We highly recommend that all Piwik administrators enable the SecurityInfo plugin, and then view the Settings. The plugin is a tool in a multilayered security approach.

Performed checks include for instance usage of latest PHP version, usage of latest Piwik version, usage of PHP ini settings like magic_quotes_gpc and more.

Does the plugin replace secure development practices or audit the code/application?

No, it doesn't. It just gives you some information based on PhpSecInfo from the PHP Security Consortium.

  • Security Info


  • 1.0.6 from Oct 6th 2016
  • 3.0.0 from Sep 13th 2016
  • 1.0.5 from Jun 9th 2014
  • 1.0.4 from Feb 23rd 2014
  • 1.0.3 from Feb 18th 2014
  • 1.0.2 from Nov 1st 2013
  • 1.0.1 from Nov 1st 2013
  • 1.0 from Oct 31st 2013

View and download this plugin for a specific Piwik version: