Security
Follow https://docs.phpmyadmin.net/en/latest/setup.html#securing-your-phpmyadmin-installation
And from https://docs.phpmyadmin.net/en/latest/config.html#web-dirs
For security reasons, all directories should be outside the tree published by webserver. If you cannot avoid having this directory published by webserver, limit access to it either by web server configuration (for example using .htaccess
Enable syslog
logging for fail2ban, see https://docs.phpmyadmin.net/en/latest/config.html#cfg_AuthLog