This is how I replacing Google Analytics with Piwik/Matomo for a locally hosted privacy-focused open source analytics solution
Aside
I have a number of guides on moving away from CPanel, Setting up VM’s on AWS, Vultr or Digital Ocean along with installing and managing WordPress from the command line. PHP is my programming language of choice.
Now on with the post
Google Analytics
I will fully admit Google Analytics is good. I posted this a while ago on how you can set up Google Analytics on your site.
Google Analytics has some great charts and graphs. Simple to set up and easy to use.
My site traffic is growing and I would prefer to hold my own analytics on user data. Matomo is an analytics solution that stays on my server and not in the hands of Google.
Google Analytics can be Slow
Sometimes the Google Analytics server is slow (affecting the speed of my server). I blogged recently about speeding up a WordPress site here and Google Servers were not adding expiry headers on assets.
I did log a ticket with Google to fix this and the experience was terrible.
Support for Google Analytics is terrible
GT Metrix scores show poor delivery of tracking assets.
Privacy
After the Cambridge Analytica fiasco (that made me decide to delete facebook) sending analytics to Google is not a good idea.
- Google Removes ‘Don’t Be Evil’ Clause From Its Code Of Conduct
- FUTURE SOCIETY Three Signs Google Is Turning to the Dark Side
- Top 10 Ways Google Does Evil
I am not saying Google is evil but I want my site’s visitors tracking data to remain local.
Website Speed Benchmark before installing Matomo
I can load my site in 1.3 seconds at best, 1.5 seconds on average and 2.0 seconds at worst. My site is loading 11 assets.
Page Speed Scores
Y Slow Scores, Gogol Assets are reporting no expiry headers (slowing down scores)
Google Analytics tracking assets are slow.
Optimizations to be made
Browser caching is not possible with Google Analytics.
Missing Expiry Headers (I can see a Google Tag Manager server is slowing down my servers benchmark score)
Why Mamoto (instead of Google Analytics)
I came across
Someone pointed out that @haveibeenpwned got a bunch of traction on Reddit today. With pretty much everything now either cached by @Cloudflare or served by @AzureFunctions, the first I know of a 28x traffic increase is no longer when something scales it’s when someone tells me 😎 pic.twitter.com/ifj7nQg3n4
— Troy Hunt (@troyhunt) November 5, 2018
Mamoto was mentioned
It’s an Open Source, self hostable, privacy friendly alternative to Google Analytics:https://t.co/NiK7A7uQAE
— Lukas Winkler (@lw1_at) November 5, 2018
I visited https://matomo.org/
Snip
> Take care of running Matomo yourself by installing it on your own server. There is no cost for Matomo itself but you need a server and update Matomo & your server regularly to keep it fast and secure. Need help? The Matomo team provides free help resources and paid support.
Source Code
Source code is available.
> Matomo is the leading open alternative to Google Analytics that gives you full control over your data. Matomo lets you easily collect data from websites, apps & the IoT and visualise this data and extract insights. Privacy is built-in. We love Pull Requests! https://matomo.org/
https://github.com/matomo-org/matomo
Installation Guide
I read the installation guide here https://matomo.org/docs/installation/
You can view the changelog here https://matomo.org/changelog/
Downloading Mamoto
I logged into my server via SSH and downloaded the 18MB download to the desired folder
I unzipped the zip file
I loaded the URL where Matoto was installed (e.g “https://fearby.com/folder/subfolder/matomo/”)
I received this well-crafted error.
Raw Output
I refreshed the page after running the commands above on my site (via SSH)
A system check was performed. I installed when PHP 7.2.11 was the latest, PHP 7.2.12 or higher might be available. Follow my guide to update PHP on Ubuntu.
I had one Issue with Freetype not being installed.
I solved this error by installing FreeType
Output
Reading package lists... Done Building dependency tree Reading state information... Done Note, selecting 'freetype-tools' for glob 'freetype*' Note, selecting 'freetype2-demos' for glob 'freetype*' The following NEW packages will be installed: freetype2-demos 0 upgraded, 1 newly installed, 0 to remove and 66 not upgraded. Need to get 123 kB of archives. After this operation, 728 kB of additional disk space will be used. Get:1 http://us.archive.ubuntu.com/ubuntu bionic/universe amd64 freetype2-demos amd64 2.8.1-2ubuntu2 [123 kB] Fetched 123 kB in 0s (965 kB/s) Selecting previously unselected package freetype2-demos. (Reading database ... 122574 files and directories currently installed.) Preparing to unpack .../freetype2-demos_2.8.1-2ubuntu2_amd64.deb ... Unpacking freetype2-demos (2.8.1-2ubuntu2) ... Processing triggers for man-db (2.8.3-2) ... Setting up freetype2-demos (2.8.1-2ubuntu2) ...
