Network site / Report Access

Resolved

Jan

(@locke85)

Hi there,

I’m running a WordPress multisite with WP Matomo enabled for both the main (siteID 1) and for network sites.

Issue: Chrome generates a “Dangerous site” error for site admins on their network site after clicking the Report- or Tag Manager link from the WordPress admin sidebar.

Interpretation: When looking at the address bar, the URL reveals the siteID of the main site, rather than the ID of the network site. The URL should say site ID “6” rather than “1”.

When a super admin opens the same links, the error messages do not occur.

I’m also attaching the system report for your convenience.

Any advice would be much appreciated.

Best,

Jan

—system report—

` wp-core

version: 6.7.1
site_language: de_DE_formal
user_language: en_US
timezone: Europe/Berlin
permalink: /%category%/%postname%/
https_status: true
multisite: true
user_registration: false
blog_public: 0
default_comment_status: open
environment_type: production
site_id: 6
site_count: 5
network_count: 1
user_count: 61
dotorg_communication: true wp-active-theme

name: GeneratePress Child for LP (generatepress_child_lp)
version: 0.1
author: Tom Usborne
author_website: https://tomusborne.com
parent_theme: GeneratePress (generatepress)
theme_features: core-block-patterns, widgets-block-editor, automatic-feed-links, post-thumbnails, post-formats, woocommerce, title-tag, html5, customize-selective-refresh-widgets, align-wide, responsive-embeds, editor-color-palette, custom-logo, menus, editor-styles, editor-style, widgets
theme_path: /home/wp/disk/wordpress/wp-content/themes/generatepress_child_lp
auto_update: Disabled wp-parent-theme

name: GeneratePress (generatepress)
version: 3.5.1
author: Tom Usborne
author_website: https://tomusborne.com
theme_path: /home/wp/disk/wordpress/wp-content/themes/generatepress
auto_update: Disabled wp-themes-inactive (9)

GeneratePress Child: version: 0.1, author: Tom Usborne, Auto-updates disabled
GeneratePress Child for LS: version: 0.1, author: Tom Usborne, Auto-updates disabled
GeneratePress Child for SEO: version: 0.1, author: Tom Usborne, Auto-updates disabled
GeneratePress Child for eRecruiting: version: 0.1, author: Tom Usborne, Auto-updates disabled
Twenty Twenty-Five: version: 1.0, author: the WordPress team, Auto-updates disabled
Twenty Twenty-Four: version: 1.3, author: the WordPress team, Auto-updates disabled
Twenty Twenty-One: version: 2.4, author: the WordPress team, Auto-updates disabled
Twenty Twenty-Three: version: 1.6, author: the WordPress team, Auto-updates disabled
Twenty Twenty-Two: version: 1.9, author: the WordPress team, Auto-updates disabled wp-plugins-active (24)

Better Search Replace: version: 1.4.7, author: WP Engine, Auto-updates disabled
Chained Quiz: version: 1.3.2.9, author: Kiboko Labs, Auto-updates disabled
Contact Form 7: version: 6.0.2, author: Takayuki Miyoshi, Auto-updates disabled
Email Log: version: 2.4.9, author: Sudar, Auto-updates disabled
Email Templates: version: 1.4.4, author: wpexpertsio, Auto-updates disabled
Font Awesome: version: 4.5.0, author: Font Awesome, Auto-updates disabled
GenerateBlocks: version: 1.9.1, author: Tom Usborne, Auto-updates disabled
GenerateBlocks Pro: version: 1.7.1, author: Tom Usborne, Auto-updates disabled
GP Premium: version: 2.5.0, author: Tom Usborne, Auto-updates disabled
Lightbox for Gallery & Image Block: version: 1.15, author: Johannes Kinast [email protected], Auto-updates disabled
Loco Translate: version: 2.6.14, author: Tim Whitlock, Auto-updates disabled
Matomo Analytics - Ethical Stats. Powerful Insights.: version: 5.1.7, author: Matomo, Auto-updates disabled
MemberPress Account Nav Tabs: version: 1.0.0, author: Caseproof, LLC (latest version: 1.0.3), Auto-updates disabled
MemberPress Courses: version: 1.3.9, author: Caseproof LLC (latest version: 1.4.1), Auto-updates disabled
MemberPress Developer Tools: version: 1.2.15, author: Caseproof, LLC (latest version: 1.3.3), Auto-updates disabled
MemberPress Importer: version: 1.6.8, author: Caseproof, LLC (latest version: 1.6.19), Auto-updates disabled
MemberPress Math CAPTCHA: version: 1.1.8, author: Caseproof, LLC (latest version: 1.1.10), Auto-updates disabled
MemberPress PDF Invoice: version: 1.1.17, author: Caseproof, LLC (latest version: 1.1.31), Auto-updates disabled
MemberPress Pro: version: 1.9.39, author: Caseproof, LLC (latest version: 1.11.37), Auto-updates disabled
Network Media Library: version: 1.5.0, author: John Blackbourn, Dominik Schilling, Frank Bültge, Auto-updates disabled
WordPress Importer: version: 0.8.3, author: wordpressdotorg, Auto-updates disabled
WP Armour - Honeypot Anti Spam: version: 2.2.05, author: Dnesscarkey, Auto-updates disabled
Yoast SEO: version: 24.1, author: Team Yoast (latest version: 24.2), Auto-updates disabled
Zapier for WordPress: version: 1.5.1, author: Zapier, Auto-updates disabled wp-plugins-inactive (20)

