Matomo: Impressive and Useful

I discussed migrating from Google Analytics and Jetpack to Matomo in a previous post. However, I haven’t used it for a significant amount of time. I am finding it very useful.

There are two ways you can self-host Matomo. As a plugin for WordPress or as an independent web application. The WordPress plugin is the most accessible and most straightforward option for analytics on one WordPress installation. However, if you administer more than one website, the dedicated web application is a better option.

The only real difficulty I ran into was getting GeoIP working. That is due primarily to a lack of Debian packages for the correct PHP extension and no clear subheadings for system managed updates of the GeoIP databases.

#Assuming Matomo installed at /var/www/html/matomo
#Assuming geoipupdate places the databases in /usr/share/GeoIP/
cd /var/www/html/matomo/misc/
for DB in `ls /usr/share/GeoIP/*.mmdb`
do
ln -s /usr/share/GeoIP/$DB ./
done
#All .mmdb databases are now linked to the system databases updated by geoipupdate.

–Robert

Automatically Starting Exactly One ssh-agent

I use SSH keys to protect all of my SSH logins. The following shell code starts only one ssh-agent and adds all ssh-keys to that agent. I recommend adding it to your ~/.bashrc file, so the proper environment variables are set up.

if [ `ps -C ssh-agent | wc -l` -ne 2 ]; then
  ssh-agent -a $HOME/.ssh/agent.sock > $HOME/.ssh/agent.env
  source $HOME/.ssh/agent.env
  for key in $HOME/.ssh/*.pub; do
    pkey=`basename -s .pub $key`
    ssh-add $HOME/.ssh/$pkey
  done
fi

Upgrade WordPress’ Password Hashing

WordPress and several other pieces of web software written in PHP are notorious for using old and broken algorithms for securing passwords. If you are using a PHP version of 5.5 or newer, you should get okay security by default. However, even phpass’ developers recommend not using their software if you can use PHP 5.5 or newer. I strongly suggest installing and enabling the PHP Native password hash plugin, especially if your WordPress install was ever run on any of the PHP 5 family. The plugin’s two most significant advantages are it actually gets updated to include new, more robust algorithms, and it automatically migrates passwords to the newer algorithms on login.

Don’t say one year of experience required if you won’t train.

I have been dealing with the issue of many people wanting one year of experience with tool A, but they won’t train you on the differences between tool A and tool B, which I do have experience on. But I need someone with experience? A person with one year of experience in a tool isn’t an expert on the tool. They are a moderately experienced beginner. Also, since Tool A and Tool B do the same job, the differences in how those tools work is maybe a week or two of adjustment, not a whole year of adjustment.