At first:
I got a matomo on premise installation which i wanna use to track the (wordpress) webpages of my customers.
By using the matomo plugin for wordpress i need an auth token to connect the plugin with my matomo installation.
In earlier versions it was possible to create a user for the customer and use the auth token by using a non existing / same mail address.
But currently it is only possible to invite users instead of creating directly one.
Also there is no possibility that a more than a user does have the same mail address.
Now i can use the auth token from the admin but the customer is able to read the token in wordpress which is a huge security hole.
So how it is possible to create a user without invite and a duplicated mail address to generate an auth token just to access one page?
4 posts - 2 participants