Include Matomo Tracking, by Jonas Hellmann Security & Risk Analysis
wordpress.org/plugins/include-matomoThis plugin lets you integrate your existing Matomo On-Premise into WordPress. If you don't already have a working Matomo (either On-Premise or M …
Is Include Matomo Tracking, by Jonas Hellmann Safe to Use in 2026?
Generally Safe
Score 100/100Include Matomo Tracking, by Jonas Hellmann has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The 'include-matomo' plugin v1.5.2 exhibits a generally strong security posture based on the provided static analysis. The absence of identified AJAX handlers, REST API routes, shortcodes, and cron events with unprotected entry points is commendable, indicating a minimal attack surface. Furthermore, the code signals show a lack of dangerous functions and file operations, and all SQL queries are properly prepared. The low percentage of unescaped output is also a positive sign, though it does suggest a small area for potential improvement.
The taint analysis reveals no identified vulnerabilities, and the plugin has no recorded CVEs or historical vulnerabilities. This lack of past issues and current critical findings suggests a well-maintained and secure codebase. The absence of capability checks and nonce checks on potential entry points is noted, but given the lack of identified entry points in the attack surface analysis, this is not a present concern.
In conclusion, 'include-matomo' v1.5.2 appears to be a secure plugin with a minimal attack surface and no identified vulnerabilities in the static analysis or historical data. The developer seems to follow good security practices. The only minor area for potential enhancement would be to ensure 100% output escaping for absolute best practice, but this is a low risk given the current findings.
Key Concerns
- Some outputs are not properly escaped
Include Matomo Tracking, by Jonas Hellmann Security Vulnerabilities
Include Matomo Tracking, by Jonas Hellmann Code Analysis
Output Escaping
Include Matomo Tracking, by Jonas Hellmann Attack Surface
WordPress Hooks 4
Maintenance & Trust
Include Matomo Tracking, by Jonas Hellmann Maintenance & Trust
Maintenance Signals
Community Trust
Include Matomo Tracking, by Jonas Hellmann Alternatives
Connect Matomo – Analytics Dashboard for WordPress
wp-piwik
Adds Matomo (former Piwik) statistics to your WordPress dashboard and is also able to add the Matomo Tracking Code to your blog.
MediaElement Google Analytics & Piwik Event Tracking
marctv-mediaelement-tracking
This plugins fires Google Analytics & Piwik events for the native Wordpress MediaElement video and audio player.
Romiltec Analytics Tracking
romiltec-analytics-tracking
Professional Matomo analytics integration with automatic Post ID tracking as custom dimensions.
Matomo Site Kit
openmost-site-kit
The most complete Matomo Analytics plugin for WordPress. Server-side tracking, WooCommerce ecommerce, site search, GDPR compliance, and Tag Manager su …
Effortless Landing Page Tracking for Matomo
effortless-landing-page-tracking-for-matomo
Seamless Matomo analytics integration with beautiful visit graphs on your dashboard and via shortcode. Lightweight, privacy-friendly, multisite-ready.
Include Matomo Tracking, by Jonas Hellmann Developer Profile
1 plugin · 500 total installs
How We Detect Include Matomo Tracking, by Jonas Hellmann
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/include-matomo/js/include-matomo.jsinclude-matomo/js/include-matomo.js?ver=HTML / DOM Fingerprints
<!-- Include Matomo --><!-- End Matomo Code-->name="matomo_url"name="matomo_site_id"name="matomo_rss_campaign"name="matomo_rss_source"name="matomo_disable_cookies"_paq