Borlabs Cookie - Cookie Opt-in: version: 2.2.13, author: Benjamin A. Bornschein, Borlabs, Auto-updates disabled
Connect Matomo: version: 1.0.30, author: André Bräkling, Auto-updates disabled
Flamingo: version: 2.5, author: Takayuki Miyoshi, Auto-updates disabled
GenerateCloud: version: 1.0.0, author: Tom Usborne, Auto-updates disabled
Lightweight Social Icons: version: 1.1, author: Thomas Usborne, Auto-updates disabled
MailPoet: version: 5.5.2, author: MailPoet, Auto-updates disabled
Make Connector: version: 1.5.8, author: Celonis s.r.o., Auto-updates disabled
MemberPress MailPoet: version: 1.2.4, author: Caseproof, LLC, Auto-updates disabled
Seriously Simple Podcasting: version: 3.7.1, author: Castos, Auto-updates disabled
Simple Local Avatars: version: 2.8.3, author: 10up, Auto-updates disabled
SQL Buddy: version: 1.0.0, author: Delicious Brains, Auto-updates disabled
User Role Editor: version: 4.64.4, author: Vladimir Garagulya, Auto-updates disabled
User Submitted Posts: version: 20241026, author: Jeff Starr, Auto-updates disabled
webGefährte Custom Functionality Plugin: version: 1.6.3, author: Jan (webGefährte), Auto-updates disabled
WG SEO Chat: version: 2.0, author: Jan (Webgefährte), Auto-updates disabled
WG Sharing News: version: 1.0, author: Jan (Webgefährte), Auto-updates disabled
WP-Sweep: version: 1.1.8, author: Lester 'GaMerZ' Chan, Auto-updates disabled
WP File Manager: version: 8.0, author: mndpsingh287, Auto-updates disabled
WP Mail SMTP: version: 4.3.0, author: WP Mail SMTP, Auto-updates disabled
Yoast SEO Premium: version: 24.1, author: Team Yoast, Auto-updates disabled wp-media

