Hello,
Why is phpmyadmin on :8090/phpmyadmin/index.php url public visible, maybe it would be better security practice to leave users an option to hide it or show it only if user is logged in CP?
This could prevend brute force attacks from automated scripts or if vunerability is found in phpmyadmin it would not be public exploitable atleast.
Regards,
M