Then I installed “php-gd”
Output:
I refreshed the Matomo setup wizard page, Freetype is now installed 🙂
Database Settings
For the life of me, I could not get Matomo to talk to a database on another server so I set it up on my localhost.
I used this guide to help in mysql CLI to create the database and users.
Commands in mysql to create a database and user and assign the user to the database. If you are not comfortable with MySql CLI you can use Adminder GUI.
I used this PHP code to test connecting to the dedicated server before using the localhost
<?php $servername = "localhost"; $username = "databaseuser"; $password = "#################"; $dbname = "tbdatabasename"; // Create connection $conn = new mysqli($servername, $username, $password, $dbname); // Check connection if ($conn->connect_error) { die("Connection failed: " . $conn->connect_error); } else { echo "Connection Success"; } $conn->close(); ?>
Database created ok
I created a Matomo user then I grabbed the javascript tracking ID code so I could paste this into WordPress.
I opened my WordPress theme settings and deleted the Google tracking tags and added the Matomo tracking code.
I added the Matomo tracking javascript in the head section.
The dashboard is up and collecting data.
Some reports are missing data so I will come back later.
After 1 week I could see data
Securing Mamoto
I read this guide here to secure Matomo
Opt Out Tracking
I enabled Opt Out Tracking in the Mamoto settings and added the generated opt-out code to my front page and at the bottom or all existing articles.
I had to allow iframe tags on my site by adding this header in NGINX (previously I blocked iframes)
add_header X-Frame-Options sameorigin
Add Opt Out Tracking Code to WordPress.
I updated my privacy page and my GDPR notification bar. Now visitors will see a opt-out of tracking on the front page and all article pages.
SMTP Settings
I added my GSuite mail server settings to enable sending of reports via email. I loaded my old guide here to get the GSuite SMTP settings.
I enabled force https on the Mamoto application (edited: config/config.ini.php file)
[General] ... force_ssl = 1
Matomo Plugins (Marketplace)
I opened the System then Plugins section of Matomo to open the Marketplace
I installed these plugins
- Force SSL
- HidePasswordReset
- Google Authenticator
- Device Pixel Ratio
- Bandwidth
- Js Tracker Force Async
- Treemap Visualization
- Security Info
- Custom Alerts
- IP Reports
- Live Tab
- etc
Updating PHP
Matomo Admin (Panel – Security/Diagnostics) section will report if your PHP gets out of date.
Hardening Advice
I enabled 2fA Authorisation at logins (Google Analytics Plugin).
Read my guide here on hardware 2FA YubiCo YubiKeys here.
php.ini hardening changes
Matomo also recommended some php.ini file changes.
> open_basedir – open_basedir is disabled. When this is enabled, only files that are in the given directory/directories and their subdirectories can be read by PHP scripts. You should consider turning this on. Keep in mind that other web applications not written in PHP will not be restricted by this setting.
> upload_tmp_dir – upload_tmp_dir is disabled, or is set to a common world-writable directory. This typically allows other users on this server to access temporary copies of files uploaded via your PHP scripts. You should set upload_tmp_dir to a non-world-readable directory
This may break your WordPress so enable at your own risk. I might move Mamoto to a dedicated “analytics” subdomain then enable these options.
Troubleshooting
I had to run this command when installing Device Pixel Ratio, Device Network Information, Bandwidth plugins
Output:
GTMetrix (After)
GT Metrix reports that my site is not slower (still 1.5 seconds)
I can see that some JavaScript is not being picked up by CDN.
Also 2 More files loading (when compared to Google Analytics)
Time to add the Mamoto files to my CDN.
Adding Matomo Resources to a CDN
I read this Matomo forum post.
I copied these 2 assets to my WordPress wp-content folder (my WordPress CDN ewww.io will then upload them to the CDN).
I have cache everything enabled in ewww.io and this will copy the javascript assets ot my CDN. I will need to manually update these js files each time a Matomo update is installed.
I change my Matomo tracker code to include the new CDN location
<!-- Matomo --> <script type="text/javascript"> var _paq = _paq || []; /* tracker methods like "setCustomDimension" should be called before "trackPageView" */ _paq.push(['trackPageView']); _paq.push(['enableLinkTracking']); (function() { var u="//fearby.com/utils/matomo/"; _paq.push(['setTrackerUrl', u+'piwik.php']); _paq.push(['setSiteId', '1']); var d=document, g=d.createElement('script'), s=d.getElementsByTagName('script')[0]; g.type='text/javascript'; g.async=true; g.defer=true; g.src='https://fearby-com.exactdn.com/wp-content/piwik.js'; s.parentNode.insertBefore(g,s); })(); </script> <!-- End Matomo Code -->
I could not find out how to change the location of my (now CDN cached https://fearby-com.exactdn.com/wp-content/optOut.js) so I temporarily disabled the opt-out form on my front page.
todo: Find out how to change the CDN location of optOut.js and re-enabled the form.
All assets are loading from CDN.
Analytics Reporting
Graphs are not as pretty as Google Analytics but they are working.
Mobile Reporting
Mobile reporting is good too.
Updating Matomo Plugins
Don’t forget to update your plugins from the Matomo dashboard.
Updating Matomo (Core)
Matomo has an official guide on how to update Matomo here.
I do not have FTP so I will perform the manual three step update.
But before I do that I will manually backup my web server and database server just in case.
I backed up my Matomo config (I SSH”ed to the server)
$ cd /www-root/matomo-root/
$ cp ./config.ini.php ./config.ini.3.x.x.php
I navigated to the folder above my Matomo folder
$ cd ..
$ cd ..
I downloaded Matomo
$ wget https://builds.matomo.org/matomo.zip
I unzipped the zip file
$ unzip -o matomo.zip
I removed the matomo.zip file
$ rm matomo.zip
I loaded the Matomo Login page again and was prompted to update the database.
Matomo reported it was updated Successfully.
Oops, and error in config error appeared when I tried to log in.
Oh, Do I need to replace the config file with my backed up config file?
(edit: Yes Matomo say to do this, my bad)
Ten seconds later I accidentally deleted all my config files (I had zero backups), the next 2 minutes were spent shutting down my servers (web and db) and restoring them from backup. Thank goodness UpCloud are awesome hosts.
I now had to restore my servers and repeat the steps but this time restore my config file before logging back in.
I did this but had the same error
> An error occurred
> Authentication object cannot be found in the container. Maybe the Login plugin is not activated?
> You can activate the plugin by adding:
> Plugins[] = Login under the [Plugins] section in your config/config.ini.php
I checked my replaced config.ini.php and it did have
> [PluginsInstalled]
> PluginsInstalled[] = “Login”
I googled and found this page that said reset your password (this was not an option as Matomo was not loading)
I logged into mysql with my Matomo user
> mysql -u matomodbusername -p
> Enter password:
> Welcome to the MySQL monitor. Commands end with ; or \g.
> Server version: 5.7.xxxx
> Copyright (c) 2000, 2019, Oracle and/or its affiliates. All rights reserved.
> Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
> Type ‘help;’ or ‘\h’ for help. Type ‘\c’ to clear the current input statement.
> mysql> show databases;
+——————–+
| Database |
+——————–+
| information_schema |
| matomodb |
+——————–+
> 2 rows in set (0.00 sec)
The account and database seem ok.
I tried “FLUSH PRIVILEGES;” with no luck
I tried to sop mysql but it was locked
It was late so I rebooted my server (it did not come back up after a few minutes, I forced a reboot)
I still had an “Authentication object cannot be found in the container.” error when trying to login to Matomo???
I re-checked the “config.ini.php” file after reding threads at the Matomo Forums
$ sudo nano /www-root/matomo-root/config.ini.php
“Plugins[] = “Login”” was not in the “[Plugins]” area of the file??? I added it, saved the change and was able to reload the Matomo GUI.
I checked some key reports.
Visitors over time:
Visitor Location Map
Visitor Overview
Out links Clicked
Nice
I subscribed to the Matomo newsletter here to keep up to date with Matomo update releases: https://matomo.org/newsletter/
Good luck and I hope this guide helps someone
Ask a question or recommend an article
[contact-form-7 id=”30″ title=”Ask a Question”]
Revision History
v1.2 Hardening info
v1.1 Updating Matomo
v1.0 Initial post