We highly recommend that all Piwik administrators enable the SecurityInfo plugin, and then view the Settings. The plugin is a tool in a multilayered security approach.

Performed checks include for instance usage of latest PHP version, usage of latest Piwik version, usage of PHP ini settings like magicquotesgpc and more.

Does the plugin replace secure development practices or audit the code/application?

No, it doesn't. It just gives you some information based on PhpSecInfo from the PHP Security Consortium.

  • Security Info

1.0 Initial release

History

  • 1.0.5 from Jun 9th 2014
  • 1.0.4 from Feb 23rd 2014
  • 1.0.3 from Feb 18th 2014
  • 1.0.2 from Nov 1st 2013
  • 1.0.1 from Nov 1st 2013
  • 1.0 from Oct 31st 2013

Please direct any feedback to hello@piwik.org