The data that Piwik collects from visitors comes with responsibility. You are now responsible for the privacy of your visitors. While this responsibility may not be as big as storing encrypted credit card numbers, still, it shouldn't be taken lightly. The developers that work on Piwik are dedicated to providing users with a secure and bug-free application. But there are a few things you can do to make your Piwik installation more secure. Most of these would apply to any PHP and MySQL application.
Use a separate MySQL database for Piwik: It is a good practice to do this with all of your databases. That way, if an attacker happens to be able to access one database, this database will not be linked to multiple applications.
Give your Piwik database its own username and password: The first thing a hacker might try is to use one set of credentials that work on all of your databases. Giving each database a separate username and password limits the damage an attacker can do. To learn more about MySQL best practices, please visit: http://dev.mysql.com/tech-resources/articles/mysql-administrator-best-practices.html.
Always access Piwik over SSL: With a standard HTTP connection, information is sent in plain text. This includes usernames and passwords. Choosing to always use the HTTPS connection guarantees that this data will be encrypted. This is a pretty simple process that gives a lot of added security.
Make sure your web server is configured to accept SSL requests. You can use a self-signed certificate, but a valid SSL certificate is recommended for a production installation of Piwik.
Find the section marked
General
in theconfig/config.ini.php
file in your Piwik install folder and addforce_ssl=1
underneath theGeneral
heading, as follows:[General] force_ssl=1
Restrict access to Piwik files: Only the
piwik.js
and thepiwik.php
files are required by external websites for tracking. You can use .htaccess
to restrict the access of every other file in the Piwik installation to only those IP addresses you will be using to check your stats.Keep backups: Regular backups will protect your data in case of a disaster. First make sure that your Piwik MySQL database is backed up. There are plenty of free scripts or downloadable software to back up MySQL databases. Any one that works, should do. The only file you have to worry about backing up is
config.ini.php
in theconfig
folder of your Piwik installation. Back it up to your computer or another location, regularly. This is all you need to restore a Piwik installation if your current installation is ever damaged. To learn more about backing up your MySQL databases, please visit: http://dev.mysql.com/doc/refman/5.1/en/backup-methods.html.Keep your system up-to-date: Your system is only as strong as its weakest link, and there are many links in its chain. Sometimes, software updates add features, but often these updates fix bugs and plug security holes. So, keeping Piwik, Apache, Linux, PHP, and MySQL up-to-date is an important part of the security of your Piwik installation.
Use the Piwik security plugin: Piwik comes with a SecurityInfo plugin that will test your installation for any security issues and return a recommendation report. This plugin is not activated by default. First, you must activate the plugin in the Piwik's Settings | Plugins menu. You can then view the SecurityInfo plugin by going to Settings | Security in the Piwik admin interface. Anything marked green in the report is in good condition. Anything red should be checked out and fixed, if possible. Yellow is somewhere between both extremes, but not a dire threat.
Use strong passwords: This is always a good practice. Another good practice is changing your passwords regularly. You can generate a strong password online at http://www.pctools.com/guides/password/.
Use SSH and secure FTP: This is another general good practice. This will encrypt your connection to your web server—so no one snooping on your connection can capture data in any readable form.