First, let’s be precise with the wording. The API key is not exposed, it is stored in your WordPress’ admin dashboard. This is what the API key is intended for.
WP-Matomo is intended to create a connection to Piwik, show Piwik statistics and to add the tracking code automatically. WP-Matomo neither able to read any stats nor to get the tracking code if no API code is given.
So, the usage of WP-Matomo without an API key does not make sense. Instead of this, you can add the tracking code given by Piwik to your theme, and you can avoid an additional plugin.
If you just worry about the admin rights granted with your API key: You can add additional users to your Piwik setup, restrict their permissions (e.g., just grant view permission to one specific site) and use these users API code instead of your central admin API key. Maybe this will allay your concerns?
Thread Starter
Anonymous User 6666466
(@anonymized-6666466)
Thanks for the confirmation! Your solution of creating a view only user is a great idea.
Yes, I could add the code to my theme, however I wouldn’t benefit from the features your plugin provides. Such as enabling tracking for administrator users, as an example.
Thanks for replying!
