There are many ways to force a website to use HTTPS for a secure SSL connection including the .htaccess 301 redirect and HTTP Strict Transport Security (HSTS) preload list. Below we cover how to force Matomo to use HTTPS with the configuration file and ForceSSL plugin.
Config File Install Plugin Deactivate Redirect
Edit Configuration File
Editing the configuration file is the easiest option for those with access.
- Edit your config/config.ini.php file using cPanel File Manager or FTP.
- Under [General], change the number beside force_ssl = from 0 to 1.
Matomo should redirect to HTTPS automatically next time you login Matomo.
Install ForceSSL Plugin
For those unable to access the config file, you can install the ForceSSL plugin.
- Login Matomo.
- Select the Administration icon beside All Websites.
- Select Marketplace under Platform.
- On the right, search ForceSSL and press Enter.
- Select Install.
- Select Activate Plugin.
Matomo should redirect to HTTPS automatically next time you login Matomo.
Deactivate ForceSSL
You may need to disable the HTTPS redirect if your SSL expires. You can deactivate the plugin within the config file or dashboard.
- Select Plugins under System.
- Select Deactivate on the right of ForceSSL.
You can uninstall it on the same page if preferred but its not necessary.
Note:If you can’t log into Matomo, you’ll need to edit your config.ini.php file and under [Plugins] remove the line Plugins[] = “ForceSSL” to deactivate the plugin. Then change the number beside force_ssl = from 1 to 0.
You can read more about improving your web analytics in our Matomo Analytics section.
