Home Servers Setting PhpMyAdmin Passphrase (Blowfish_Secret) in Config File

Setting PhpMyAdmin Passphrase (Blowfish_Secret) in Config File


Recently, I updated many things on GeekAct server. Starting from MySQL 5.5 to latest PHP 4.2.5. Things becomes scary when it comes to database changes and updates. You can follow the above two if you also want to update your third-party softwares. Remember these are never auto-updated or by running ‘yum update’.

So, moving to issue. After upgrading to latest PhpMyAdmin, as I logged in to my PhpMyAdmin I was hit with this message;

PhpMyAdmin 403 Error after Login
PhpMyAdmin 403 Error after Login

Not nice, when you are in middle of a backup.

I tried to bypass this and click the database name but again got the same message. So, after scrolling down I saw this message;

The configuration file now needs a secret passphrase (blowfish_secret).

Again not nice. So, something in PhpMyAdmin changed which needs one more authentication. This turned out to be cookie based authentication. It’s a nice thing, so I decided to complete this step.

Fire-up your SSH command panel and open your PhpMyAdmin config file ‘config.inc.php’  for editing. Just make sure to use correct path to PhpMyAdmin folder,

nano /var/www/html/domain.com/phpmyadmin/config.inc.php


nano /etc/webapps/phpmyadmin/config.inc.php

It may happen that this file was never created so, it will be a new file. Now, go to PhpMyAdmin Blowfish Generator website and create a random complex key here or you can just type in your own random long key.

Copy-paste the Output from last box below the example and paste it between Apostrophe’s in section $cfg[‘blowfish_secret’] as shown,

/* This is needed for cookie based authentication to encrypt password in cookie */
$cfg['blowfish_secret'] = 'CODE HERE'; /* YOU MUST FILL IN THIS FOR COOKIE AUTH! */
/* This is needed for cookie based authentication to encrypt password in cookie */
$cfg['blowfish_secret'] = '{^QP+-(3mlHy+Gd~FE3mN{gIATs^1lX+T=KVYv{ubK*U0V'; /* YOU MUST FILL IN THIS FOR COOKIE AUTH! */

Please note that you must enclose the code in PHP tags as shown. Also, don’t use the this example. It is a default example and may be used by hackers for brute force. You were warned!

Now save this file and restart Apache with,

service httpd restart

Refresh the PhpMyAdmin page. The error should go away and you should be able to access database tables and phpmyadmin functions. If not, try restarting the whole server and cleaning your browser cache.


  1. Martha

    July 11, 2014 at 12:39 pm

    I am still getting the same 403 error box after login to PhpMyAdmin. However, the blowfish_error message is now not showing at bottom.
    Any clue?


    • Mrinal Buddekar

      July 12, 2014 at 12:03 pm

      Hello Martha, Please check that phpmyadmin is allowed over localhost or your domain name in httpd.conf (apache configuration).


Don't hesitate. Comment!

Check Also

Install CSF Firewall with Virtualmin Module

Managing Linux firewall can be pain without graphic interface. ConfigServer firewall comes…