Piwik problem. Caused by mod_security?


I installed Piwik, the web stats tracking program, on one of my domains using Dreamhost’s one-click install. Then, I installed and activated the Piwik plug-in on each of my WordPress sites.

All of my WP websites show up on my Piwik dashboard, but no data is being shown for any of them.

According to a Piwik discussion page I found, this problem may happen if a host uses mod_security. The only recommended solution is to have the host turn off mod_security. I know we are able to do that in Dreamhost ourselves by turning off “Extra Security” for a given website. However, with all the problems I’ve had with hackers, I want all the security I can get on my sites.

Anyway, I don’t know for sure that mod_security is causing my problem. It seems odd that Dreamhost would offer Piwik as a one-click install if mod_security interferes with it – at least without providing a warning about this.

I have read that problems caused by mod_security can be overcome on a per-file basis with a line of code in one’s .htaccess file. But I don’t know what that code would be.

Any ideas? Has anyone else used Pikwik and had the problem that it didn’t actually pull any data from the sites it was supposed to be tracking? Do you think this really does stem from Dreamhost’s use of mod_security?



For a specific file, try:


There is no way to disable mod_security from an .htaccess file under our current environment. Sorry!

One reason for this is so that a malicious application (e.g, a backdoor, which is one of the things mod_security is checking for!) can’t simply disable mod_security on itself to escape detection. That’d leave way too big of a loophole.


Can it be disabled in Panel and selectively switched on ?


So, are you saying my only choices are, 1) Turn off mod_security for any site I want to track on Piwik, or 2) Keep mod_security on and not be able to use Piwik?


I don’t use Piwik, but it’s a program for you, not random people, right? So run it in its own user and put it and the site you want to monitor under the same group and share directory access. Turn on enhanced web security for your public site, and put some other security on your Piwik. Something like that oughta work.


Obviously, you should be able to use Pikwik if you want to, but have you tried WordPress’ own stats plugin (part of Jetpack) or Google Analytics? I find Google Analyitics to be quite robust. And no issues with mod_security.