In the older versions of XAMPP (below 5.5), there are a couple of security vulnerabilities. If you are running XAMPP in your production environment and don’t want to upgrade/install the higher version, then make sure you do few changes in your existing XAMPP security using following steps in your XAMPP configuration files:
The XAMPP configuration file location in different platforms:
In Windows: C:\xampp\apache\conf\extra\httpd-xampp.conf
In Linux: /opt/lampp/etc/extra/httpd-xampp.conf
In OS X: /Applications/XAMPP/etc/extra/httpd-xampp.conf
Put following directives to above mentioned file:
Alias /phpmyadmin “/xampp/phpMyAdmin/”
<Directory “/xampp/phpMyAdmin”>
AllowOverride AuthConfig
Require all granted ## (remove this line if it’s there)
Require local ## (add this line)
Require ip 10.0.0.1 ## (add this line if you one specific ip to access phpmyadmin url)
ErrorDocument 403 /error/XAMPP_FORBIDDEN.html.var ## (add this line)