The script is simply installed by copying the downloaded piwik folder to the home folder of a website and renaming the folder to something like Analytics or Stats.
Then open the page in a web browser to set up your Super User, add database info. and include website details.
The code reveals the location of your Analytics folder if somebody inspects the code which is not a big deal as long as your password is a strong one. But if you have many websites to track then it is desirable to use one install of the software to administer the statistics reports.
So we may point all of our tracking scripts to one master install of Piwik. But this means that all of the sites in our network may be easily discovered by a bot. One way to get around this is to install a proxy script that forwards the tracking link from the website being tracked to the master website.
This works, but adds extra load time to our website which has a negative impact on the page speed search engine metric. This is because the tracker works by displaying an invisible tracking pixel image which is normally produced by the Piwik code directly from the website being tracked. But the proxy approach means that another web request to the external master website needs to be made, and this may be a secure website requiring an SLL handshake.
However, if all of our websites are on the same Linux server we may use a symbolic link to make it look like the Piwik folder is on the same domain as we are tracking.
For example, if we have the Piwik package installed at
master.com/public/analytics and we want to track
another.com we CD to
another.com/public and then create a symbolic link with:
ln -s master.com/public/analytics/ analytics Now the webserver will be able to find the Piwik code at:
Now, we wouldn’t normally navigate to the virtual location of the Piwik dashboard, but if we do we see that it warns us that we are accessing from an untrusted domain and it reveals the location of the expected master location. We don’t want to reveal this to anyone snooping around, so we need to edit the config file.
One fix is to add all of our trusted domains. But if say one of your domains may accept wildcard sub domains then we need to fix it by allowing any domains with:
enable_trusted_host_check=0 But bear in mind that this is less secure because another spoof website could be set up to point to your Piwik Dashboard without generating warnings to users.
So this method of tracking multiple sites hides our master website from association with all our other domains, and it doesn’t add any extra load time due to using a proxy technique for delivering the tracking pixel.