At Matomo (Piwik) and at InnoCraft, we have always focussed on Security and take it very seriously. We were one of the first open source projects to offer a bug bounty for reporting security issues responsibly, Matomo has gone through several security audits and all changes in Matomo go through security reviews by our security experts.
On the Matomo Marketplace you will find some plugins that give you just that extra bit of additional security to keep your data even more secure and to let you secure how your users log in to your Matomo.
This plugin provides security information about the server(s) your Matomo is running on and offers suggestions on how to improve the security settings of your servers. We highly recommend to install the Security Info plugin. Checks performed include for example usage of the latest PHP version, usage of latest Matomo version, usage of PHP ini settings like magic_quotes_gpc and more. More details & download
This plugins adds Two Factor Authentication, also known as 2FA, to Matomo. When logging in to Matomo, it forces you to confirm the identity by utilizing a combination of two different components. This means if someone knows your password, they will still need the other component in order to successfully log in, in this case a code that changes every minute on your phone. More details & download
By Stefan Giehl
The plugin gives you a detailed audit log of all activities that happen in your Matomo for better security and problem diagnostic. It provides documentary evidence of over 80 different activities that happen in your Matomo and lets you for example see when someone successfully logged in, when someone tried to log in with your username, when someone deleted data, and much more. More details
By InnoCraft, the makers of Matomo. Pricing starts from 39€ / $49 a year.
This feature allows a user to log in from multiple locations (different browsers, computers, …) as usual and makes sure to log you out of all sessions as soon as you log out from any of these locations. More details & download
For security and privacy reasons you should always use Matomo over HTTPS (SSL). By activating this plugin, you make sure to redirect all “http://” requests to “https://” in the Matomo UI and API. More details & download
By InnoCraft, the makers of Matomo.
This plugin checks your Matomo configuration and compares it with some best practice settings. For example whether debug modes are disabled in a production environment, whether the example plugins that are shipped with Matomo are disabled, and more. Please note that this plugin works only with Matomo 2. More details & download
Some companies might already manage their users in an LDAP server. This plugin allows you to log in to your Matomo via a central LDAP and supports web server authentication (eg. for Kerberos SSO). It authenticates with an LDAP server and uses LDAP information to personalize Matomo. More details & download
Shibboleth is an open-source project that provides a Single Sign-On and allows websites to make informed authorization decisions in a privacy-preserving manner. Using this plugin allows you to connect to an existing Shibboleth environment so you need to manage users only once. More details & download
Login Http Auth
This plugin allows you to sign in to your Matomo using the HTTP Auth protocol instead of the standard login mechanism. It extends the standard Matomo authentication to use Basic HTTP Authentication. This may be useful if you use Basic HTTP Authentication already anyway and don’t want to manage your users additionally in Matomo itself. We recommend to use this only over SSL, for example with the Force SSL plugin. More details & download
Matomo is an analytics platform that you can extend and customize to your needs. Besides many configuration options you can change existing functionality and also build new functionality on top of Matomo, for example to log in to your Matomo via any Single-Sign-On. Read more about extending Matomo on the Matomo Developer Zone or get in touch with us and we take care of it for you.