XAMPP SECURITY

(Requests allowed from localhost only)

This page gives you a quick overview about the security status of your XAMPP installation. (Please continue reading after the table.)

Subject
Status
These XAMPP pages are accessible by network for everyone    UNSECURE
Every XAMPP demo page you are right now looking at is accessible for everyone over network. Everyone who knows your IP address can see these pages.
The MySQL admin user root has no longer no password    SECURE
PhpMyAdmin is free accessible by network    UNSECURE
PhpMyAdmin is accessible by network without password. The configuration 'httpd' or 'cookie' in the "config.inc.php" can help.
The FileZilla FTP password was changed    SECURE

The green marked points are secure; the red marked points are definitively unsecure and the yellow marked points couldn't be checked (for example because the sofware to check isn't running).

To fix the problems for mysql, phpmyadmin and the xampp directory simply use

=> http://localhost/security/xamppsecurity.php <= [allowed only for localhost]

Some other important notes:

All these test are made ONLY for host "localhost" (127.0.0.1).
For FileZilla FTP und Mercury Mail, you must fix all security problems by yourself! Sorry.
If your computer is not online or blocked by a firewall, your servers are SECURE against outside attacks.
If servers are not running, these servers are also SECURE!

Please consider this: With more XAMPP security some examples will NOT execute error free. If you use PHP in "safe mode" for example some functions of this security frontend will not working anymore. Often even more security means less functionality at the same time.

The XAMPP default ports:

ftp 21/tcp # File Transfer [Control] (XAMPP: FTP Default Port)

smtp 25/tcp mail # Simple Mail Transfer (XAMPP: SMTP Default Port)

http 80/tcp # World Wide Web HTTP (XAMPP: Apache Default Port)

pop3 110/tcp # Post Office Protocol - Version 3 (XAMPP: POP3 Default Port)

imap 143/tcp # Internet Message Access Protocol (XAMPP: IMAP Default Port)

https 443/tcp # http protocol over TLS/SSL (XAMPP: Apache SSL Port)

mysql 3306/tcp # MySQL (XAMPP: MySQL Default Port)

AJP/1.3 8009 # AJP/1.3 (XAMPP: Tomcat AJP/1.3 Port)

http-alt 8080/tcp # HTTP Alternate (see port 80) (XAMPP: Tomcat Default Port)

	Subject	Status
	These XAMPP pages are accessible by network for everyone	UNSECURE
	Every XAMPP demo page you are right now looking at is accessible for everyone over network. Everyone who knows your IP address can see these pages.

	The MySQL admin user root has no longer no password	SECURE

	PhpMyAdmin is free accessible by network	UNSECURE
	PhpMyAdmin is accessible by network without password. The configuration 'httpd' or 'cookie' in the "config.inc.php" can help.

	The FileZilla FTP password was changed	SECURE

ftp	21/tcp	# File Transfer [Control] (XAMPP: FTP Default Port)
smtp	25/tcp	mail # Simple Mail Transfer (XAMPP: SMTP Default Port)
http	80/tcp	# World Wide Web HTTP (XAMPP: Apache Default Port)
pop3	110/tcp	# Post Office Protocol - Version 3 (XAMPP: POP3 Default Port)
imap	143/tcp	# Internet Message Access Protocol (XAMPP: IMAP Default Port)
https	443/tcp	# http protocol over TLS/SSL (XAMPP: Apache SSL Port)
mysql	3306/tcp	# MySQL (XAMPP: MySQL Default Port)
AJP/1.3	8009	# AJP/1.3 (XAMPP: Tomcat AJP/1.3 Port)
http-alt	8080/tcp	# HTTP Alternate (see port 80) (XAMPP: Tomcat Default Port)