Securing Xampp

Posted on by admin

The following instructions describe XAMPP configuration in some detail. A quickstart guide for installing Drupal and XAMPP on Windows is also available. (NOTE: XAMPP is only intended for use as a local test server which is available on your own computer. It has been created for ease-of-use, but not for production level security. I'd say 'do not use XAMPP'. Don't install a security hole and try to close it down; instead, start with nothing and gradually install & open up what's needed. Apache, MySQL, PHP all have standalone Windows builds. – grawity Feb 2 '15 at 13:26. Security vulnerabilities related to Xampp: List of vulnerabilities related to any product of this vendor. Cvss scores, vulnerability details and links to full CVE details and references (e.g.: CVE-2009-1234 or 2010-1234 or 20101234). Generate a CSR code for Localhost XAMPP The Certificate Signing Request, or simply CSR, is a small, encoded text file containing information about your domain and/or company. All commercial CAs require SSL applicants to submit a CSR code, as part of the SSL validation process.

If you are a WordPress plugin or WordPress theme developer, or provide professional WordPress support from time to time you need to run multiple WordPress websites on the same XAMPP installation on Windows. Multiple websites running on the same Apache web server are called Virtual Hosts. In this easy to follow tutorial we explain how to setup multiple virtual hosts on XAMPP so you can run multiple WordPress websites on the same XAMPP installation.

Configure Virtual Hosts in XAMPP

  1. To add virtual hosts in XAMPP, or in other words, to configure multiple websites on XAMPP, open the Virtual Hosts Apache configuration file httpd-vhosts.conf from C:xamppapacheconfextra
  2. Uncomment the below line to enable name based virtual hosts on your XAMPP.
  1. At the end of the file add the following 4 lines. These 4 lines are used to allow access to the XAMPP configuration pages (to access phpMyAdmin etc) by using the URL http://localhost
  1. For each other virtual host (website) you would like to configure on the XAMPP Apache web server, add the below code (using www.wpwhitesecurity.com as example).
  1. By adding the above directives to httpd-vhosts.conf (XAMPP virtual hosts configuration file), the Apache web server running on XAMPP knows that:
    1. The website files can be found in c:xampphtdocswppro (line 2)
    2. This website should respond to www.wpwhitesecurity.com (line 3)
    3. Allow everyone to access the content of the directory (line 4 to 7)
  2. To test and confirm that all the syntax in the Apache configuration is correct, run the httpd.exe process with the –t switch from the c:xamppapachebin directory as seen in the below screenshot.

Configure the Windows Hosts File

Securing Camper To Truck

Use the Windows Hosts file to redirect the traffic from your computer to the local installation of XAMPP rather than to the original website. E.g. while testing new WordPress changes for our website WP White Security.com, I add an entry in the Windows Hosts file to redirect requests from my browser to the local intallation of XAMPP. To learn on how to redirect traffic using Windows Hosts file, read our webmaster tip Configuring Windows Host Files.

Configuration example: Running multiple websites on XAMPP

If you would like to add more than one virtual host (website) to XAMPP, simple add more VirtualHost directives to the same file. In my testing environment I have the following websites set up:

  • www.WP White Security.com from c:xampphtdocswppro
  • www.wphandymen.com from c:xampphtdocswphandy
Securing Xampp

Secure Xampp Phpmyadmin

To have both websites and the XAMPP configuration pages (localhost) running on my XAMPP installation, I have the following in the XAMPP virtual hosts configuration file (httpd-vhosts.conf).