Configuring Piwik so that all requests are made over SSL (https://) is an easy way to improve security and keep your data safer. To ensure that logins, passwords and the token_auth are not sent in the clear, you can manually set a config file setting.

  • First of all, make sure that your Piwik server is configured so that requests to https://yourserver.com/piwik/index.php work as expected. We also recommend you use a valid SSL certificate.
  • In your config/config.ini.php file, add the following under the [General] section, set the following:

    [General]
    force_ssl=1
    

Piwik will then automatically redirect all http:// requests to route to the https:// equivalent. Learn more tips about how to secure Piwik.