Using XAMPP web server

XAMPP control panel

As we all (should) know testing out software on live environments isn’t particularly sensible. For the last five years in the office, and longer at home, I’ve been running XAMPP from Apache Friends as a test server on my PC.

XAMPP includes Apache httpd web server plus MySQL, PHP and Perl in an easy to install package (available for Windows, Mac, Linux and Solaris).

I don’t know about you but I’ve spent hours trying to get Apache, MySQL and PHP to speak to one another on a number of PCs. Sometimes without any success, other times after a lot of reading and config file editing. That was when I discovered XAMPP. No more delving into config files to try to coax life into your *AMPP server. Out of the box XAMPP just works.

The latest version for Windows, XAMPP 1.7.4 includes the following:

  • Apache httpd 2.2.17
  • MySQL 5.5.8
  • PHP 5.3.5
  • phpMyAdmin 3.3.9
  • FileZilla FTP Server 0.9.37
  • Tomcat 7.0.3 (with mod_proxy_ajp as connector)


This simplicity, however, comes at a cost: security. As they repeatedly stress on their website

“XAMPP is not meant for production use but only for developers in a development environment. XAMPP is configured is to be as open as possible and to allow the web developer anything he/she wants. For development environments this is great but in a production environment it could be fatal.”

The missing secure elements in XAMPP are:

  • The MySQL administrator (root) has no password.
  • The MySQL daemon is accessible via network.
  • phpMyAdmin is accessible via network.
  • The XAMPP demo page is accessible via network.
  • The default users of Mercury and FileZilla are known.

Security holes which can, of course, all be patched. XAMPP comes with a security status page which allows you to see how secure it currently is.

Setting a root password on MySQL and protecting the XAMPP directory is as simple as clicking a link and filling in a couple of forms.

XAMPP security report showing secure status of the installation


I’ve found XAMPP to be really useful, particularly for testing PHP code, developing WordPress themes and learning new Web apps.

If you don’t fancy XAMPP then there is also WampServer. Or you can get your hands dirty and delve into the config files… but remember: in the config files no-one can hear you scream.

600th anniversary and alumni websites


It’s been a quiet couple of weeks on the Web team blogging front. Which is the complete opposite of what it’s been like within the Web team: blinkered, and with heads down we’ve been racing to complete the 600th anniversary website before graduation (which started yesterday).

If you’ve put in a request by email and we’ve not replied as quickly as we might please accept our apologies. We’ve been working, at times and literally, around the clock to get the site done.

And not just one site, we’ve also had the Development/Alumni relations site to work on at the same time.


Once the sites are both live, and the dust has settled, I’ll blog about our experiences of working with an external design agency and what we learned about working together, as a team of five, on the same project.