Force HTTPS in Matomo Analytics

There are many ways to force a website to use HTTPS for a secure SSL connection including the .htaccess 301 redirect and HTTP Strict Transport Security (HSTS) preload list. Below we cover how to force Matomo to use HTTPS with the configuration file and ForceSSL plugin.

Config File Install Plugin Deactivate Redirect

Edit Configuration File

Editing the configuration file is the easiest option for those with access.

  1. Edit your config/config.ini.php file using cPanel File Manager or FTP.
  2. Under [General], change the number beside force_ssl = from 0 to 1.
    Matomo should redirect to HTTPS automatically next time you login Matomo.

Install ForceSSL Plugin

For those unable to access the config file, you can install the ForceSSL plugin.

  1. Login Matomo.
  2. Select the Administration icon beside All Websites.
  3. Select Marketplace under Platform.
    Select Marketplace under Platform
  4. On the right, search ForceSSL and press Enter.
    Search ForceSSL
  5. Select Install.
    Click Install
  6. Select Activate Plugin.
    Activate Plugin

    Matomo should redirect to HTTPS automatically next time you login Matomo.

Deactivate ForceSSL

You may need to disable the HTTPS redirect if your SSL expires. You can deactivate the plugin within the config file or dashboard.

  1. Select Plugins under System.
    Select Plugins under System
  2. Select Deactivate on the right of ForceSSL.
    Select Deactivate

    You can uninstall it on the same page if preferred but its not necessary.

  3. Note:If you can’t log into Matomo, you’ll need to edit your config.ini.php file and under [Plugins] remove the line Plugins[] = “ForceSSL” to deactivate the plugin. Then change the number beside force_ssl = from 1 to 0.

You can read more about improving your web analytics in our Matomo Analytics section.

Leave a Reply