image_editor: WP_Image_Editor_Imagick
imagick_module_version: 1691
imagemagick_version: ImageMagick 6.9.11-60 Q16 x86_64 2021-01-25 https://imagemagick.org
imagick_version: 3.7.0
file_uploads: 1
post_max_size: 2000M
upload_max_filesize: 2000M
max_effective_size: 2 GB
max_file_uploads: 250
imagick_limits:
imagick::RESOURCETYPE_AREA: 8 GB
imagick::RESOURCETYPE_DISK: 9.2233720368548E+18
imagick::RESOURCETYPE_FILE: 768
imagick::RESOURCETYPE_MAP: 8 GB
imagick::RESOURCETYPE_MEMORY: 4 GB
imagick::RESOURCETYPE_THREAD: 1
imagick::RESOURCETYPE_TIME: 9.2233720368548E+18
imagemagick_file_formats: 3FR, 3G2, 3GP, AAI, AI, APNG, ART, ARW, AVI, AVIF, AVS, BGR, BGRA, BGRO, BIE, BMP, BMP2, BMP3, BRF, CAL, CALS, CANVAS, CAPTION, CIN, CIP, CLIP, CMYK, CMYKA, CR2, CR3, CRW, CUR, CUT, DATA, DCM, DCR, DCX, DDS, DFONT, DJVU, DNG, DOT, DPX, DXT1, DXT5, EPDF, EPI, EPS, EPS2, EPS3, EPSF, EPSI, EPT, EPT2, EPT3, ERF, EXR, FAX, FILE, FITS, FRACTAL, FTP, FTS, G3, G4, GIF, GIF87, GRADIENT, GRAY, GRAYA, GROUP4, GV, H, HALD, HDR, HEIC, HISTOGRAM, HRZ, HTM, HTML, HTTP, HTTPS, ICB, ICO, ICON, IIQ, INFO, INLINE, IPL, ISOBRL, ISOBRL6, J2C, J2K, JBG, JBIG, JNG, JNX, JP2, JPC, JPE, JPEG, JPG, JPM, JPS, JPT, JSON, K25, KDC, LABEL, M2V, M4V, MAC, MAGICK, MAP, MASK, MAT, MATTE, MEF, MIFF, MKV, MNG, MONO, MOV, MP4, MPC, MPG, MRW, MSL, MSVG, MTV, MVG, NEF, NRW, NULL, ORF, OTB, OTF, PAL, PALM, PAM, PANGO, PATTERN, PBM, PCD, PCDS, PCL, PCT, PCX, PDB, PDF, PDFA, PEF, PES, PFA, PFB, PFM, PGM, PGX, PICON, PICT, PIX, PJPEG, PLASMA, PNG, PNG00, PNG24, PNG32, PNG48, PNG64, PNG8, PNM, POCKETMOD, PPM, PREVIEW, PS, PS2, PS3, PSB, PSD, PTIF, PWP, RADIAL-GRADIENT, RAF, RAS, RAW, RGB, RGBA, RGBO, RGF, RLA, RLE, RMF, RW2, SCR, SCT, SFW, SGI, SHTML, SIX, SIXEL, SPARSE-COLOR, SR2, SRF, STEGANO, SUN, SVG, SVGZ, TEXT, TGA, THUMBNAIL, TIFF, TIFF64, TILE, TIM, TTC, TTF, TXT, UBRL, UBRL6, UIL, UYVY, VDA, VICAR, VID, VIDEO, VIFF, VIPS, VST, WBMP, WEBM, WEBP, WMF, WMV, WMZ, WPG, X, X3F, XBM, XC, XCF, XPM, XPS, XV, XWD, YCbCr, YCbCrA, YUV
gd_version: 2.3.3
gd_formats: GIF, JPEG, PNG, WebP, BMP, AVIF, XPM
ghostscript_version: unknown wp-server

server_architecture: Linux 5.15.0-124-generic x86_64
httpd_software: nginx/1.24.0
php_version: 8.1.31 64bit
php_sapi: fpm-fcgi
max_input_variables: 10000
time_limit: 300
memory_limit: 1024M
max_input_time: 300
upload_max_filesize: 2000M
php_post_max_size: 2000M
curl_version: 7.81.0 OpenSSL/3.0.2
suhosin: false
imagick_availability: true
pretty_permalinks: true
htaccess_extra_rules: true
current: 2025-01-07T14:01:47+00:00
utc-time: Tuesday, 07-Jan-25 14:01:47 UTC
server-time: 2025-01-07T15:01:46+01:00 wp-database

extension: mysqli
server_version: 10.11.10-MariaDB-ubu2204
client_version: mysqlnd 8.1.31
max_allowed_packet: 1073741824
max_connections: 200 wp-constants

WP_HOME: https://webgefaehrte.de
WP_SITEURL: https://webgefaehrte.de
WP_CONTENT_DIR: /home/wp/disk/wordpress/wp-content
WP_PLUGIN_DIR: /home/wp/disk/wordpress/wp-content/plugins
WP_MEMORY_LIMIT: 1024M
WP_MAX_MEMORY_LIMIT: 1024M
WP_DEBUG: true
WP_DEBUG_DISPLAY: false
WP_DEBUG_LOG: true
SCRIPT_DEBUG: false
WP_CACHE: false
CONCATENATE_SCRIPTS: undefined
COMPRESS_SCRIPTS: undefined
COMPRESS_CSS: undefined
WP_ENVIRONMENT_TYPE: undefined
WP_DEVELOPMENT_MODE: undefined
DB_CHARSET: utf8
DB_COLLATE: undefined wp-filesystem

wordpress: writable
wp-content: writable
uploads: writable
plugins: writable
themes: writable
fonts: not writable

This topic was modified 1 year, 4 months ago by Jan.

