At Piwik and at InnoCraft, we have always focussed on Security and take it very seriously. We were one of the first open source projects to offer a bug bounty for reporting security issues responsibly, Piwik has gone through several security audits and all changes in Piwik go through security reviews by our security experts.
On the Piwik Marketplace you will find some plugins that give you just that extra bit of additional security to keep your data even more secure and to let you secure how your users log in to your Piwik.
This plugin provides security information about the server(s) your Piwik is running on and offers suggestions on how to improve the security settings of your servers. We highly recommend to install the Security Info plugin. Checks performed include for example usage of the latest PHP version, usage of latest Piwik version, usage of PHP ini settings like magic_quotes_gpc and more. More details & download
This plugins adds Two Factor Authentication, also known as 2FA, to Piwik. When logging in to Piwik, it forces you to confirm the identity by utilizing a combination of two different components. This means if someone knows your password, they will still need the other component in order to successfully log in, in this case a code that changes every minute on your phone. More details & download
By Stefan Giehl
The plugin gives you a detailed audit log of all activities that happen in your Piwik for better security and problem diagnostic. It provides documentary evidence of over 80 different activities that happen in your Piwik and lets you for example see when someone successfully logged in, when someone tried to log in with your username, when someone deleted data, and much more. More details
By InnoCraft, the makers of Piwik. Pricing starts from 39€ / $49 a year.
This feature allows a user to log in from multiple locations (different browsers, computers, …) as usual and makes sure to log you out of all sessions as soon as you log out from any of these locations. More details & download
For security and privacy reasons you should always use Piwik over HTTPS (SSL). By activating this plugin, you make sure to redirect all “http://” requests to “https://” in the Piwik UI and API. More details & download
By InnoCraft, the makers of Piwik.
This plugin checks your Piwik configuration and compares it with some best practice settings. For example whether debug modes are disabled in a production environment, whether the example plugins that are shipped with Piwik are disabled, and more. Please note that this plugin works only with Piwik 2. More details & download
Some companies might already manage their users in an LDAP server. This plugin allows you to log in to your Piwik via a central LDAP and supports web server authentication (eg. for Kerberos SSO). It authenticates with an LDAP server and uses LDAP information to personalize Piwik. More details & download
Shibboleth is an open-source project that provides a Single Sign-On and allows websites to make informed authorization decisions in a privacy-preserving manner. Using this plugin allows you to connect to an existing Shibboleth environment so you need to manage users only once. More details & download
Login Http Auth
This plugin allows you to sign in to your Piwik using the HTTP Auth protocol instead of the standard login mechanism. It extends the standard Piwik authentication to use Basic HTTP Authentication. This may be useful if you use Basic HTTP Authentication already anyway and don’t want to manage your users additionally in Piwik itself. We recommend to use this only over SSL, for example with the Force SSL plugin. More details & download
Piwik is an analytics platform that you can extend and customize to your needs. Besides many configuration options you can change existing functionality and also build new functionality on top of Piwik, for example to log in to your Piwik via any Single-Sign-On. Read more about extending Piwik on the Piwik Developer Zone or get in touch with us and we take care of it for you.