At Piwik and at InnoCraft, we have always focussed on Security and take it very seriously. We were one of the first open source projects to offer a bug bounty for reporting security issues responsibly, Piwik has gone through several security audits and all changes in Piwik go through security reviews by our security experts.

On the Piwik Marketplace you will find some plugins that give you just that extra bit of additional security to keep your data even more secure and to let you secure how your users log in to your Piwik.

Security Info

This plugin provides security information about the server(s) your Piwik is running on and offers suggestions on how to improve the security settings of your servers. We highly recommend to install the Security Info plugin. Checks performed include for example usage of the latest PHP version, usage of latest Piwik version, usage of PHP ini settings like magic_quotes_gpc and more. More details & download

By Piwik

Google Authenticator

This plugins adds Two Factor Authentication, also known as 2FA, to Piwik. When logging in to Piwik, it forces you to confirm the identity by utilizing a combination of two different components. This means if someone knows your password, they will still need the other component in order to successfully log in, in this case a code that changes every minute on your phone. More details & download

By Stefan Giehl

Activity Log

The plugin gives you a detailed audit log of all activities that happen in your Piwik for better security and problem diagnostic. It provides documentary evidence of over 80 different activities that happen in your Piwik and lets you for example see when someone successfully logged in, when someone tried to log in with your username, when someone deleted data, and much more. More details

By InnoCraft, the makers of Piwik. Pricing starts from 39€ / $49 a year.

Login Revokable

This feature allows a user to log in from multiple locations (different browsers, computers, …) as usual and makes sure to log you out of all sessions as soon as you log out from any of these locations. More details & download

By Bryan Torosian

Force SSL

For security and privacy reasons you should always use Piwik over HTTPS (SSL). By activating this plugin, you make sure to redirect all “http://” requests to “https://” in the Piwik UI and API. More details & download

By InnoCraft, the makers of Piwik.

Performance Info

This plugin checks your Piwik configuration and compares it with some best practice settings. For example whether debug modes are disabled in a production environment, whether the example plugins that are shipped with Piwik are disabled, and more. Please note that this plugin works only with Piwik 2. More details & download

By Martin Keckeis

Login Ldap

Some companies might already manage their users in an LDAP server. This plugin allows you to log in to your Piwik via a central LDAP and supports web server authentication (eg. for Kerberos SSO). It authenticates with an LDAP server and uses LDAP information to personalize Piwik. More details & download

By Piwik

Login Shibboleth

Shibboleth is an open-source project that provides a Single Sign-On and allows websites to make informed authorization decisions in a privacy-preserving manner. Using this plugin allows you to connect to an existing Shibboleth environment so you need to manage users only once. More details & download

By Universität Würzburg Rechenzentrum

Login Http Auth

This plugin allows you to sign in to your Piwik using the HTTP Auth protocol instead of the standard login mechanism. It extends the standard Piwik authentication to use Basic HTTP Authentication. This may be useful if you use Basic HTTP Authentication already anyway and don’t want to manage your users additionally in Piwik itself. We recommend to use this only over SSL, for example with the Force SSL plugin. More details & download

By Piwik

Custom Development

Piwik is an analytics platform that you can extend and customize to your needs. Besides many configuration options you can change existing functionality and also build new functionality on top of Piwik, for example to log in to your Piwik via any Single-Sign-On. Read more about extending Piwik on the Piwik Developer Zone or get in touch with us and we take care of it for you.


We are the makers of Piwik Analytics, the leading open source analytics platform used on more than 1 million websites and apps. We provide outstanding products and services to help you grow and achieve your business goals using the power of Piwik Analytics. We also love privacy and giving our customers full control over their digital analytics data.

Any questions?

Many answers and more information about Piwik You can find here:

We are social

Follow us: