By default, phpmyadmin (the essential MySQL admin program for webservers) is installed with an address of /phpmyadmin/ on the default domain on your website.
This means that automated scripts can find it easily, and try brute-force guessing to log on to your databases (usually as root).
There's a few things you can do to make this less of a target,
No More Root
Firstly, change the root account to some other name - it's in the "users" section of Phpmyadmin ("priviledges" on some older versions).
Move PhpMyadmin to a less obvious location
Secondly, move phpmyadmin to another address.
You can do this by editing the apache configuration file for Phpmyadmin.
On (for example) an Ubuntu Linux server, the file is /etc/phpmyadmin/apache.conf .
Right near the top of the file you'll see:
Alias /phpmyadmin /usr/share/phpmyadmin
Change the first phpmyadmin (only) to something else (but not the same not this example):
Alias /lessobvious /usr/share/phpmyadmin
Save it, and restart apache.
Now., you can reach phpmyadmin on your server with:
http://www.example.com/lessobvious/
And it won't be too easy to find for somebody doing a brute force attack to login.