We highly recommend that all Piwik administrators enable the SecurityInfo plugin, and then view the Settings. The plugin is a tool in a multilayered security approach.

Performed checks include for instance usage of latest PHP version, usage of latest Piwik version, usage of PHP ini settings like magic_quotes_gpc and more.


View and download this plugin for a specific Piwik version:

Does the plugin replace secure development practices or audit the code/application?

No, it doesn't. It just gives you some information based on PhpSecInfo from the PHP Security Consortium.

  • Security Info