No data


please help me. I installed piwik on my website (in to subdomain), setup db, everything looks ok, i copy java tracking code in to my web (word press) in footer.php. Now I have piwik on my site about one hour, but still no data about visitors. Empty piwik_log_visit in DB.
My hosting is safe mode off. Could you help me? Thanks T.

If you’re a hostgator user, you should contact HG tech support to get your domain whitelisted from mod_security rules.

I seem to be having a similar problem as the OP. My piwik has been working fine up until last week. I’ve updated my piwik and replaced the code but still no luck getting back up and running. Any ideas would be appreciated.

i have safe mode off on my hosting,
when I am loading my web, stat. is loading (in browser status bar), in source code of page is javascript …

my web:
piwik web:

Pls help, thanks

same problems with our web sites (no host).

after update to 1.2 (we deleted completely old 1.1 and change to 1.2 with no error)

  • 70% no tracking
  • ip geoloc not correct (eg uk instead of bulgaria)

one sample of our sites is

please provide patches.


thomasv and blackcat: your respective site’s tracking code looks ok; I’m assuming the tracking request hit the server; what do your server error logs or piwik_log tables show?

WesleyG: URL?

thanks for reply,

now i reinstall piwik in new location and recreat db, I use wp piwik plugin for wordpress and when I test a new settings with visitors generator plugin everything looks good, in piwik_log_visit are records, but it recorded only visits from plugin, real visitors no … :frowning:

hi vipsoft,

first of all thanx for your quick reply.

i give you more info:

  • 100% no tracking if web page is part of an IFRAME (eg in the oprtical fiber banner is called through a iframe, this is very useful for tracking both views and goals in a separate session)
  • no errors in our servers or piwik stats_logger_error table
  • in web site record it is not possible to delete main_url, we do this manually in stats_site table because some times we need to consider URL as a referrer.



my url is:

so, no function, i delete piwik :frowning: back tu google analytic

Installed yesterday, no data!

Theoretically you should be able to easily use a .htaccess file to turn off mod_security at Hostgator yourselves to whitelist them for any domain or sub-domain.

Using this code inside your .htaccess file:

SecFilterEngine Off SecFilterScanPOST Off

And then placing the above .htaccess file in the root of the domain you want mod_security turned off for.

The code above checks first for mod_security before turning it off, but you could also just use:

SecFilterEngine Off
SecFilterScanPOST Off

inside your .htaccess file if you didn’t want to check for it first. The first turns the security engine off and the second line turns scanning off.

Try it and see if it works for you.

Any how, I’ve turned off mod_security on my site, but still have no tracking for me. So it’s something more than that. Or I’m not doing it right. =) I’ve followed all the instructions. I’m sure there’s a fix somewhere I need.

Quick update,

Note: I was wrong about changing the mod_security option in your .htaccess file. As yes, at some hosts it does work and at others though, they may have that ability turned off at the web server level. So just depends on your host, whether you can do that or not.

And I did get this to work, by sticking to it. =) I put it into a container and whitelisted one of the mod_security rules, oddly enough it was like rule 12344321 or something like that. Don’t quote me on the rule number, though there are quite a few. Phew! =)

Once I did that, I then did a quick check of the piwik system by first renaming the config.ini.php to config.old.php and then using the install checklist found on the second page of the piwik install to check on everything for me.

When everything checked out I then renamed the config file back to config.ini.php and everything worked. Stuff started showing up. Woot! =)

The problem here seems to be, but don’t quote me on this, that the newest form of mod_security doesn’t like urls or even encoded urls passed in the querystring as parameters. Because sometimes they can be run/eval’d by the system unknowingly and the encoding then doesn’t protect. At least this seems to be the case. The short term fix is to whitelist the new mod_security rule/turn it off and to apply a rider to programatically reformat/substitute areas in the url parameter that piwik passes as part of it’s querystring into something less threatening like an array or a substitution and then piece it back together wherever needed.

As the creator says, you may need to talk to your host to get them to do the above for you.

Possibly the long term though fix for piwik, so they can stop worrying about getting any more mod_security errors, because they aren’t going away, may be to change the piwik code to either serialize the url parameter found in the piwik querystring, or send it as an array or to use a substitution or just not to use a full fledged url as a parameter, but instead to chop it up into reconstitutable pieces. This definitely seems like something that can be fixed.

Hope this helps somebody, hang in there, there is a fix, just not an easy one. =)



P.s. Thanks for putting the time into some great software, if you could now just fix this mod_security burp you’d be golden. =)

“SecFilterEngine Off” doesn’t work in newer versions of mod_security)

The Piwik “fix” is for affected users to use tracker.setRequestMethod(‘POST’).

(Sorry, will have to finish my reply tomorrow.)

That’s probably why I said… =)

Note: I was wrong about changing the mod_security option in your .htaccess file. As yes, at some hosts it does work and at others though, they may have that ability turned off at the web server level. So just depends on your host, whether you can do that or not.

To be honest though I tried the… tracker.setRequestMethod(‘POST’) thing first off and it didn’t work. The only thing that did work was changing the mod_security rules on the web server side. So like a transformer here there may be more than meets the eye.

The real fix here is not to send a full url as a parameter in a get method and instead to change the code to either always send it in a post format or to always send it in a get format, but in such a way as not to trigger the mod_security, which should be pretty easy through a number of ways I listed above.

To leave it sort of hanging out either here not there and somewhere in the middle just I think causes you guys too many headaches I think, making folks try all kinds of stuff, but generally not knowing and then they have to choose. =)

Choosing for them, just one way that’s built in, and is the only/right way, is a good way to stop the questions and fails.

Anyways I appreciate what you guys are doing. Absolutely do. Just positing that it’s possible that sooner or later mod_security doesn’t like a post with an url parameter any better than a get, with the new rules. So think of it as being pre-emptive. Since a post with an url parameter isn’t much different than a get with an url parameter to mod_security. Both still a security risk when sent as a whole live url.

Just one man’s thoughts who spent the entire day trying to get this to work. =) And was forced to turn off security. But hung in there because he wanted it to work.

All is working now. (:smiley: