Configuring Matomo (Piwik) so that all requests are made over SSL (https://) is an easy way to improve security and keep your data safer. To ensure that logins, passwords and the token_auth are not sent in the clear, you can manually set a config file setting.

  • First of all, make sure that your Matomo server is configured so that requests to work as expected. We also recommend you use a valid SSL certificate. If you use NGINX web server, you likely need to add the following line to your nginx config: fastcgi_param HTTPS $https if_not_empty;.

  • Then install the plugin ForceSSL from the Marketplace. Learn more about how to install a plugin in Matomo.

  • Or alternatively, you can also edit your config/config.ini.php file, and add the following under the [General] section, set the following:

    force_ssl = 1

Matomo will then automatically redirect all http:// requests to route to the https:// equivalent. Learn more tips about how to secure Matomo.

If for some reasons you need to disable the “Force SSL” feature, simply remove force_ssl=1 from your config.ini.php file.