We highly recommend that all Matomo (Piwik) administrators enable the SecurityInfo plugin, and then view the Settings. The plugin is a tool in a multilayered security approach.

Performed checks include for instance usage of latest PHP version, usage of latest Matomo version, usage of PHP ini settings like magic_quotes_gpc and more.

This plugin is compatible with Matomo 3 (see requirements below for more details).

Does the plugin replace secure development practices or audit the code/application?

No, it doesn't. It just gives you some information based on PhpSecInfo from the PHP Security Consortium.

  • Security Info

Download for Matomo On-Premise This plugin is not available for Matomo for WordPress

Please share