Vestacp PhpMyAdmin How to secure from bruteforce

In a few days I got strange stuff showing on my apache status list.. Someone just trying to access my phpmyadmin login with various passwords for user root.. Of course that root login is disabled but anyway just to be shure I got this capcha stuff done.

Step 1 :
Go to google recaptcha page GOOGLE RECAPTCHA in order to retrieve site key and secret key:

Add/Register a new site :

Enter the server ip or hostname, domain you want to access the phpmyadmin with, then hit Register button, now you will see site key and secrect key copy this keys we’ll need this in step 2 :

you can go to Advanced Settings >> Domain Name Validation >>> uncheck Verify the origin of reCAPTCHA solutions for wildcard permission i.e. you can access phpmyadmin with any domain and ip which are in the server, this is useful if you’ve many domains and IP hosted on the server and want to access phpmyadmin from all of them.

Step 2 :

After that edit the file and add the lines below mentioned :

nano /usr/share/phpMyAdmin/libraries/config.default.php
and search for:
$cfg[‘CaptchaLoginPublicKey’] = ”;
$cfg[‘CaptchaLoginPrivateKey’] = ”;

You need to set keys for recaptcha, and this is where and you put keys like this..
$cfg[‘CaptchaLoginPublicKey’] = ‘Site key’
$cfg[‘CaptchaLoginPrivateKey’] = ‘Secret key’

And save the config file thats all you’ve enabled captcha for extra security to phpmyadmin it will look like :

Source : From Here