I replied to this yesterday, but my comment seems to have gone missing. Hmm.
I have a VPN (using Tinc) between my servers, my desktop PC, and my laptop. For ‘internal’ / ‘private’ tools like phpMyAdmin, I usually make them accessible only over the VPN. You could use ZeroTier if you want something that’s easy to configure. It works well even if all PCs on your VPN have dynamic IPs. There’s a thread about it here: Zerotier - Great VPN App
phpmyAdmin is quite secure, but you don’t want to have to deal with people trying to brute force the password. You could install something like fail2ban and block people that try to brute force it, but I feel safer restricting it to the VPN only.