Guide on how to secure a Piwik server
|Reported by:||matt||Owned by:|
|Priority:||normal||Milestone:||1.7 Piwik 1.7|
In Piwik we focus a lot on security and aim to track and fix all potential code issues. But there are often other reasons that would let intruders in a system. It could be interesting to give a list of interesting resources or Must-have regarding securing a Piwik server.
I am thinking in particular tips such as:
- install Piwik in a new separate mysql db
- use a new mysql user and password
- make sure you use latest PHP, Mysql, Apache, OS
- use SSH rather than FTP
- If you must use FTP, do not store the password in your ftp software (easy prey for malwares)
- Always keep your own computer up to date, including Flash, Acrobat Reader, your browser, OS vulnerabilities
- Turn on SSL logins in your Piwik (better with a valid certificate on your Piwik domain)
- backup and test the restore
- use strong passwords
We could create a new section in the page: http://piwik.org/security/
with a simple list of items to do to make the Piwik server very secure.
Any feedback please comment!