For added security, it would be useful to be able to only allow particular users to login from white listed IP addresses.
Maybe we should think of a mechanism to prevent that e.g. non advanced users could lock their-selves or more worse all users for ever from their piwik installation....
this could happen
Thanks for adding this useful feature. As I maintain a site where anonynmous access to dashboard is allowed, login is restricted for specific users only, it would be great if this feature could be enhanced to restrict the display of the login form only - currently this has to be done via vhost-config, which isnt the most usable way:
<LocationMatch /piwik/.*Login.*> Order deny, allow Allow from ..... </LocationMatch>
@mattab just discovered that if
login_whitelist_ip is set, WordPress backend cannot be accessed if Piwik plugin is active & features from "show statistics" tab are enabled. If you disable e.g. "Dashboard graph:", you can access the backend, the Piwik plugin settings page is still unaccessible if you have not whitelisted the IP too.
So in my opinion securing the login form only would be a better solution as this would not break the Piwik WordPress plugin for other users not whitelisted.
@robertharm Thanks for the feedback. Could you please create a new issue to note your various suggestions? as we'd like to follow up but this issue is closed. thanks
please help if i want to setup my account to login from a particular IP address how its done?
ANy update on this
As mentioned above see this FAQ: https://matomo.org/faq/how-to/faq_25543/