Reporting from unwanted sites


First of all congrats for this great project. I might be searching wrong but I haven’t find the answer.

I was wondering what could happend if someone copy the javascript code on other web site. Would I get false reports? is there a way to protect from that?

So I did this test.

I have a low trafic site call that is tracking stats with piwik and everything works great. I installed in my desktop wordpress and configure it to report stats. I do some browsing inside my wordpress to see if it reports and it does report.

How can I prevent this happening?



Hi you could exclude and IP or part of a URL.

Got to settings tab and there you will see the fields to or the other.

good luck

I don’t know if I am doing something wrong? I put “rbonifaz-desktop” in the exlude parameters, but it still reports.

Supposing that it works good and I can exclude some domains, this would work for my my original need. I have a site call and I have the development environment as So I could exclude stats from or even remove the javascript from there.

However what could happen if someone else takes copy the javascript code and copy in other sites. Or even if someone creates a virus that could send false stats about my site from distributed locations. I don’t know if someone would do something like that, but just curious about the concept.

Best regards and thanks for the quick answer,


ok if some is sending code from another server then Im guessing you are seeing it from a pages report where when you hover you see a foreign server. That main would show up so you have 2 options

enter the URL paraemter or else lookup the domain and its IP via WHOIS for example and exclude that IP.

The “rbonifaz-desktop” i dont know ehre you are getting that from? Hard for me to guide you.

For a dev environment lets say or just use exclude URL portion.(yes you could remove teh JS from dev entirely but that would mean you are QAing on your live then at somepoint from an analytics viewpoint)

the JS code will in theory only send data based on the typical piwik requests and varialbles.(if someone hacks it to send or corrupt a login of some sort I cant say, though piwik did recently pay for a new security screening that they have now fixed as i understand it.)

People linking to your site is probably desirable as its showing your content is good or your a main refernce point. But linking only makes your site higher in google rankings.


excluding “fake” requests is a feature request: New setting: Piwik to track only ‘known’ page URLs · Issue #1918 · matomo-org/matomo · GitHub

Thanks matt and lesjokolat,

lesjokolat, the rbonifaz-desktop is just a fake domain I created in the /etc/hosts of my Desktop to install a worpdress site and test if I could report from a “fake” site.

Looking at the docs I found this

So I guess if I want to exlude and For example if I would have to use something like:

if (!window.location.pathname.match(/^/(dev|test)./))

Best regards,