The page I need help with: [log in to see the link]

Viewing 8 replies - 1 through 8 (of 8 total)

Plugin Support dizzyatinnocraft
(@dizzyatinnocraft)

1 year, 4 months ago

The idSite in that link is not the ID of the WordPress multisite but the ID of the mapped row in the Matomo site table. Since WordPress install each blog in a multisite setup into their own tables, the Matomo site table for each WordPress site will only have one entry. That is why the ID is always 1.

Can you expand the details section in those screenshots and post what they display?

Thread Starter Jan
(@locke85)

1 year, 4 months ago

Sure, this is the explanation behind the “Details” -button:

Chrome has built-in safety features to protect you while you browse – like Google Safe Browsing, which recently found phishing on the site that you tried visiting. Phishing sites pretend to be other sites to trick you.

Even sites that are normally safe are sometimes compromised by attackers. Let us know if you think that there’s been a mistake and that this site doesn’t pose a danger.
Only visit this unsafe site if you’re sure you understand the risks.

Plugin Support dizzyatinnocraft
(@dizzyatinnocraft)

1 year, 4 months ago

Does the “recently found phishing” link have any relevant details? Can you tell me your reasoning for thinking the idSite=… parameter is the cause of the problem?

Do you know if your website has been reported as unsafe to chrome/google in some way?
Plugin Support dizzyatinnocraft
(@dizzyatinnocraft)

1 year, 4 months ago
@locke85 if you want to test whether the problem is the idSite parameter, we can try the following:
- add the following code to the top of /path/to/wordpress/wp-content/plugins/matomo/app/bootstrap.php
```
if ( isset( $_GET['mtmsid'] ) ) {
	$_GET['idSite'] = $_GET['mtmsid'];
}
```
- then replace idSite= with mtmsid= in the URL and see if its still blocked
Thread Starter Jan
(@locke85)

1 year, 4 months ago

@dizzyatinnocraft the remark regarding the site ID was nothing but a cold guess. Meanwhile, I tried to replicate the “Dangerous site” error with the red background color…

(a) on a different computer – no luck

(b) on the same computer in a different browser – Safari reports a red screen also but no error message

(c) Then I checked the “recently found phishing” and the “this is an unsafe site” links for details – both come back with “no data”.

(d) Then I modified the URL as suggested – again, after testing (a) and (b) not sure if the siteID is the root cause.

Finally, I found this FAQ page that talks about a similar issue. Can you tall the difference between a “dangerous site” and a “Deceptive site” and whether it is with exploring the two option described on this page?

Thanks,

Jan
Plugin Support dizzyatinnocraft
(@dizzyatinnocraft)

1 year, 4 months ago
Hi @locke85, I checked on https://transparencyreport.google.com/safe-browsing/search and it looks like Google has flagged the entire domain as suspicious. I don’t know why it doesn’t always trigger the warning (it didn’t when I loaded the site in Chrome myself), but it seems to be more of an issue with the site itself, possibly not just Matomo.

In case the link above doesn’t display a warning for you, this is what I see:
```
Some pages on this site are unsafe

The site REDACTED contains harmful content, including pages that:

    Try to trick visitors into sharing personal info or downloading software

Unsafe content might only appear on some pages of a website. Check the URL of the specific directory or webpage you want to visit for more detailed safety info. 
```
If I put in a Matomo specific URL I don’t see any issues in the search. Perhaps checking individual pages of your website might lead to more detail?

If you can’t find anything, you might want to report it as a false positive using https://safebrowsing.google.com/safebrowsing/report_error/?hl=en.
Plugin Support dizzyatinnocraft
(@dizzyatinnocraft)

1 year, 4 months ago

Hi, @locke85 were you able to find the issue?

Plugin Support dizzyatinnocraft
(@dizzyatinnocraft)

1 year, 4 months ago

Marking this as resolved since there hasn’t been a response since the last update.

Viewing 8 replies - 1 through 8 (of 8 total)

The topic ‘Network site / Report Access’ is closed to new replies.

Tags