phpMyAdmin root with no password message

After installing WAMP Server it is common when you first access phpMyAdmin to get the following message:

“Your configuration file contains settings (root with no password) that correspond to the default MySQL privileged account. Your MySQL server is running with this default, is open to intrusion, and you really should fix this security hole by setting a password for user ‘.root’.”

To correct this security issue you need to do the following:

  1. Go to phpMyAdmin
  2. Select the Privileges tab
  3. Locate the user “root” that has for a host
  4. Edit the root user privileges by clicking on the corresponding Edit Privileges button
  5. On the Change Password section insert the desired password and press Go
  6. You should now have at the top of the screen the message: “The password for ‘root’@’’ was changed successfully.
  7. Now you need to edit file normally located at C:\wamp\apps\phpmyadmin3.2.0.1 (note that the version indication may vary)
  8. Locate $cfg[‘Servers’][$i][‘auth_type’] = ‘config’; and change from config to cookie so that you get a login window every time you access phpMyAdmin
  9. Locate $cfg[‘blowfish_secret’] = ‘  ‘; line. If you don’t have one add it to your file
  10. Add a secret passphrase to $cfg[‘blowfish_secret’] = ‘  ‘; for example: $cfg[‘blowfish_secret’] = ‘secret_pass’;
  11. Save your changes
  12. Go to the WAMPServer and select Restart All Services
  13. Once all the services have been restarted go to phpMyAdmin and enter the username root and your password to access phpMyAmdin


  1. The blowfish_secret passphrase should not be the same as the root password.
  2. If you don’t add a $cfg[‘blowfish_secret’] line to the file, when you access phpMyAdmin you’ll get the message: “The configuration file now needs a secret passphrase (blowfish_secret).

If you’re interested in learning more about PhpMyAdmin then check out the book “Mastering PhpMydmin for Effective MySQL Management“.