How to Harden a Matomo Installation?

Same here, in my apache install (linux gentoo) no htaccess was created automatically. only some in config folder to blacklist access. but no htaccess in htdocs to whitelist files.

i need to read the code with the installer-wizard if it tries to copy or create this file.
as far as i can see this is all manual. and only the config is protected. but that’s not the discussion here.

I it was there, i would not even have started this discussion.

Some search in github shows there is indeed a file to create and put a htaccess there.

But when i used the wizard it connected DB etc. but didnt write the .htaccess file to my server.

So it seems to be a bug, which i was lucky to trigger with my server setup. (Shared Hosting)

Still odd we are now down 21 comments in this thread, and it seems all I question already exists, and its a real bug in the installer wizard, maybe problems with file access rights to save to disk.

The second answer should have been in this thread.
“… it already exists, you have a bug in your installation …”

I need to make a new Install on another server and see if the htaccess is created, and why it is not on my main server.

Then it just would be a bug report if the wizard cannot write to disk or similar .

Hi @Unterberger.Media
In case of discovered bug, you can create an issue at:

I’m following this discussion since the start as I found it interesting that no .htaccess was created in the Matomo install directory three month ago when I first installed it on the server.

I do have it in:

  • /config
  • /js
  • /lang
  • /tmp

All other directories and the main install directory do not have one.

I’m still not clear if they are missing or not and how to create them after the installation if necessary.

I would be grateful if this could be explained better.

@innocraft @matthieu do you have some clues for Xavier or Daniel?

1 Like