SecurityInfo and plugins

gd83caw1gd · July 28, 2019, 10:33am

I like to increase security inside Matomo and noticed posted article:
URL like:

https://plugins.matomo.org/securityinfo#preview

Is this officially recommended beside usual
dashboard inside Matomo and warnings validation?

Lukas · July 28, 2019, 2:12pm

Hi,

Unfortunately the recommendations of the plugin are generated by a library that hasn’t been updated since around 2008, so all recommendations are to be taken with a grain of salt.

Replace PhpSecInfo with something more modern

opened 09:33AM - 02 Dec 18 UTC

Findus23

As this is the most downloaded Matomo plugin and the description recommends usin…g it > We highly recommend that all Matomo administrators enable the SecurityInfo plugin, and then view the Settings. The plugin is a tool in a multilayered security approach. we should make sure that the recommendation it gives are up to date. Unfortunately the development for PhpSecInfo seems to have stopped in 2007 or 2009 and while there [have been some fixes to make it work with newer PHP versions](https://github.com/matomo-org/plugin-SecurityInfo/commits/master/PhpSecInfo/PhpSecInfo.php), I am not sure if the recommendations are still correct and (more importantly) if not some important recommendations are missing. But I couldn't find many alternatives. https://github.com/sektioneins/pcc seems to be newer, but it doesn't seem to have a way to get the results apart from echo. If someone knows a better alternative, please comment here.

gd83caw1gd · July 29, 2019, 7:30pm

Hi, Thank you for all information.