i]['auth_type'] = 'config';
$cfg['Servers'][$i]['user'] = 'root';
$cfg['Servers'][$i]['password'] = '';
$cfg['Servers'][$i]['AllowNoPassword'] = true;

// Remove the Configuration storage warning about pmadb
$cfg['PmaNoRelation_DisableWarning'] = true;
/* End of servers configuration */

?>

I believe this will remove the WOOD so you can see the TREE'S

The warning 'The phpMyAdmin configuration storage is not completely configured, some extended features have been deactivated.' has been removed by adding the '$cfg['PmaNoRelation_DisableWarning'] = true;. Have no fear, this is not a required feature and probably is not used by more that 1% of phpMyAdmin users, and certainly not beginners.

The message 'A newer version of phpMyAdmin is available and you should consider upgrading. The newest version is xxx, released on yyy.' still remains, but unless you have an actual need for a feature that does not exist in this version, just dont worry about it.

If you must upgrade, here is how to do it:
Go to http://sourceforge.net/projects/phpmyadmin/files/phpMyAdmin/ for the latest release. Select the version you want. Select the language that you want. Download it.
- It's a .zip or a .7z, so extract it somewhere.
- Move the extracted folder to the C:\wamp\apps folder.
- Remove the language name from the folder name, leaving the folder name in a simialiar format to the existing phpMyAdmin folder name.
- copy over the config.inc.php file from the original install of phpmyadmin.
- amend the c:\wamp\alias\phpmyadmin.conf file so that it references the new folder name

#>> Change the directory name on this line to the new version
Alias /phpmyadmin "D:/wamp/apps/phpmyadmin4.0.4/"

# To give access to phpmyadmin from outside
# Replace the line
#
# Require local
#
# By
#
# Require all granted
#
#>> Change the directory name on this line to the new version
<Directory "d:/wamp/apps/phpmyadmin4.0.4/">
    Options Indexes FollowSymLinks MultiViews
    AllowOverride all
    Require local
</Directory>

- Restart the Apache service, so it sees the changes to the c:\wamp\alias\phpmyadmin.conf
Launch phpmyadmin and you should be running the new version.


Password for MySQL's default root userid
When you install WAMP and therefore MySQL for the first time, MySQL has two userid's setup by default.
Those userids are
'root' (without quotes and all lowercase).
and
'Any' (without quotes).


In its initial state these userids does not have a password associated with them. This means the first time you try and login using phpMyAdmin or any other database query tool you do not have to specify a password. But this is very insecure left this way, but there has to be a predefined userid and it has to have a known password, so no password is as good as anything else they may have come up with!

So the first thing you should do with your MySQL Server is secure this 'root' userid by adding a password to it, and a fairly strong one at that. You should see that there are 3 'root' userid actually, this is done becasue you might be accessing phpMyAdmin from the IPV4 range i.e. 127.0.0.1 or localhost or the IPV6 range i.e. ::1. You should change the password on all 3 'root' accounts to the same password
I personally delete the 'Any' accounts for further security.
I then create a new account also with Super User privileges with a name that hackers wont necessarity guess ( i.e. not admin,super,boss etc ).
Then once I am sure the new super user account works, I also delete the 'root' accounts.
This way if someone does try hacking my MySQL Server they dont even know which Userid to try and hack, like they would if I left the 'root' userid in existance, which hopefully makes their lives even more difficult.
But beware, make sure the new super user account works as expected before deleting 'root'. It may be a good idea to take a backup of the c:\wamp\bin\mysql\mysqlx.y.z\data\mysql folder before you start anything like this if you are a beginner. You can then copy it back and start again from a known point if it all goes wrong.

Important To avoid problems with different character sets avoid using accented characters in passwords. Stick to a-z,A-Z,0-9 and these special characters # _ - ~ & $ % : ;

Now once you have changed the password on the 'root' account, you now need to go back and edit the C:\wamp\apps\phpmyadmin4.0.4\config.inc.php and change it so that no login is allowed without a password. This was originally set to be allowed so you could get into mysql initially, but now you have a password you can plug that little loop hole.

$cfg['Servers'][$i]['AllowNoPassword'] = true;

to

$cfg['Servers'][$i]['AllowNoPassword'] = false;

Now when you launch phpMyAdmin it will present you with a login page and ask for a userid and password.
Dont forget your password(s), its a pain to have to try and recover and or reset them.



If you have questions or corrections please start a new thread and detail to report any problems.


This document translated from the original which can be found here [forum.wampserver.com], if French, is your prefered language, written by Otomatic.
I have made one or two changes/additions as I went through it.