We highly recommend that all Matomo administrators enable the SecurityInfo plugin, and then view the Settings. The plugin is a tool in a multilayered security approach.

Performed checks include for instance usage of latest PHP version, usage of latest Matomo version, usage of PHP ini settings like magic_quotes_gpc and more.


View and download this plugin for a specific Matomo version:

Does the plugin replace secure development practices or audit the code/application?

No, it doesn't. It just gives you some information based on PhpSecInfo from the PHP Security Consortium.

  • Security Info

View and download this plugin for a specific Matomo version:


Please share