Matomo analytics compatibility

  • I recently noticed my matomo analytics stopped working after activating iThemes security and can guess the reason for this but I can’t find the setting which is preventing access to /plugins/matomo. I hope this extract from the error log will allow someone to point me in the right direction:

    error.log.2021-03-10:[Wed Mar 10 01:17:19.403778 2021] [fcgid:warn] [pid 660:tid 140133491791616] [client 2a01:4b00:9609:f300:b1b2:23bb:5c56:c65f:9188] mod_fcgid: stderr: Error in Matomo: This user has super user access. For embedding widgets super user token auths are not allowed. See our faq for more information., referer: https://www.chocolatedetective.co.uk/wp-content/plugins/matomo/app/index.php?module=CoreHome&action=index&idSite=1&period=day&date=yesterda

    also:

    access.log.2021-03-10:40.77.190.136 - - [10/Mar/2021:20:12:18 -0800] "GET /wp-json/matomo/v1/hit/?action_name=Grenada%20Special%20Cuv%C3%A9e%2085%25%20Broken%20Dark%20Chocolate%2070g%20%E2%80%93%20The%20Chocolate%20Detective&idsite=1&rec=1&r=831440&h=20&m=12&s=16&url=https%3A%2F%2Fwww.chocolatedetective.co.uk%2Fproduct%2Fgrenada-special-cuvee-85-broken-dark-chocolate-70g%2F&_id=3f21669a116764c9&_idn=1&_refts=0&send_image=0&cookie=1&res=800x600&pv_id=F1JpKs&pf_net=0&pf_srv=194&pf_tfr=0&pf_dm1=5663 HTTP/1.1" 403 66416 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534+ (KHTML, like Gecko) BingPreview/1.0b"

    • This topic was modified 3 years, 8 months ago by tom coady.
    • This topic was modified 3 years, 8 months ago by tom coady.
    • This topic was modified 3 years, 8 months ago by tom coady.
Viewing 1 replies (of 1 total)

  • The error didn’t ring a bell …

    … but when I saw the length of the GET request url that is being blocked (403), I guess the culprit might be the Long URL Strings setting in the System Tweaks module (That is, if it’s currently enabled).

    Additionally at the top of the System Tweaks settings page it says:

    These are advanced settings that may be utilized to further strengthen the security of your WordPress site.

    Note: These settings are listed as advanced because they block common forms of attacks but they can also block legitimate plugins and themes that rely on the same techniques. When activating the settings below, we recommend enabling them one by one to test that everything on your site is still working as expected.

    Remember, some of these settings might conflict with other plugins or themes, so test your site after enabling each setting.

    If disabling the Long URL Strings setting does not help but there are other settings enabled in the same module try and disable the module.

    To prevent any confusion, I’m not iThemes.

    • This reply was modified 3 years, 8 months ago by nlpro.
    • This reply was modified 3 years, 8 months ago by nlpro.
Viewing 1 replies (of 1 total)
  • The topic ‘Matomo analytics compatibility’ is closed to new replies.